AWS Certified Security - Specialty - Exam Simulator

A company with multiple AWS accounts is using AWS Organizations to manage these accounts. The security team wants to enhance threat detection and incident response across the organization. They plan to implement a centralized logging solution using Amazon CloudWatch Logs and to create custom metric filters that match the patterns of known incidents. When a threat is detected, they want to automate the response by triggering AWS Lambda functions to remediate the issue. To ensure that threat detection events are managed centrally and that appropriate responses are automatically initiated, the team decides to use Amazon EventBridge. Which of the following steps should the security team take to configure integration and incident response using Amazon EventBridge, without adding unnecessary complexity or permissions?

A company is using AWS for their production environment, where they have multiple EC2 instances, S3 buckets and RDS databases in use. They want to aggregate all logs into a central repository for analysis to improve security through better visibility. To automate the process of normalizing, parsing, and correlating these logs for consistent formatting and simplified analysis, they are planning on leveraging AWS services. Which of the following approaches using AWS Lambda is most appropriate for meeting their need to analyze security logs in a cost-effective and scalable way?

A company has deployed its critical application across multiple EC2 instances within a VPC. Recently, there have been reports of atypical network behavior and potential security issues affecting the application's performance. As a security specialist tasked with investigating this issue, you decide to use AWS services to capture and analyze the traffic to and from the affected EC2 instances without impacting their performance or network throughput. Which AWS feature would you use to accomplish this task?

A developer at a company attempted to deploy an application on AWS using an IAM user account. The application needed to write logs to an Amazon S3 bucket; however, the deployment failed with an 'Access Denied' error when trying to write to the bucket. After reviewing the IAM policy attached to the user, the developer discovered that the policy provided the necessary 's3:PutObject' permission for the bucket. Upon further investigation, the developer found no explicit deny in the IAM policy that could have caused the error. Which of the following could be the MOST likely reason for the observed 'Access Denied' error?

A financial services company is migrating its relational database workloads to AWS and has chosen Amazon Aurora as their database service because of its high performance and availability. The company's chief information security officer (CISO) has emphasized the importance of securing sensitive customer data at rest to comply with stringent financial industry regulations. The CISO is considering various encryption options to ensure data confidentiality and integrity. Which encryption technique should be used to meet the company's business requirements for encrypting data at rest in Amazon Aurora?

Your company is utilizing AWS for their critical web application and relies heavily on the AWS network infrastructure for protection against DDoS attacks. You, as a security specialist, have been tasked to ensure that all the AWS accounts under organizational units (OUs) comply with the company's strict security policies, which include DDoS protection for all resources. You need to deploy a solution that automates the application of DDoS protection policies and integrates with AWS Shield Advanced for additional protection. Which AWS service should you implement to meet this requirement while adhering to the security governance domain and ensuring a secure and consistent deployment strategy for cloud resources?