1. A company hosts a critical web application on the AWS(Amazon Web Service) Cloud. This is a key revenue generating application for the company. The IT Security team is worried about potential DDos attacks against the web site. The senior management has also specified that immediate action needs to be taken In case of a potential DDos attack. What should be done In this regard?

A) Consider using the AWS(Amazon Web Service) Shield Service
B) Consider using VPC Flow logs to monitor traffic for Dos attack and quickly take actions on a trigger of a potential attack
C) Consider using Cloud watch logs to monitor traffic for DS attack and quickly take actions on a trigger of a potential attack.
D) Consider using the AWS(Amazon Web Service) Shield Advanced Service



2. Your company has an EC2 Instance hosted in AWS. This EC2 Instance hosts an application. Currently this application Is experiencing a number of issues. You need to inspect the network packets to see what the typ of error that is occurring? Which one of the below steps can help address this issue?

A) Use Cloudwatch metric
B) Use the VPC Flow Logs
C) Use another instance. Setup a port to promiscuous mode? and sniff the traffic to analyze the packets
D) Use a network monitoring tool provided by an AWS(Amazon Web Service) partner.



3. You are planning to use AWS(Amazon Web Service) Config to check the configuration of the resources in your AWS(Amazon Web Service) account. You are planning on using an existing lAM role and using it for the AWS(Amazon Web Service) Config resource. Which of the following 0 required to ensure the AWS(Amazon Web Service) config service can work as required? Please select

A) Ensure that there is a user policy in place for the AWS(Amazon Web Service) Config service within the role
B) Ensure that there Is a grant policy In place for the AWS(Amazon Web Service) Conflg service within the role
C) Ensure that there is a trust policy in place for the AWS(Amazon Web Service) Config service within the role
D) Ensure that there is a group policy in place for the AWS(Amazon Web Service) Config service within the role Your answer Is correct.



4. Your IT Security team has advised to carry out a penetration test on the resources in their company?s AWS(Amazon Web Service) Account. This is as part of their capability to analyze the security of the Infrastructure. What should be done first in this regard? Please select:

A) Turn on VPC Flow Logs and carry out the penetration test
B) Use a custom AWS(Amazon Web Service) Marketplace solution for conducting the penetration test
C) Submit a request to AWS(Amazon Web Service) Support
D) Turn on Cloud trail and carry out the penetration test



5. A company hosts critical data in an S3 bucket. Even though they have assigned the appropriate permissions to the bucket, they are still worried about data deletion. What measures can be taken to restrict the risk of data deletion on the bucket. Choose 2 answers from the options given below(Select 2answers)

A) Enable data at rest for the objects in the bucket
B) Enable versioning on the S3 bucket
C) Enable data in transit for the objects In the bucket
D) Enable MFA Delete in the bucket policy