Amazon AWS Certified Security - Specialty - AWS-Security-Specialty FREE EXAM DUMPS QUESTIONS & ANSWERS

A. Put thp metadata in thp S3 hurkpf itself. B. Put the metadata in a DynamoDB table and ensure the table is encrypted during creation time. C. Put the metadata as metadata for each object in the S3 bucket and then enable S3 Server side encryption. D. Put the metadata as metadata for each object in the S3 bucket and then enable S3 Server KMS encryption.

A. Use S3 Encryption B. Encrypt the EBS volumes of the underlying EC2 Instances C. Use SSL/TLS for encrypting the data D. Use IAM KMS Customer Default master key

A. Use KMS keys with the right permissions to interact with DynamoDB and assign it to the EC2 Instance B. Use IAM Access Keys with the right permissions to interact with DynamoDB and assign it to the EC2 Instance C. Use IAM Roles with permissions to interact with DynamoDB and assign it to the EC2 Instance D. Use IAM Access Groups with the right permissions to interact with DynamoDB and assign it to the EC2 Instance

A. Enable Amazon Inspector and configure it to scan all Regions for the CIS IAM Foundations Benchmarks. Then enable IAM Security Hub and configure it to ingest the Amazon Inspector findings B. Enable Amazon Inspector and configure it to scan all Regions for the CIS IAM Foundations Benchmarks. Then enable IAM Shield in all Regions to protect the account from DDoS attacks. C. Enable IAM Config and set it to record all resources in all Regions and global resources. Then enable IAM Security Hub and confirm that the CIS IAM Foundations compliance standard is enabled D. Enable IAM Config and set it to record all resources in all Regions and global resources Then enable Amazon Inspector and configure it to enforce CIS IAM Foundations Benchmarks using IAM Config rules.

A. Route all traffic through a TCP listener on a Classic Load Balancer, and terminate the TLS connection on the EC2 instances. B. Offload SSL termination onto an SSL listener on a Classic Load Balancer, and use a TCP connection between the load balancer and the EC2 instances. C. Offload SSL termination onto an SSL listener using an Application Load Balancer, and re-spawn and SSL connection between the load balancer and the EC2 instances. D. Create an HTTPS listener using an Application Load Balancer, and route all of the communication through that load balancer.

A. Enable IAM Systems Manager in the IAM Management Console and configure for access to EC2 instances using the default AmazonEC2RoleforSSM role. Install the Systems Manager Agent on all EC2 Linux instances that need interactive access. Configure IAM user policies to allow development team access to the Systems Manager Session Manager and attach to the team's IAM users. B. Enable IAM Systems Manager in the IAM Management Console and configure to access EC2 instances using the default AmazonEC2RoleforSSM role Install the Systems Manager Agent on all EC2 Linux instances that need interactive access. Configure IAM policies to allow development team access to the EC2 console and attach to the teams IAM users. C. Enable console SSH access in the EC2 console. Configure IAM user policies to allow development team access to the IAM Systems Manager Session Manager and attach to the development team's IAM users. D. Enable IAM Systems Manager in the IAM Management Console and configure to access EC2 instances using the default AmazonEC2RoleforSSM role. Install the Systems Manager Agent on all EC2 Linux instances that need interactive access. Configure a security group that allows SSH port 22 from all published IP addresses. Configure IAM user policies to allow development team access to the IAM Systems Manager Session Manager and attach to the team's IAM users.

A. Update the existing bucket policy in the Amazon S3 console to allow the security engineers principal to perform GetBucketPolicy, and then update the log file prefix in the CloudTrail console B. Update the existing bucket policy in the Amazon S3 console with the new log file prefix, and then update the log file prefix in the CloudTrail console. C. Create a new trail with the updated log file prefix, and then delete the original nail Update the existing bucket policy in the Amazon S3 console with the new log the prefix, and then update the log file prefix in the CloudTrail console D. Update the existing bucket policy in the Amazon S3 console to allow the security engineers principal to perform PutBucketPolicy. and then update the log file prefix in the CloudTrail console

A. The IAM instance profile that is attached to the EC2 instance does not allow the s3 ListBucket action to the S3: bucket in the AWS accounts. B. The KMS key policy that encrypts the object in the S3 bucket does not allow the kms; ListKeys action to the EC2 instance profile ARN. C. The I AM instance profile that is attached to the EC2 instance does not allow the s3 ListParts action to the S3; bucket in the AWS accounts. D. The KMS key policy that encrypts the object in the S3 bucket does not allow the kms Decrypt action to the EC2 instance profile ARN. E. The security group that is attached to the EC2 instance is missing an inbound rule from the S3 managed prefix list over port 443. F. The security group that is attached to the EC2 instance is missing an outbound rule to the S3 managed prefix list over port 443.