AWS-Certified-Security-Specialty Free Practice Test

- (Exam Topic 2)
An organization is using Amazon CloudWatch Logs with agents deployed on its Linux Amazon EC2 instances. The agent configuration files have been checked and the application log files to be pushed are configured correctly. A review has identified that logging from specific instances is missing.
Which steps should be taken to troubleshoot the issue? (Choose two.)

1. A. Use an EC2 run command to confirm that the “awslogs” service is running on all instances.
2. B. Verify that the permissions used by the agent allow creation of log groups/streams and to put log events.
3. C. Check whether any application log entries were rejected because of invalid time stamps by reviewing/var/cwlogs/rejects.log.
4. D. Check that the trust relationship grants the service “cwlogs.amazonaws.com” permission to write objects to the Amazon S3 staging bucket.
5. E. Verify that the time zone on the application servers is in UTC.

Correct Answer: AB
EC2 run command - can run scripts, install software, collect metrics and log files, manage patches and more. Bringing these two services together - can create CloudWatch Events rules that use EC2 Run Command to perform actions on EC2 instances or on-premises servers.

- (Exam Topic 3)
Your IT Security team has identified a number of vulnerabilities across critical EC2 Instances in the company's AWS Account. Which would be the easiest way to ensure these vulnerabilities are remediated?
Please select:

1. A. Create AWS Lambda functions to download the updates and patch the servers.
2. B. Use AWS CLI commands to download the updates and patch the servers.
3. C. Use AWS inspector to patch the servers
4. D. Use AWS Systems Manager to patch the servers

Correct Answer: D
The AWS Documentation mentions the following
You can quickly remediate patch and association compliance issues by using Systems Manager Run Command. You can tat either instance IDs or Amazon EC2 tags and execute the AWS-RefreshAssociation document or the AWS-RunPatchBaseline document. If refreshing the association or re-running the patch baseline fails to resolve the compliance issue, then you need to investigate your associations, patch baselines, or instance configurations to understand why the Run Command executions did not resolve the problem
Options A and B are invalid because even though this is possible, still from a maintenance perspective it would be difficult to maintain the Lambda functions
Option C is invalid because this service cannot be used to patch servers
For more information on using Systems Manager for compliance remediation please visit the below Link: https://docs.aws.amazon.com/systems-manaeer/latest/usereuide/sysman-compliance-fixing.html
The correct answer is: Use AWS Systems Manager to patch the servers Submit your Feedback/Queries to our Experts

- (Exam Topic 2)
During a recent internal investigation, it was discovered that all API logging was disabled in a production account, and the root user had created new API keys that appear to have been used several times.
What could have been done to detect and automatically remediate the incident?

1. A. Using Amazon Inspector, review all of the API calls and configure the inspector agent to leverage SNS topics to notify security of the change to AWS CloudTrail, and revoke the new API keys for the root user.
2. B. Using AWS Config, create a config rule that detects when AWS CloudTrail is disabled, as well as any calls to the root user create-api-ke
3. C. Then use a Lambda function to re-enable CloudTrail logs and deactivate the root API keys.
4. D. Using Amazon CloudWatch, create a CloudWatch event that detects AWS CloudTrail deactivation and a separate Amazon Trusted Advisor check to automatically detect the creation of root API key
5. E. Then use a Lambda function to enable AWS CloudTrail and deactivate the root API keys.
6. F. Using Amazon CloudTrail, create a new CloudTrail event that detects the deactivation of CloudTrail logs, and a separate CloudTrail event that detects the creation of root API key
7. G. Then use a Lambda function to enable CloudTrail and deactivate the root API keys.

Correct Answer: B
https://docs.aws.amazon.com/config/latest/developerguide/cloudtrail-enabled.html https://docs.aws.amazon.com/config/latest/developerguide/iam-root-access-key-check.html

- (Exam Topic 3)
A company uses a third-party application to store encrypted data in Amazon S3. The company uses another third-party application trial decrypts the data from Amazon S3 to ensure separation of duties Between the applications A Security Engineer warns to separate the permissions using IAM roles attached to Amazon EC2 instances. The company prefers to use native AWS services.
Which encryption method will meet these requirements?

1. A. Use encrypted Amazon EBS volumes with Amazon default keys (AWS EBS)
2. B. Use server-side encryption with customer-provided keys (SSE-C)
3. C. Use server-side encryption with AWS KMS managed keys (SSE-KMS)
4. D. Use server-side encryption with Amazon S3 managed keys (SSE-S3)

Correct Answer: C

- (Exam Topic 3)
A company's Security Team received an email notification from the Amazon EC2 Abuse team that one or more of the company's Amazon EC2 instances may have been compromised
Which combination of actions should the Security team take to respond to (be current modem? (Select TWO.)

1. A. Open a support case with the AWS Security team and ask them to remove the malicious code from the affected instance
2. B. Respond to the notification and list the actions that have been taken to address the incident
3. C. Delete all IAM users and resources in the account
4. D. Detach the internet gateway from the VPC remove aft rules that contain 0.0.0.0V0 from the security groups, and create a NACL rule to deny all traffic Inbound from the internet
5. E. Delete the identified compromised instances and delete any associated resources that the Security team did not create.

Correct Answer: DE