AWS Certified Security – Specialty Set2

Welcome to AWS Certified Security - Specialty Set2.


1. Which of the following IAM Policies can you change to update them when the needs of your organization change? (Choose 2)
2. Which feature of AWS would you use to configure consolidate billing, group your AWS accounts into logical groupings for access control and attach Service Control Policies?
3. What is meant by the "principal" in relation to AWS and permissions?
4. Last week you created a Vault Lock Policy to prevent archived files from being deleted unless they are over 2 years old. But now your CTO has changed their mind and only wants to keep the archives for 1 year. What is your recommended approach?
5. How would you go about enforcing a mandatory 5 year retention policy on your Glacier archives?
6. You would like to give a user temporary access to a single object in your S3 bucket, which of the following is the most secure way to do this?
7. Which of the following does AWS IAM enable you to do? (Choose 4)
8. The AWS STS API supports which of the following methods of access? (Choose 3)
9. You have created an S3 bucket policy which denies access to all users. Later on you add an additional statement to the bucket policy to allow read only access to one of your colleagues, however even after updating the policy, your colleague is still getting an access denied message. What is the reason for this?
10. Which kind of AWS IAM Policy would you use if you strictly want to attach the policy to a single user and be certain that it cannot be accidentally attached to any other user?
11. You would like to restrict access to S3 across a number of different AWS accounts in your organization. Which AWS feature can you use to do this?
12. Which of the following is correct in relation to Service Control Policies? (Choose 2)
13. Which of the following policies work in combination to define who or what can an access an S3 bucket? (Choose 2)
14. Which of the following steps would you need to complete in order to configure Cross Region Replication where source and destination buckets are owned by different accounts?
15. Which of the following policy types is created and managed completely by AWS?
16. The root administrator has left your company, what should you do to ensure your AWS account is secure? (Choose 4)
17. Which of the following best describes a Glacier Vault?
18. You are configuring a CloudFront web distribution for your website hosted in S3. Your marketing team has already purchased a registered domain name that they would like to use for the new website. Which kind of SSL certificate would you use in this configuration?
19. Which of the following approaches would you use to enable an application running on EC2 to read objects located in an S3 bucket?
20. Which of the following can you achieve using Amazon Cognito? (Choose 2)
21. You have created a website hosted in S3 and configured a CloudFront web distribution. Which steps do you need to take to force your users to access your site using CloudFront and not directly using the S3 url? (Choose 3)
22. Which of the following mechanisms would you use to apply fine grained permissions on an object in S3?
23. What is a permissions boundary used for?
24. Which of the following would you use to define the IAM permissions which specify what can be done and what actions can be taken against resources in your AWS environment?
25. You have created a new s3 bucket and you want to force users to use HTTPS when uploading objects to your bucket, which approach should you use?
26. Which of the following statements is correct in relation to user federation with Active Directory? (Choose 2)
27. Which of the following statements is correct in relation to S3 cross-region replication?
28. To which of the following entities can you attach an IAM Policy? (Choose 2)
29. Which of the following types of IAM Policy is created and administered by you and can be attached to multiple users, groups or roles within your account?
30. Which AWS API gets called used when a user accesses AWS using their Active Directory credentials?
31. You have configured Cross Region Replication on your S3 bucket and would like to enforce the use of SSL. How would you approach this?
32. You have created a new user and given them the following IAM permissions: s3:Get* and s3:List* for all S3 resources. Which of the following statements is correct? (Choose 2)
33. Which four things are returned by GetFederationToken when a user successfully logs to AWS in using their Active Directory credentials?


Leave a Reply

Your email address will not be published. Required fields are marked *