Get Access to All Our Exams
- 3k+ exams
- Download PDF
- Real Exam Simulation
- Home
- All Exams
- Amazon Exams
- AWS Certified Security - Specialty: AWS Certified Security - Specialty
Free AWS Certified Security - Specialty: AWS Certified Security - Specialty Exam Questions and Answers
Last updated: March 29, 2025
Examtopics AWS Certified Security - Specialty: AWS Certified Security - Specialty Prepaway Real Exam Questions and dumps free download
Click on “Take Real Test” Button to take the exam simuation test and be familiar with the real exam environment.
1318-AWS Certified Security - Specialty: AWS Certified Security - Specialty
#Question
- (Exam Topic 3) An organization has setup multiple IAM users. The organization wants that each IAM user accesses the IAM console only within the organization and not from outside. How can it achieve this? Please select:
A.
Create an IAM policy with VPC and allow a secure gateway between the organization and AWS Console
B.
Configure the EC2 instance security group which allows traffic only from the organization's IP range
C.
Create an IAM policy with a condition which denies access when the IP address range is not from the organization
D.
Create an IAM policy with the security group and use that security group for AWS console login
Correct Answer:
C
AWS Certified Security – Specialty: AWS Certified Security – Specialty
Discussing...
- (Exam Topic 3) An organization has setup multiple IAM users. The organization wants that each IAM user accesses the IAM console only within the organization and not from outside. How can it achieve this? Please select:
#Question
- (Exam Topic 3) A company wants to deploy a distributed web application on a fleet of EC2 instances. The fleet will be fronted by a Classic Load Balancer that will be configured to terminate the TLS connection The company wants to make sure that all past and current TLS traffic to the Classic Load Balancer stays secure even if the certificate private key is leaked. To ensure the company meets these requirements, a Security Engineer can configure a Classic Load Balancer with:
A.
A TCP listener that uses a custom security policy that allows only perfect forward secrecy cipher suites.
B.
An HTTPS listener that uses the latest AWS predefined ELBSecuntyPolicy-TLS-1 -2-2017-01 security policy
C.
An HTTPS listener that uses a custom security policy that allows only perfect forward secrecy cipher suites
D.
An HTTPS listener that uses a certificate that is managed by Amazon Certification Manager.
Correct Answer:
B
AWS Certified Security – Specialty: AWS Certified Security – Specialty
Discussing...
- (Exam Topic 3) A company wants to deploy a distributed web application on a fleet of EC2 instances. The fleet will be fronted by a Classic Load Balancer that will be configured to terminate the TLS connection The company wants to make sure that all past and current TLS traffic to the Classic Load Balancer stays secure even if the certificate private key is leaked. To ensure the company meets these requirements, a Security Engineer can configure a Classic Load Balancer with:
#Question
- (Exam Topic 3) A company is deploying a new web application on AWS. Based on their other web applications, they anticipate being the target of frequent DDoS attacks. Which steps can the company use to protect their application? Select 2 answers from the options given below. Please select:
A.
Use CloudFront and AWS WAF to prevent malicious traffic from reaching the application
B.
Use Amazon Inspector on the EC2 instances to examine incoming traffic and discard malicious traffic.
C.
Use an ELB Application Load Balancer and Auto Scaling group to scale to absorb application layer traffic.
D.
Associate the EC2 instances with a security group that blocks traffic from blacklisted IP addresses.
AWS Certified Security – Specialty: AWS Certified Security – Specialty
Discussing...
- (Exam Topic 3) A company is deploying a new web application on AWS. Based on their other web applications, they anticipate being the target of frequent DDoS attacks. Which steps can the company use to protect their application? Select 2 answers from the options given below. Please select:
#Question
- (Exam Topic 3) You have a set of 100 EC2 Instances in an AWS account. You need to ensure that all of these instances are patched and kept to date. All of the instances are in a private subnet. How can you achieve this. Choose 2 answers from the options given below Please select:
A.
Use the AWS inspector to patch the updates
B.
Ensure an internet gateway is present to download the updates
C.
Use the Systems Manager to patch the instances
D.
Ensure a NAT gateway is present to download the updates
AWS Certified Security – Specialty: AWS Certified Security – Specialty
Discussing...
- (Exam Topic 3) You have a set of 100 EC2 Instances in an AWS account. You need to ensure that all of these instances are patched and kept to date. All of the instances are in a private subnet. How can you achieve this. Choose 2 answers from the options given below Please select:
#Question
- (Exam Topic 3) During a manual review of system logs from an Amazon Linux EC2 instance, a Security Engineer noticed that there are sudo commands that were never properly alerted or reported on the Amazon CloudWatch Logs agent Why were there no alerts on the sudo commands?
