AWS Certified Security – Specialty Set5

Welcome to AWS Certified Security - Specialty Set5.


1. You are configuring an Elastic Load Balancer for a highly secure environment, which has a strict requirement to secure all network connections end-to-end. How can you avoid exposing your data in plain text at any time?
2. You have an EC2 host in a private subnet which needs to access S3. Which of the following is the most secure way to enable access to the S3 bucket?
3. Which of the following statements is correct in relation to NACLs? (Choose 2)
4. Which of the following would you use to block inbound network traffic from a known IP address range from reaching your VPC subnet?
5. You have 3 VPCs (A, B and C). You have configured VPC peering between VPC A and VPC B, and between VPC A and VPC C. You now have a requirement for instances in VPC B to communicate with VPC C. What should you do?
6. You have a number of instances in a private subnet in your VPC, which need to access the internet. You have added a NAT Gateway to the VPC and added a Security Group rule allowing outbound internet traffic, however internet access is still not working. What could the problem be?
7. How can you securely enable an EC2 instance in a private subnet to access the internet to download security patches for software running on your instance?
Which of the following statements is correct in relation to Security Groups? (Choose 2)

9. How can you enable instances in one VPC to communicate with instances in another VPC without sending traffic across the public internet?
10. Your web application is running a CPU heavy workload and you want to add a Load Balancer to distribute HTTPS requests across a number of EC2 instances based on headers in the HTTP Request. Which of the following options should you select to give the best performance for your application?
11. You have configured a Network ACL to allow outbound access allowing all the EC2 instances in your subnet to download application updates accessed over the internet from a trusted third party using port 443. However your instances are still not able to download any updates. What could the problem be?
12. Which of the following can be accomplished using VPC Flow Logs?
13. You need to access the EC2 instances in your private subnet using SSH, which of the following is the most secure approach?


Leave a Reply

Your email address will not be published. Required fields are marked *