AWS-Certified-Security-Specialty Free Practice Test

- (Exam Topic 2)
A Security Administrator is performing a log analysis as a result of a suspected AWS account compromise. The Administrator wants to analyze suspicious AWS CloudTrail log files but is overwhelmed by the volume of audit logs being generated.
What approach enables the Administrator to search through the logs MOST efficiently?

1. A. Implement a “write-only” CloudTrail event filter to detect any modifications to the AWS account resources.
2. B. Configure Amazon Macie to classify and discover sensitive data in the Amazon S3 bucket that contains the CloudTrail audit logs.
3. C. Configure Amazon Athena to read from the CloudTrail S3 bucket and query the logs to examine account activities.
4. D. Enable Amazon S3 event notifications to trigger an AWS Lambda function that sends an email alarm when there are new CloudTrail API entries.

Correct Answer: C

- (Exam Topic 2)
A water utility company uses a number of Amazon EC2 instances to manage updates to a fleet of 2,000 Internet of Things (IoT) field devices that monitor water quality. These devices each have unique access credentials.
An operational safety policy requires that access to specific credentials is independently auditable. What is the MOST cost-effective way to manage the storage of credentials?

1. A. Use AWS Systems Manager to store the credentials as Secure Strings Parameter
2. B. Secure by using an AWS KMS key.
3. C. Use AWS Key Management System to store a master key, which is used to encrypt the credential
4. D. The encrypted credentials are stored in an Amazon RDS instance.
5. E. Use AWS Secrets Manager to store the credentials.
6. F. Store the credentials in a JSON file on Amazon S3 with server-side encryption.

Correct Answer: A
https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-advanced-parameters.html

- (Exam Topic 2)
A company has a customer master key (CMK) with imported key materials. Company policy requires that all encryption keys must be rotated every year.
What can be done to implement the above policy?

1. A. Enable automatic key rotation annually for the CMK.
2. B. Use AWS Command Line Interface to create an AWS Lambda function to rotate the existing CMK annually.
3. C. Import new key material to the existing CMK and manually rotate the CMK.
4. D. Create a new CMK, import new key material to it, and point the key alias to the new CMK.

Correct Answer: D
https://docs.aws.amazon.com/en_pv/kms/latest/developerguide/rotate-keys.html#rotate-keys-manually
"You might prefer to rotate keys manually so you can control the rotation frequency. It's also a good solution for CMKs that are not eligible for automatic key rotation, such as asymmetric CMKs, CMKs in custom key stores and CMKs with imported key material. Because the new CMK is a different resource from the current CMK, it has a different key ID and ARN. When you change CMKs, you need to update references to the CMK ID or ARN in your applications. Aliases, which associate a friendly name with a CMK, make this process easier. Use an alias to refer to a CMK in your applications. Then, when you want to change the CMK that the application uses, change the target CMK of the alias. To update the target CMK of an alias, use UpdateAlias operation in the AWS KMS API. "

- (Exam Topic 1)
A Security Engineer creates an Amazon S3 bucket policy that denies access to all users. A few days later, the Security Engineer adds an additional statement to the bucket policy to allow read-only access to one other employee Even after updating the policy the employee still receives an access denied message.
What is the likely cause of this access denial?

1. A. The ACL in the bucket needs to be updated.
2. B. The IAM policy does not allow the user to access the bucket
3. C. It takes a few minutes for a bucket policy to take effect
4. D. The allow permission is being overridden by the deny.

Correct Answer: D

- (Exam Topic 3)
A company has a legacy application that outputs all logs to a local text file. Logs from all applications running on AWS must be continually monitored for security related messages.
What can be done to allow the company to deploy the legacy application on Amazon EC2 and still meet the monitoring requirement? Please select:

1. A. Create a Lambda function that mounts the EBS volume with the logs and scans the logs for security incident
2. B. Trigger the function every 5 minutes with a scheduled Cloudwatch event.
3. C. Send the local text log files to CloudWatch Logs and configure a CloudWatch metric filte
4. D. Trigger cloudwatch alarms based on the metrics.
5. E. Install the Amazon inspector agent on any EC2 instance running the legacy applicatio
6. F. Generate CloudWatch alerts a based on any Amazon inspector findings.
7. G. Export the local text log files to CloudTrai
8. H. Create a Lambda function that queries the CloudTrail logs for security ' incidents using Athena.

Correct Answer: B
One can send the log files to Cloudwatch Logs. Log files can also be sent from On-premise servers. You can then specify metrii to search the logs for any specific values. And then create alarms based on these metrics.
Option A is invalid because this will be just a long over drawn process to achieve this requirement Option C is invalid because AWS Inspector cannot be used to monitor for security related messages.
Option D is invalid because files cannot be exported to AWS Cloudtrail
For more information on Cloudwatch logs agent please visit the below URL: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/QuickStartEC2lnstance.hti
The correct answer is: Send the local text log files to Cloudwatch Logs and configure a Cloudwatch metric filter. Trigger cloudwatch alarms based on the metrics.
Submit your Feedback/Queries to our Experts