A company needs to use HTTPS when connecting to its web applications to meet compliance requirements.
These web applications run in Amazon VPC on Amazon EC2 instances behind an Application Load Balancer
(ALB). A security engineer wants to ensure that the load balancer win only accept connections over port 443. even if the ALB is mistakenly configured with an HTTP listener
Which configuration steps should the security engineer take to accomplish this task?
A company uses a third-party identity provider and SAML-based SSO for its AWS accounts. After the
third-party identity provider renewed an expired signing certificate, users saw the following message when
trying to log in:
Error: Response Signature Invalid (Service: AWSSecurityTokenService; Status Code: 400; Error Code:
InvalidldentityToken)
A security engineer needs to provide a solution that corrects the error and min-imizes operational overhead.
Which solution meets these requirements?
A company manages multiple IAM accounts using IAM Organizations. The company's security team notices
that some member accounts are not sending IAM CloudTrail logs to a centralized Amazon S3 logging bucket.
The security team wants to ensure there is at least one trail configured (or all existing accounts and for any
account that is created in the future.
Which set of actions should the security team implement to accomplish this?
A security team is working on a solution that will use Amazon EventBridge (Amazon CloudWatch Events) to
monitor new Amazon S3 objects. The solution will monitor for public access and for changes to any S3 bucket
policy or setting that result in public access. The security team configures EventBridge to watch for specific
API calls that are logged from AWS CloudTrail. EventBridge has an action to send an email notification
through Amazon Simple Notification Service (Amazon SNS) to the security team immediately with details of
the API call.
Specifically, the security team wants EventBridge to watch for the s3:PutObjectAcl, s3:DeleteBucketPolicy,
and s3:PutBucketPolicy API invocation logs from CloudTrail. While developing the solution in a single
account, the security team discovers that the s3:PutObjectAcl API call does not invoke an EventBridge event.
However, the s3:DeleteBucketPolicy API call and the s3:PutBucketPolicy API call do invoke an event.
The security team has enabled CloudTrail for AWS management events with a basic configuration in the AWS
Region in which EventBridge is being tested. Verification of the EventBridge event pattern indicates that the
pattern is set up correctly. The security team must implement a solution so that the s3:PutObjectAcl API call
will invoke an EventBridge event. The solution must not generate false notifications.
Which solution will meet these requirements?
Quickly grab our SCS-C02 product now and kickstart your exam preparation today!
Name: | AWS Certified Security Specialty |
Exam Code: | SCS-C02 |
Certification: | AWS Certified Specialty |
Vendor: | Amazon |
Total Questions: | 481 |
Last Updated: | Apr 22, 2024 |
© Copyright https://certsexpert.com 2015- 2024, All Rights Are Reserved.