New Release SCS-C01 AWS Certified Specialty Questions

Some of the important aspects in such a situation are

1) First isolate the instance so that no further security harm can occur on other IAM resources

2) Take a snapshot of the EBS volume for further investigation. This is incase if you need to shutdown the initial instance and do a separate investigation on the data

3) Next is Option C. This indicates that we have already got logs and we need to make sure that it is stored securely so that n unauthorised person can access it and manipulate it.

Option D and E are invalid because they could have adverse effects for the other IAM users.

For more information on adopting a security framework, please refer to below URL

.IAMstatic.com/whitepapers/compliance/NIST Cybersecurity Framework

Note:

In the question we have been asked to take actions to find the culprit and to help the investigation or to further reduce the damage that has happened due to the security breach. So by keeping logs secure is one way of helping the investigation.

The correct answers are: Take a snapshot of the EBS volume. Isolate the machine from the network. Make sure that logs are stored securely for auditing and troubleshooting purpose

Submit your Feedback/Queries to our Experts

You can use IAM Config to monitor for such Event

Option A is invalid because you cannot set Cloudwatch events based on Trusted Advisor checks.

Option C is invalid Amazon inspector cannot be used to check whether instances are launched from a specific A

Option E is invalid because triggering a CLI command is not the preferred option, instead you should use Lambda functions for all automation purposes.

For more information on Config Rules please see the below Link:

These events can then trigger a lambda function to terminate instances For more information on Cloudwatch events please see the below Link:

(

The correct answers are: Trigger a Lambda function from a scheduled Cloudwatch event that terminates non-compliant infrastructure., Monitor compliance with IAM Config Rules triggered by configuration changes

Submit your Feedback/Queries to our Experts

Your answer is incorrect

Answer -D

The IAM Documentation mentions the following on IAM WAF which can be used to protect Application Load Balancers and Cloud front

A web access control list (web ACL) gives you fine-grained control over the web requests that your Amazon CloudFront distributions or Application Load Balancers respond to. You can allow or block the following types of requests:

Originate from an IP address or a range of IP addresses

Originate from a specific country or countries

Contain a specified string or match a regular expression (regex) pattern in a particular part of requests

Exceed a specified length

Appear to contain malicious SQL code (known as SQL injection)

Appear to contain malicious scripts (known as cross-site scripting)

Option A is invalid because by default Security Groups have the Deny policy

Options B and C are invalid because these services cannot be used to block IP addresses

For information on IAM WAF, please visit the below URL:

The correct answer is: Use IAM WAF to block the IP addresses

Submit your Feedback/Queries to our Experts

IPSec is a widely adopted protocol that can be used to provide end to end protection for data