• ホーム
  • ブログ
  • 2024年01月最新のAmazon AWS-Security-Specialty問題集で更新された592問あります [Q234-Q256]

2024年01月最新のAmazon AWS-Security-Specialty問題集で更新された592問あります [Q234-Q256]

Share

2024年01月最新のAmazon AWS-Security-Specialty問題集で更新された592問あります

PDF無料ダウンロードにはAWS-Security-Specialty有効な練習テスト問題


AWS Certified Security - Specialty認定は、AWSセキュリティにおける優れたマークとして、世界中の雇用主に認められています。これは、個人がAWSセキュリティの全体像を深く理解し、AWSのベストプラクティスを満たすセキュリティソリューションを設計および実装できることを示すものです。クラウドセキュリティの重要性が高まる中、この認定は、ITプロフェッショナルがキャリアの見通しを向上させ、最新のセキュリティトレンドと技術に常にアップデートされるための絶好の方法です。Amazon SCS-C01試験に合格することで、個人はクラウドセキュリティに関する独占的なAWSリソースやコミュニティにアクセスすることもできます。


SCS-C01認定試験は、65の複数選択肢および複数回答の問題から構成され、受験者は170分間で試験を完了する必要があります。試験は英語、日本語、簡体字中国語、韓国語など、複数の言語で利用可能です。試験に合格すると、受験者は3年間有効なAWS Certified Security - Specialty認定を取得できます。

 

質問 # 234
A website currently runs on Amazon EC2, wan mostly statics content on the site. Recently the site was subjected to a DDoS attack a security engineer was (asked was redesigning the edge security to help Mitigate this risk in the future.
What are some ways the engineer could achieve this (Select THREE)?

  • A. Use Amazon Route 53 to distribute traffic.
  • B. Use Amazon Inspector assessment templates to inspect the inbound traffic.
  • C. Change the security group configuration to block the source of the attack traffic
  • D. Use AWS WAF security rules to inspect the inbound traffic.
  • E. Use AWS X-Ray to inspect the traffic going to the EC2 instances.
  • F. Move the static content to Amazon S3, and front this with an Amazon Cloud Front distribution.

正解:A、D、F


質問 # 235
A Systems Engineer has been tasked with configuring outbound mail through Simple Email Service (SES) and requires compliance with current TLS standards.
The mail application should be configured to connect to which of the following endpoints and corresponding ports?

  • A. email-imap.us-east-1.amazonaws.com over port 993
    https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-connect.html
  • B. email-smtp.us-east-1.amazonaws.com over port 587
  • C. email.us-east-1.amazonaws.com over port 8080
  • D. email-pop3.us-east-1.amazonaws.com over port 995

正解:B


質問 # 236
A company has several Customer Master Keys (CMK), some of which have imported key material. Each CMK must be rotated annually.
What two methods can the security team use to rotate each key? Select 2 answers from the options given below Please select:

  • A. Delete an existing CMK and a new default CMK will be created.
  • B. Use the CLI or console to explicitly rotate an existing CMK
  • C. Enable automatic key rotation for a CMK
  • D. Import new key material to an existing CMK
  • E. Import new key material to a new CMK; Point the key alias to the new CMK.

正解:C、E

解説:
Explanation
The AWS Documentation mentions the following
Automatic key rotation is available for all customer managed CMKs with KMS-generated key material. It is not available for CMKs that have imported key material (the value of the Origin field is External), but you can rotate these CMKs manually.
Rotating Keys Manually
You might want to create a newCMKand use it in place of a current CMK instead of enabling automatic key rotation. When the new CMK has different cryptographic material than the current CMK, using the new CMK has the same effect as changing the backing key in an existing CMK. The process of replacing one CMK with another is known as manual key rotation.
When you begin using the new CMK, be sure to keep the original CMK enabled so that AWS KMS can decrypt data that the original CMK encrypted. When decrypting data, KMS identifies the CMK that was used to encrypt the data, and it uses the sam CMK to decrypt the data. As long as you keep both the original and new CMKs enabled, AWS KMS can decrypt any data that was encrypted by either CMK.
Option B is invalid because you also need to point the key alias to the new key Option C is invalid because existing CMK keys cannot be rotated as they are Option E is invalid because deleting existing keys will not guarantee the creation of a new default CMK key For more information on Key rotation please see the below Link:
https://docs.aws.amazon.com/kms/latest/developereuide/rotate-keys.html
The correct answers are: Enable automatic key rotation for a CMK, Import new key material to a new CMK; Point the key alias to the new CMK.
Submit your Feedback/Queries to our Experts


質問 # 237
An employee accidentally exposed an AWS access key and secret access key during a public presentation. The company Security Engineer immediately disabled the key.
How can the Engineer assess the impact of the key exposure and ensure that the credentials were not misused?
(Choose two.)

  • A. Download and analyze a credential report from IAM.
  • B. Analyze Amazon CloudWatch Logs for activity.
  • C. Download and analyze the IAM Use report from AWS Trusted Advisor.
  • D. Analyze AWS CloudTrail for activity.
  • E. Analyze the resource inventory in AWS Config for IAM user activity.

正解:A、D


質問 # 238
A company has several critical applications running on a large fleet of Amazon EC2 instances. As part of a security operations review, the company needs to apply a critical operating system patch to EC2 instances within 24 hours of the patch becoming available from the operating system vendor. The company does not have a patching solution deployed on AWS, but does have AWS Systems Manager configured. The solution must also minimize administrative overhead.
What should a security engineer recommend to meet these requirements?

