- (Exam Topic 1)
A security engineer has noticed an unusually high amount of traffic coming from a single IP address. This was discovered by analyzing the Application Load Balancer's access logs. How can the security engineer limit the number of requests from a specific IP address without blocking the IP address?

1. A. Add a rule to the Application Load Balancer to route the traffic originating from the IP address in question and show a static webpage.
2. B. Implement a rate-based rule with AWS WAF
3. C. Use AWS Shield to limit the originating traffic hit rate.
4. D. Implement the GeoLocation feature in Amazon Route 53.

Correct Answer: C

- (Exam Topic 3)
Developers in an organization have moved from a standard application deployment to containers. The Security Engineer is tasked with ensuring that the containers are secure. Which strategies will reduce the attack surface and enhance the security of the containers? (Select TWO.)

1. A. Use the containers to automate security deployments.
2. B. Limit resource consumption (CPU, memory), networking connections, ports, and unnecessary container libraries.
3. C. Segregate containers by host, function, and data classification.
4. D. Use Docker Notary framework to sign task definitions.
5. E. Enable container breakout at the host kernel.

Correct Answer: AC

- (Exam Topic 3)
Your company has an EC2 Instance hosted in AWS. This EC2 Instance hosts an application. Currently this application is experiencing a number of issues. You need to inspect the network packets to see what the type of error that is occurring? Which one of the below steps can help address this issue?
Please select:

1. A. Use the VPC Flow Logs.
2. B. Use a network monitoring tool provided by an AWS partner.
3. C. Use another instanc
4. D. Setup a port to "promiscuous mode" and sniff the traffic to analyze the packet
5. E. Use Cloudwatch metric

Correct Answer: B

- (Exam Topic 1)
A company has hundreds of AWS accounts, and a centralized Amazon S3 bucket used to collect AWS CloudTrail for all of these accounts. A security engineer wants to create a solution that will enable the company to run ad hoc queues against its CloudTrail logs dating back 3 years from when the trails were first enabled in the company’s AWS account.
How should the company accomplish this with the least amount of administrative overhead?

1. A. Run an Amazon EMP cluster that uses a MapReduce job to be examine the CloudTrail trails.
2. B. Use the events history/feature of the CloudTrail console to query the CloudTrail trails.
3. C. Write an AWS Lambda function to query the CloudTrail trails Configure the Lambda function to be executed whenever a new file is created in the CloudTrail S3 bucket.
4. D. Create an Amazon Athena table that tools at the S3 bucket the CloudTrail trails are being written to Use Athena to run queries against the trails.

Correct Answer: D

- (Exam Topic 1)
An employee accidentally exposed an AWS access key and secret access key during a public presentation. The company Security Engineer immediately disabled the key.
How can the Engineer assess the impact of the key exposure and ensure that the credentials were not misused? (Choose two.)

1. A. Analyze AWS CloudTrail for activity.
2. B. Analyze Amazon CloudWatch Logs for activity.
3. C. Download and analyze the IAM Use report from AWS Trusted Advisor.
4. D. Analyze the resource inventory in AWS Config for IAM user activity.
5. E. Download and analyze a credential report from IAM.

Correct Answer: AD
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html