AWS Certified Security – Specialty Set4

Welcome to AWS Certified Security - Specialty Set4.


1. Under which circumstances would you use a KMS Grant to configure access for a user instead of a Key Policy?
2. Which of the following are valid key rotation options for a CMK which uses imported key material which was generated outside of AWS?
3. You have created a customer managed CMK in us-east-1 region and would like to use it to encrypt data located in eu-west-1, how can you achieve this?
4. Last year, you encrypted a number of files using a CMK that you manage, you now need to access the files. However one of your administrators now tells you that they thought that the CMK was no longer in use so they scheduled it for deletion over a month ago and the key has now been deleted from your account. What can you do to resolve this and get access to your files?
5. Which of the following options are available when you are configuring a Web ACL in AWS WAF? (Choose 3)
6. Which of the following services can you use to block common web exploits like SQL injection and cross-site scripting?
7. Which of the following are valid key rotation options for a customer managed CMK that was generated in KMS?
8. You are running a website on EC2 instances behind an application load balancer. You would like to block any request which come from the following IP address range: which you have identified as malicious. Which of the following approaches could you use to block requests from this IP range? (Choose 2)
9. You would like to temporarily delegate the use of your KMS CMK to another user, which of the following options is the best way to approach this?
10. Which of the following are advantages of importing your own key material into to a CMK? (Choose 2)
11. What is a Policy Condition used for in a Key Policy or IAM Policy?
12. Which of the following are valid key rotation options for an AWS managed CMK?
13. You would like to limit the use of a KMS CMK to requests which originate from S3 only, how would you configure this?


One thought on “AWS Certified Security – Specialty Set4

Leave a Reply

Your email address will not be published. Required fields are marked *