- (Exam Topic 3)
One of your company's EC2 Instances have been compromised. The company has strict po thorough investigation on finding the culprit for the security breach. What would you do in from the options given below.
Please select:

1. A. Take a snapshot of the EBS volume
2. B. Isolate the machine from the network
3. C. Make sure that logs are stored securely for auditing and troubleshooting purpose
4. D. Ensure all passwords for all IAM users are changed
5. E. Ensure that all access kevs are rotated.

Correct Answer: ABC
Some of the important aspects in such a situation are
1) First isolate the instance so that no further security harm can occur on other IAM resources
2) Take a snapshot of the EBS volume for further investigation. This is incase if you need to shutdown the initial instance and do a separate investigation on the data
3) Next is Option C. This indicates that we have already got logs and we need to make sure that it is stored securely so that n unauthorised person can access it and manipulate it.
Option D and E are invalid because they could have adverse effects for the other IAM users. For more information on adopting a security framework, please refer to below URL https://d1 .IAMstatic.com/whitepapers/compliance/NIST Cybersecurity Framework
Note:
In the question we have been asked to take actions to find the culprit and to help the investigation or to further reduce the damage that has happened due to the security breach. So by keeping logs secure is one way of helping the investigation.
The correct answers are: Take a snapshot of the EBS volume. Isolate the machine from the network. Make sure that logs are stored securely for auditing and troubleshooting purpose
Submit your Feedback/Queries to our Experts

- (Exam Topic 2)
A company wants to have an Intrusion detection system available for their VPC in IAM. They want to have complete control over the system. Which of the following would be ideal to implement?
Please select:

1. A. Use IAM WAF to catch all intrusions occurring on the systems in the VPC
2. B. Use a custom solution available in the IAM Marketplace
3. C. Use VPC Flow logs to detect the issues and flag them accordingly.
4. D. Use IAM Cloudwatch to monitor all traffic

Correct Answer: B
Sometimes companies want to have custom solutions in place for monitoring Intrusions to their systems. In such a case, you can use the IAM Marketplace for looking at custom solutions.
C:\Users\wk\Desktop\mudassar\Untitled.jpg

Option A.C and D are all invalid because they cannot be used to conduct intrusion detection or prevention. For more information on using custom security solutions please visit the below URL https://d1.IAMstatic.com/Marketplace/security/IAMMP_Security_Solution%200verview.pdf
For more information on using custom security solutions please visit the below URL: https://d1 .IAMstatic.com/Marketplace/security/IAMMP Security Solution%20Overview.pd1
The correct answer is: Use a custom solution available in the IAM Marketplace Submit your Feedback/Queries to our Experts

- (Exam Topic 4)
A company needs a forensic-logging solution for hundreds of applications running in Docker on Amazon EC2 The solution must perform real-time analytics on the togs must support the replay of messages and must persist the logs.
Which IAM services should be used to meet these requirements? (Select TWO)

1. A. Amazon Athena
2. B. Amazon Kinesis
3. C. Amazon SQS
4. D. Amazon Elasticsearch
5. E. Amazon EMR

Correct Answer: BD

- (Exam Topic 1)
A company wants to encrypt data locally while meeting regulatory requirements related to key exhaustion. The encryption key can be no more than 10 days old or encrypt more than 2" 16 objects Any encryption key must be generated on a FlPS-validated hardware security module (HSM). The company is cost-conscious, as plans to upload an average of 100 objects to Amazon S3 each second for sustained operations across 5 data producers
When approach MOST efficiently meets the company's needs?

1. A. Use the IAM Encryption SDK and set the maximum age to 10 days and the minimum number of messages encrypted to 3" 16. Use IAM Key Management Service (IAM KMS) to generate the master key and data key Use data key caching with the Encryption SDk during the encryption process.
2. B. Use IAM Key Management Service (IAM KMS) to generate an IAM managed CM
3. C. Then use Amazon S3 client-side encryption configured to automatically rotate with every object
4. D. Use IAM CloudHSM to generate the master key and data key
5. E. Then use Boto 3 and Python to locally encrypt data before uploading the object Rotate the data key every 10 days or after 2" 16 objects have been Uploaded to Amazon 33
6. F. Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) and set the master key to automatically rotate.

Correct Answer: A

- (Exam Topic 2)
Which of the following minimizes the potential attack surface for applications?

1. A. Use security groups to provide stateful firewalls for Amazon EC2 instances at the hypervisor level.
2. B. Use network ACLs to provide stateful firewalls at the VPC level to prevent access to any specific IAM resource.
3. C. Use IAM Direct Connect for secure trusted connections between EC2 instances within private subnets.
4. D. Design network security in a single layer within the perimeter network (also known as DMZ, demilitarized zone, and screened subnet) to facilitate quicker responses to threats.

Correct Answer: A
https://IAM.amazon.com/answers/networking/vpc-security-capabilities/ Security Group is stateful and hypervisor level.