A.
The VPC requires that all traffic go through a proxy, and the CloudWatch Logs agent does not support a proxy configuration.
B.
CloudWatch Logs status is set to ON versus SECURE, which prevents it from pulling in OS security event logs
C.
The IAM instance profile on the EC2 instance was not properly configured to allow the CloudWatch Logs agent to push the logs to CloudWatch
D.
There is a security group blocking outbound port 80 traffic that is preventing the agent from sending the logs
Correct Answer:
C
AWS Certified Security – Specialty: AWS Certified Security – Specialty
Discussing...
- (Exam Topic 3) During a manual review of system logs from an Amazon Linux EC2 instance, a Security Engineer noticed that there are sudo commands that were never properly alerted or reported on the Amazon CloudWatch Logs agent Why were there no alerts on the sudo commands?
#Question
- (Exam Topic 3) A company is using a Redshift cluster to store their data warehouse. There is a requirement from the Internal IT Security team to ensure that data gets encrypted for the Redshift database. How can this be achieved? Please select:
A.
Use S3 Encryption
B.
Use SSL/TLS for encrypting the data
C.
Use AWS KMS Customer Default master key
D.
Encrypt the EBS volumes of the underlying EC2 Instances
Correct Answer:
C
AWS Certified Security – Specialty: AWS Certified Security – Specialty
Discussing...
- (Exam Topic 3) A company is using a Redshift cluster to store their data warehouse. There is a requirement from the Internal IT Security team to ensure that data gets encrypted for the Redshift database. How can this be achieved? Please select:
#Question
- (Exam Topic 3) A company wants to ensure that its AWS resources can be launched only in the us-east-1 and us-west-2 Regions. What is the MOST operationally efficient solution that will prevent developers from launching Amazon EC2 instances in other Regions?
A.
Attach an SCP that allows all actions when the aws: Requested Region condition key is either us-east-1 or us-west-2. Delete the FullAWSAccess policy.
B.
Use an organization in AWS Organization
C.
Create alerts to detect unauthorized activity outside us-east-1 and us-west-2.
D.
Enable Amazon GuardDuty in all Region
Correct Answer:
B
AWS Certified Security – Specialty: AWS Certified Security – Specialty
Discussing...
- (Exam Topic 3) A company wants to ensure that its AWS resources can be launched only in the us-east-1 and us-west-2 Regions. What is the MOST operationally efficient solution that will prevent developers from launching Amazon EC2 instances in other Regions?
1318-AWS Certified Security - Specialty: AWS Certified Security - Specialty
AWS Certified Security – Specialty: AWS Certified Security – Specialty
Discussing...
- (Exam Topic 3) An organization has setup multiple IAM users. The organization wants that each IAM user accesses the IAM console only within the organization and not from outside. How can it achieve this? Please select:
AWS Certified Security – Specialty: AWS Certified Security – Specialty
Discussing...
- (Exam Topic 3) A company wants to deploy a distributed web application on a fleet of EC2 instances. The fleet will be fronted by a Classic Load Balancer that will be configured to terminate the TLS connection The company wants to make sure that all past and current TLS traffic to the Classic Load Balancer stays secure even if the certificate private key is leaked. To ensure the company meets these requirements, a Security Engineer can configure a Classic Load Balancer with:
AWS Certified Security – Specialty: AWS Certified Security – Specialty
Discussing...
- (Exam Topic 3) A company is deploying a new web application on AWS. Based on their other web applications, they anticipate being the target of frequent DDoS attacks. Which steps can the company use to protect their application? Select 2 answers from the options given below. Please select:
AWS Certified Security – Specialty: AWS Certified Security – Specialty
Discussing...
- (Exam Topic 3) You have a set of 100 EC2 Instances in an AWS account. You need to ensure that all of these instances are patched and kept to date. All of the instances are in a private subnet. How can you achieve this. Choose 2 answers from the options given below Please select:
AWS Certified Security – Specialty: AWS Certified Security – Specialty
Discussing...
- (Exam Topic 3) During a manual review of system logs from an Amazon Linux EC2 instance, a Security Engineer noticed that there are sudo commands that were never properly alerted or reported on the Amazon CloudWatch Logs agent Why were there no alerts on the sudo commands?
AWS Certified Security – Specialty: AWS Certified Security – Specialty
Discussing...
- (Exam Topic 3) A company is using a Redshift cluster to store their data warehouse. There is a requirement from the Internal IT Security team to ensure that data gets encrypted for the Redshift database. How can this be achieved? Please select:
AWS Certified Security – Specialty: AWS Certified Security – Specialty
Discussing...
