- (Exam Topic 3)
An ecommerce website was down for 1 hour following a DDoS attack Users were unable to connect to the website during the attack period. The ecommerce company's security team is worried about future potential attacks and wants to prepare for such events The company needs to minimize downtime in its response to similar attacks in the future.
Which steps would help achieve this9 (Select TWO )

1. A. Enable Amazon GuardDuty to automatically monitor for malicious activity and block unauthorized access.
2. B. Subscribe to AWS Shield Advanced and reach out to AWS Support in the event of an attack.
3. C. Use VPC Flow Logs to monitor network: traffic and an AWS Lambda function to automatically block an attacker's IP using security groups.
4. D. Set up an Amazon CloudWatch Events rule to monitor the AWS CloudTrail events in real time use AWS Config rules to audit the configuration, and use AWS Systems Manager for remediation.
5. E. Use AWS WAF to create rules to respond to such attacks

Correct Answer: CE

- (Exam Topic 3)
Your company has just started using AWS and created an AWS account. They are aware of the potential issues when root access is enabled. How can they best safeguard the account when it comes to root access? Choose 2 answers fro the options given below
Please select:

1. A. Delete the root access account
2. B. Create an Admin IAM user with the necessary permissions
3. C. Change the password for the root account.
4. D. Delete the root access keys

Correct Answer: BD
The AWS Documentation mentions the following
All AWS accounts have root user credentials (that is, the credentials of the account owner). These credentials allow full access to all resources in the account. Because you cant restrict permissions for root user credentials, we recommend that you delete your root user access keys. Then create AWS Identity and Access Management (IAM) user credentials for everyday interaction with AWS.
Option A is incorrect since you cannot delete the root access account
Option C is partially correct but cannot be used as the ideal solution for safeguarding the account For more information on root access vs admin IAM users, please refer to below URL: https://docs.aws.amazon.com/eeneral/latest/er/root-vs-iam.html
The correct answers are: Create an Admin IAM user with the necessary permissions. Delete the root access keys Submit your Feedback/Queries to our Experts

- (Exam Topic 3)
Developers in an organization have moved from a standard application deployment to containers. The Security Engineer is tasked with ensuring that the containers are secure. Which strategies will reduce the attack surface and enhance the security of the containers? (Select TWO.)

1. A. Use the containers to automate security deployments.
2. B. Limit resource consumption (CPU, memory), networking connections, ports, and unnecessary container libraries.
3. C. Segregate containers by host, function, and data classification.
4. D. Use Docker Notary framework to sign task definitions.
5. E. Enable container breakout at the host kernel.

Correct Answer: AC

- (Exam Topic 2)
An organization operates a web application that serves users globally. The application runs on Amazon EC2 instances behind an Application Load Balancer. There is an Amazon CloudFront distribution in front of the load balancer, and the organization uses AWS WAF. The application is currently experiencing a volumetric attack whereby the attacker is exploiting a bug in a popular mobile game.
The application is being flooded with HTTP requests from all over the world with the User-Agent set to the following string: Mozilla/5.0 (compatible; ExampleCorp; ExampleGame/1.22; Mobile/1.0)
What mitigation can be applied to block attacks resulting from this bug while continuing to service legitimate requests?

1. A. Create a rule in AWS WAF rules with conditions that block requests based on the presence of ExampleGame/1.22 in the User-Agent header
2. B. Create a geographic restriction on the CloudFront distribution to prevent access to the application from most geographic regions
3. C. Create a rate-based rule in AWS WAF to limit the total number of requests that the web application services.
4. D. Create an IP-based blacklist in AWS WAF to block the IP addresses that are originating from requests that contain ExampleGame/1.22 in the User-Agent header.

Correct Answer: A
Since all the attack has http header- User-Agent set to string: Mozilla/5.0 (compatible; ExampleCorp;) it would be much more easier to block these attack by simply denying traffic with the header match . HTH ExampleGame/1.22; Mobile/1.0)

- (Exam Topic 1)
A security engineer is designing an incident response plan to address the risk of a compromised Amazon EC2 instance. The plan must recommend a solution to meet the following requirements:
• A trusted forensic environment must be provisioned
• Automated response processes must be orchestrated
Which AWS services should be included in the plan? {Select TWO)

1. A. AWS CloudFormation
2. B. Amazon GuardDuty
3. C. Amazon Inspector
4. D. Amazon Macie
5. E. AWS Step Functions

Correct Answer: AE