AWS Certified Security Specialty Practice Exam

Sample Questions:

A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24. The user Is planning to host a web server In the pub subnet with port 80 and a Database server in the private subnet with port 3306. The user is configuring a security group for the public subnet (WebSecGrp) and the private subnet (DBSecGrp). which of the below mentioned entries is required in the private subnet database security group DBSecGrp? Please select

Allow Inbound on port 3306 for Source Web Server Security Group WebSecGrp.

Allow Inbound on port 3306 from source 20.0.0.0/16

Allow Outbound on port 3306 for Destination Web Server Security Group WebSecGrp.

Allow Outbound on port 80 for Destination NAT Instance IP

You are planning to use AWS Config to check the configuration of the resources in your AWS account. You are planning on using an existing lAM role and using it for the AWS Config resource. Which of the following 0 required to ensure the AWS config service can work as required? Please select:

Ensure that there is a trust policy in place for the AWS Config service within the role

Ensure that there Is a grant policy In place for the AWS Conflg service within the role

Ensure that there is a user policy in place for the AWS Config service within the role

Ensure that there is a group policy in place for the AWS Config service within the role

Your developer is using the KMS service and an assigned key in their Java program. They get the below erro when running the code arn:aws:iam::1 1374538871 2:user!UserB Is not authorized to perform: kms:DescribeKey Which of the following could help resolve the issue? Please select:

Ensure that User B is given the right lAM role to access the key

Ensure that User B Is given the right permissions In the lAM policy

Ensure that User B is given the right permissions in the Key policy

Ensure that User B is given the right permissions in the Bucket policy

Your company has an external web site. This web site needs to access the objects in an S3 bucket. Which of the following would allow the web site to access the objects in the most secure manner? Please select:

Grant public access for the bucket via the bucket policy

Use the aws:Referer key in the condition clause for the bucket policy

Use the aws:sites key in the condition clause for the bucket policy

Grant a role that can be assumed by the web site

Your IT Security team has identified a number of vulnerabilities across critical EC2 Instances in the company SWS Account. Which would be the easiest way to ensure these vulnerabilities are remediated? Please select

Create AWS Lambda functions to download the updates and patch the servers.

Use AWS CLI commands to download the updates and patch the servers.

Use AWS Inspector to patch the servers

Use AWS Systems Manager to patch the servers