1. Your company is planning on AWS(Amazon Web Service) on hosting its AWS(Amazon Web Service) resources. There is a company policy which mandates that all security keys are completed managed within the company Itself. Which of the following is the correct measure of following this policy? Please select:

A) Use the EC2 Key pairs that come with AWS
B) Generating the key pairs for the EC2 Instances using puttygen
C) Using the AWS(Amazon Web Service) KMS service for creation of the keys and the company managing the key lifecycle thereafter.
D) Use S3 server-side encryption



2. Company policy requires that all insecure server protocols, such as FTP, Telnet, HTTP, etc be disabled on all servers. The security team would like to regularly check all servers to ensure compliance with this requirement by using a scheduled Cloud Watch event to trigger a review of the current Infrastructure. What process will check compliance of the company's EC2 instances?

A) Run an Amazon Inspector assessment using the Runtime Behavior Analysis rules package against every EC2
B) Query the Trusted Advisor API for all best practice security checks and check for action recommended' status.
C) Trigger an AWS(Amazon Web Service) Configure Rules evaluation of the restricted-common-ports rule against every EC2 instance
D) Enable a Guard Duty threat detection analysis targeting the port configuration on every EC2 instance.



3. Your developer is using the KMS service and an assigned key in their Java program. They get the below erro when running the code arn:aws:iam::1 1374538871 2:user!UserB Is not authorized to perform: kms:DescribeKey Which of the following could help resolve the issue? Please select:

A) Ensure that User B is given the right lAM role to access the key
B) Ensure that User B is given the right permissions in the Bucket policy
C) Ensure that User B Is given the right permissions In the lAM policy
D) Ensure that User B is given the right permissions in the Key policy



4. In your LAMP application, you have some developers that say they would like access to your logs. However, since you are using an AWS(Amazon Web Service) Auto Scaling group, your Instances are constantly being re-created. What would you do to make sure that these developers can access these log files? Choose the correct answer from the options below Please select?

A) Give read-only access to your developers to the Apache servers.
B) Give only the necessary access to the Apache servers so that the developers can gain access to the log files
C) Give root access to your Apache servers to the developers
D) Set up a central logging server that you can use to archive your logs; archive these logs to an S3 bucket for developer-access



5. Your company has an external web site. This web site needs to access the objects in an S3 bucket. Which of the following would allow the web site to access the objects in the most secure manner? Please select:

A) Grant public access for the bucket via the bucket policy
B) Use the aws:Referer key in the condition clause for the bucket policy
C) Use the aws:sites key in the condition clause for the bucket policy
D) Grant a role that can be assumed by the web site