AWS Certified Security – Specialty Set 7

Welcome to AWS Certified Security - Specialty Set 7.

Please enter your email details to get QUIZ Details on your email id.

Click on Next Button to proceed.

1. You have configured a Lambda function to deal with unauthorized EC2 instances by terminating them immediately. A number of unauthorized EC2 instances were created in your account over the weekend which has triggered a number of CloudWatch Events. However by Monday morning, these instances are still running and have not been terminated. What could be the reason for this? (Choose 2)
2. Which of the following policies would you use to define which AWS resources are permitted to invoke a Lambda function?
3. You are trying to configure Active Directory Federation to allow your AD users to access your AWS resources. You cannot get it to work as expected. You are reviewing the CloudTrail Logs to check which STS API calls are being made. Which STS API call should you look out for?
4. Your Lambda function is successfully completing and is returning a status code of 200, however no logs are appearing in CloudWatch Logs. What could be the problem?
5. You are trying to create a public subnet in your VPC you have added an Internet Gateway and configured the relevant Security Groups and Network ACLs, however you are still unable to access any of the web servers in your subnet over the internet. What could be the problem?
6. Your S3 bucket policy allows your IAM user account full access to all S3 resources, however when you try to delete an object from the bucket, you are unable to do so. What could the problem be?
7. You have written a Lambda function designed to attach a restrictive IAM policy denying access to create EC2 instances to any user found to be creating unauthorized Internet Gateways in your secure VPC. However, during testing you find that the function doesn't work as expected and the user's permissions remain the same. Which of the following would you to do to investigate this?
8. Which of the following must be in place in order for an EC2 instance to successfully send logs to CloudWatch logs? (Choose 2)
9. You are attempting to decrypt a file which you have already successfully encrypted using your CMK, however when you try to decrypt you are not authorized to do so. Which policy should you check?
10. You are trying to configure cross account access to enable your development team to access S3 objects in your production account. However when one of your developers performs a test, they are not able to access the objects. What could the problem be? (Choose 2)
11. You have configured a new VPC with a private subnet and added a NAT Gateway and configured the subnet route table to route all internet traffic via the NAT Gateway. However when you try to run a yum update, none of your instances are able to reach the internet. What could be the problem?
12. You are logged into the AWS console and you are attempting to access the CloudWatch dashboard, however you are not able to do so. What could the problem be?

Leave a Reply

Your email address will not be published. Required fields are marked *