- (Exam Topic 3) A company wants to ensure that its AWS resources can be launched only in the us-east-1 and us-west-2 Regions. What is the MOST operationally efficient solution that will prevent developers from launching Amazon EC2 instances in other Regions?
Reviews
This platform is a lifesaver. The practice questions and explanations are so detailed. It’s the best study tool I’ve ever used.
I highly recommend Exam Practice. The feedback after each test helped me improve significantly, and I passed my exams easily.
Exam Practice is worth every penny. The mock exams are realistic, and the feedback helped me focus on key areas.
FAQ
Learn More:
Q1: What are Amazon Certification Exams? A: Amazon Certification Exams validate your expertise in Amazon Web Services (AWS), covering a range of cloud computing skills, including architecture, development, operations, and data analytics. These certifications demonstrate your proficiency in designing, deploying, and managing applications on the AWS platform.
Q2: Why should I pursue Amazon Certification? A: Amazon Certification enhances your professional credibility, showcasing your skills and knowledge in AWS services. This can lead to better job opportunities, higher salaries, and career advancement in the cloud computing and IT industry.
Q3: What are the benefits of Amazon Certification? A: Benefits include recognition as a certified cloud professional, improved job performance, access to exclusive resources, continuing education opportunities, and staying current with the latest AWS technologies and best practices.
Q4: Who should take Amazon Certification Exams? A: IT professionals, cloud architects, developers, system administrators, data analysts, and anyone involved in designing, implementing, and managing cloud solutions on AWS should consider these certifications to validate their expertise and advance their careers.
Q5: What types of Amazon Certification Exams are available? A: Amazon offers various certification paths, including Foundational Level (AWS Certified Cloud Practitioner), Associate Level (AWS Certified Solutions Architect, AWS Certified Developer, AWS Certified SysOps Administrator), Professional Level (AWS Certified Solutions Architect – Professional, AWS Certified DevOps Engineer – Professional), and Specialty Certifications (Security, Big Data, Advanced Networking, and more).
Q6: How do I prepare for Amazon Certification Exams? A: Preparation can include official AWS training courses, study guides, practice exams, online tutorials, and hands-on experience with AWS services and solutions.
Q7: Where can I take Amazon Certification Exams? A: Amazon Certification Exams can be taken online or at authorized testing centers worldwide, providing flexibility to fit your schedule and location.
Q8: How do Amazon Certifications impact my career? A: Amazon Certifications significantly boost your career by demonstrating your expertise to employers, making you a more competitive candidate for advanced roles and promotions in the cloud computing and IT industry.
Q9: Are there any prerequisites for Amazon Certification Exams? A: Some exams may have prerequisites, such as foundational knowledge or prior certifications. Check the specific requirements for each certification path on the AWS Certification website.
Q10: How often do I need to recertify for Amazon Certifications? A: AWS Certifications typically require recertification every three years to ensure that certified professionals stay updated with the latest AWS technologies and industry practices.
Why get certified?
Certifications can lead to high earnings without extensive years of study, but why choose ExamPractice for your preparation? At ExamPractice, we emphasize efficiency. The vastness of the IT industry and the extensive information required for certification can be overwhelming. Some certification providers even offer introductory courses to help candidates navigate their options. Sorting through material can be time-consuming and often irrelevant to exam or job requirements. Many test prep websites fall short, presenting issues like CAPTCHA barriers, subscription fees, outdated materials, and recurring costs.
Why Choose ExamPractice?
Exampractice is highly affordable compared to other websites that charge more and give you less.
ExamPractice stands out due to our commitment to the tech community. We are passionate about technology, certification, and aiding others in their journey. Our platform is entirely free, with no hidden costs. We foster a community of experts and enthusiasts who collaborate to build something remarkable. Whether you need help with challenging topics or want to guide new tech enthusiasts, you contribute to our vibrant community. ExamPractice is user-friendly, searchable, and consistently updated.
Quality and Community
Despite being community-driven, ExamPractice doesn’t compromise on quality. Our exams are meticulously updated, and our expert community ensures the accuracy and relevance of our materials. Our practice exams mirror real-world tests, and our study guides—known as “braindumps” in the industry—are so effective that competitors often replicate them. We believe in the superiority of our resources, which remain completely free of charge.
Experience ExamPractice
If you’re hesitant about using ExamPractice, we encourage you to explore our popular exams. Observe our dedication to making ExamPractice the premier test prep resource and community. Read user comments, engage with others, and dive in. We are confident in ExamPractice’s quality and are committed to supporting you in achieving your certification goals.
ExamPractice is better than examtopics and prepaway. We are your go-to resource for free, high-quality certification test preparation materials and dumps. Join our community, access top-notch materials, and take a significant step towards your dream career today!