Which of the following are valid configurations for using SSL certificates with Amazon CloudFront? (Select THREE )

ADefault IAM Certificate Manager certificate

BCustom SSL certificate stored in IAM KMS

CDefault CloudFront certificate

DCustom SSL certificate stored in IAM Certificate Manager

EDefault SSL certificate stored in IAM Secrets Manager

FCustom SSL certificate stored in IAM IAM

1 answers

87 votes

1422

A, C, D

Answer Link

Which of the following bucket policies will ensure that objects being uploaded to a bucket called 'demo' are encrypted.
Please select:
A.
B.
C.
D.
The condition of "s3:x-amz-server-side-encryption":"aws:kms" ensures that objects uploaded need to be encrypted.
Options B,C and D are invalid because you have to ensure the condition of ns3:x-amz-server-side-encryption":"aws:kms" is present
For more information on AWS KMS best practices, just browse to the below URL:
Submit your Feedback/Queries to our Expert

AOption A

BOption B

1 answers

96 votes

1207

Answer Link

A company has several workloads running on AWS Employees are required to authenticate using on-premises ADFS and SSO to access the AWS Management Console Developers migrated an existing legacy web application to an Amazon EC2 instance Employees need to access this application from anywhere on the internet but currently, mere is no authentication system but into the application.
How should the Security Engineer implement employee-only access to this system without changing the application?

APlace the application behind an Application Load Balancer (ALB) Use Amazon Cognito as authentication (or the ALB Define a SAML-based Amazon Cognito user pool and connect it to ADFS
implement AWS SSO in the master account and link it to ADFS as an identity provide' Define the EC2 instance as a managed resource, then apply an IAM policy on the resource

BDefine an Amazon Cognito identity pool then install the connector on the Active Directory server Use the Amazon Cognito SDK on the application instance to authenticate the employees using their C. Active Directory user names and passwords

DCreate an AWS Lambda custom authorizer as the authenticator for a reverse proxy on Amazon EC2 Ensure the security group on Amazon EC2 only allows access from the Lambda function.

1 answers

88 votes

912

Answer Link

Auditors tor a health care company have mandated mat all data volumes be encrypted at rest Infrastructure is deployed mainly via AWS CloudFormation however third-party frameworks and manual deployment are required on some legacy systems
What is the BEST way to monitor, on a recurring basis, whether all EBS volumes are encrypted?

AOn a recurring basis, update an IAM user policies to require that EC2 instances are created with an encrypted volume

BConfigure an AWS Config rule lo run on a recurring basis 'or volume encryption

CSet up Amazon Inspector rules tor volume encryption to run on a recurring schedule

DUse CloudWatch Logs to determine whether instances were created with an encrypted volume

1 answers

89 votes

916

Answer Link

You are designing a custom IAM policy that would allow uses to list buckets in S3 only if they are MFA authenticated. Which of the following would best match this requirement?

AOption

BOption

COption

DOption

1 answers

73 votes

1334

Answer Link

Amazon SCS-C01 Quiz:7 Topic:6 Questions:31-35

Free Practice Mock Questions Set 31-35 (Quiz # 7) for Amazon SCS-C01 Exam, according to official Amazon AWS Certified Security - Specialty Exam syllabus topic # 6

Quiz 3

Quiz 4

Quiz 5

Quiz 6

Quiz 7