Home Guides Blogs Your Exams Certifications

    Exam: AWS Certified Security - Specialty

    Total Questions: 210
    Page of

    You need to the merge the POC branch into the default branch. The solution must meet the technical requirements.
    Which command should you run?
    A. git rebase
    B. git merge --squash
    C. git push
    D. git merge --allow-unrelated-histories
    Answer : A The commit history of the POC branch must replace the history of the default branch. Rebasing is the process of moving or combining a sequence of commits to a new base commit. Rebasing is most useful and easily visualized in the context of a feature branching workflow. The general process can be visualized as the following: Note: The primary reason for rebasing is to maintain a linear project history. For example, consider a situation where the main branch has progressed since you started working on a feature branch. You want to get the latest updates to the main branch in your feature branch, but you want to keep your branch's history clean so it appears as if you've been working off the latest main branch. This gives the later benefit of a clean merge of your feature branch back into the main branch. Why do we want to maintain a "clean history"? The benefits of having a clean history become tangible when performing Git operations to investigate the introduction of a regression. Incorrect: Not B: git-merge - Join two or more development histories together. Squash merging is a merge option that allows you to condense the Git history of topic branches when you complete a pull request. Instead of each commit on the topic branch being added to the history of the default branch, a squash merge adds all the file changes to a single new commit on the default branch. Not D: git merge --allow-unrelated-histories By default, git merge command refuses to merge histories that do not share a common ancestor. This option can be used to override this safety when merging histories of two projects that started their lives independently. As that is a very rare occasion, no configuration variable to enable this by default exists and will not be added.

    You have an Ec2 Instance in a private subnet which needs to access the KMS service. Which of the following methods can help fulfil this requirement, keeping
    security in perspective
    Please select:

    A. Use a VPC endpoint
    B. Attach an Internet gateway to the subnet
    C. Attach a VPN connection to the VPC
    D. Use VPC Peering
    Answer: A

    An application running on EC2 instances must use a username and password to access a database. The developer has stored those secrets in the SSM
    Parameter Store with type SecureString using the default KMS CMK. Which combination of configuration steps will allow the application to access the secrets via
    the API? Select 2 answers from the options below
    Please select:

    A. Add the EC2 instance role as a trusted service to the SSM service role.
    B. Add permission to use the KMS key to decrypt to the SSM service role.
    C. Add permission to read the SSM parameter to the EC2 instance role..
    D. Add permission to use the KMS key to decrypt to the EC2 instance role
    E. Add the SSM service role as a trusted service to the EC2 instance rol
    Answer: CD

    You have a 2 tier application hosted in AWS. It consists of a web server and database server (SQL Server) hosted on separate EC2 Instances. You are devising
    the security groups for these EC2 Instances. The Web tier needs to be accessed by users across the Internet. You have created a web security group(wg-123)
    and database security group(db-345). Which combination of the following security group rules will allow the application to be secure and functional. Choose 2
    answers from the options given below.
    Please select:

    A. wg-123 -Allow ports 80 and 443 from 0.0.0.0/0
    B. db-345 - Allow port 1433 from wg-123
    C. wg-123 - Allow port 1433 from wg-123
    D. db-345 -Allow ports 1433 from 0.0.0.0/0
    Answer: AB

    You want to get a list of vulnerabilities for an EC2 Instance as per the guidelines set by the Center of Internet Security. How can you go about doing this?
    Please select:

    A. Enable AWS Guard Duty for the Instance
    B. Use AWS Trusted Advisor
    C. Use AWS inspector
    D. UseAWSMacie
    Answer: C

    You have enabled Cloudtrail logs for your company's AWS account. In addition, the IT Security department has mentioned that the logs need to be encrypted. How
    can this be achieved?
    Please select:

    A. Enable SSL certificates for the Cloudtrail logs
    B. There is no need to do anything since the logs will already be encrypted
    C. Enable Server side encryption for the trail
    D. Enable Server side encryption for the destination S3 bucket
    Answer: B

    Your development team has started using AWS resources for development purposes. The AWS account has just been created. Your IT Security team is worried
    about possible leakage of AWS keys. What is the first level of measure that should be taken to protect the AWS account.
    Please select:

    A. Delete the AWS keys for the root account
    B. Create 1AM Groups
    C. Create 1AM Roles
    D. Restrict access using 1AM policies
    Answer: A

    Which of the following is used as a secure way to log into an EC2 Linux Instance? Please select:

    A. 1AM User name and password
    B. Key pairs
    C. AWS Access keys
    D. AWS SDK keys
    Answer: B

    A company requires that data stored in AWS be encrypted at rest. Which of the following approaches achieve this requirement? Select 2 answers from the options
    given below.
    Please select:

    A. When storing data in Amazon EBS, use only EBS-optimized Amazon EC2 instances.
    B. When storing data in EBS, encrypt the volume by using AWS KMS.
    C. When storing data in Amazon S3, use object versioning and MFA Delete.
    D. When storing data in Amazon EC2 Instance Store, encrypt the volume by using KMS.
    E. When storing data in S3, enable server-side encryptio
    Answer: BE

    Your company has a set of 1000 EC2 Instances defined in an AWS Account. They want to effectively automate several administrative tasks on these instances.
    Which of the following would be an effective way to achieve this?
    Please select:

    A. Use the AWS Systems Manager Parameter Store
    B. Use the AWS Systems Manager Run Command
    C. Use the AWS Inspector
    D. Use AWS Config
    Answer: B
    Back View All Questions