  • A. Use an AWS Systems Manager Patch Manager predefined baseline to patch affected instances.
  • B. Use the AWS Systems Manager Run Command to patch affected instances.
  • C. Create an AWS Config rule defining the patch as a required configuration for EC2 instances.
  • D. Use AWS Systems Manager Session Manager to log in to each affected instance and apply the patch.

正解:B


質問 # 239
A company has multiple VPCs in their account that are peered, as shown in the diagram. A Security Engineer wants to perform penetration tests of the Amazon EC2 instances in all three VPCs.
How can this be accomplished? (Choose two.)

  • A. Create a VPN connection from the data center to each of the three VPCs. Use an on-premises scanning engine to scan the instances in each VPC. Complete the penetration test request form for all three VPCs.
  • B. Create a VPN connection from the data center to each of the three VPCs. Use an on-premises scanning engine to scan the instances in each VPC. Do not complete the penetration test request form.
  • C. Deploy a pre-authorized scanning engine from the Marketplace into each VPC, and scan instances in each VPC from the scanning engine in that VPC. Do not complete the penetration test request form.
  • D. Deploy a pre-authorized scanning engine from the AWS Marketplace into VPC B, and use it to scan instances in all three VPCs. Do not complete the penetration test request form.
  • E. Create a VPN connection from the data center to VPC A. Use an on-premises scanning engine to scan the instances in all three VPCs. Complete the penetration test request form for all three VPCs.

正解:B、C


質問 # 240
A company has a requirement to create a DynamoDB table. The company's software architect has provided the following CLI command for the DynamoDB table

Which of the following has been taken of from a security perspective from the above command?
Please select:

  • A. The right throughput has been specified from a security perspective
  • B. Since the ID is hashed, it ensures security of the underlying table.
  • C. The above command ensures data encryption at rest for the Customer table
  • D. The above command ensures data encryption in transit for the Customer table

正解:C

解説:
Explanation
The above command with the "-sse-specification Enabled=true" parameter ensures that the data for the DynamoDB table is encrypted at rest.
Options A,C and D are all invalid because this command is specifically used to ensure data encryption at rest For more information on DynamoDB encryption, please visit the URL:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/encryption.tutorial.html The correct answer is: The above command ensures data encryption at rest for the Customer table


質問 # 241
A company wishes to enable Single Sign On (SSO) so its employees can login to the management console using their corporate directory identity. Which steps below are required as part of the process? Select 2 answers from the options given below.
Please select:

  • A. Create IAM policies that can be mapped to group memberships in the corporate directory.
  • B. Create a Lambda function to assign IAM roles to the temporary security tokens provided to the users.
  • C. Create an IAM role that establishes a trust relationship between IAM and the corporate directory identity provider (IdP)
  • D. Create a Direct Connect connection between on-premise network and IAM. Use an AD connector for connecting IAM with on-premise active directory.
  • E. Create IAM users that can be mapped to the employees' corporate identities

正解:C、D

解説:
Create a Direct Connect connection so that corporate users can access the IAM account Option B is incorrect because IAM policies are not directly mapped to group memberships in the corporate directory. It is IAM roles which are mapped.
Option C is incorrect because Lambda functions is an incorrect option to assign roles.
Option D is incorrect because IAM users are not directly mapped to employees' corporate identities.
For more information on Direct Connect, please refer to below URL:
' https://IAM.amazon.com/directconnect/
From the IAM Documentation, for federated access, you also need to ensure the right policy permissions are in place Configure permissions in IAM for your federated users The next step is to create an IAM role that establishes a trust relationship between IAM and your organization's IdP that identifies your IdP as a principal (trusted entity) for purposes of federation. The role also defines what users authenticated your organization's IdP are allowed to do in IAM. You can use the IAM console to create this role. When you create the trust policy that indicates who can assume the role, you specify the SAML provider that you created earlier in IAM along with one or more SAML attributes that a user must match to be allowed to assume the role. For example, you can specify that only users whose SAML eduPersonOrgDN value is ExampleOrg are allowed to sign in. The role wizard automatically adds a condition to test the saml:aud attribute to make sure that the role is assumed only for sign-in to the IAM Management Console. The trust policy for the role might look like this:

For more information on SAML federation, please refer to below URL:
https://docs.IAM.amazon.com/IAM/latest/UserGuide/id_roles_providers_enabli Note:
What directories can I use with IAM SSO?
You can connect IAM SSO to Microsoft Active Directory, running either on-premises or in the IAM Cloud. IAM SSO supports IAM Directory Service for Microsoft Active Directory, also known as IAM Managed Microsoft AD, and AD Connector. IAM SSO does not support Simple AD. See IAM Directory Service Getting Started to learn more.
To connect to your on-premises directory with AD Connector, you need the following:
VPC
Set up a VPC with the following:
* At least two subnets. Each of the subnets must be in a different Availability Zone.
* The VPC must be connected to your on-premises network through a virtual private network (VPN) connection or IAM Direct Connect.
* The VPC must have default hardware tenancy.
* https://IAM.amazon.com/single-sign-on/
* https://IAM.amazon.com/single-sign-on/faqs/
* https://IAM.amazon.com/bloj using-corporate-credentials/
* https://docs.IAM.amazon.com/directoryservice/latest/admin-
The correct answers are: Create a Direct Connect connection between on-premise network and IAM. Use an AD connector connecting IAM with on-premise active directory.. Create an IAM role that establishes a trust relationship between IAM and corporate directory identity provider (IdP) Submit your Feedback/Queries to our Experts


質問 # 242
You want to ensure that you keep a check on the Active EBS Volumes, Active snapshots and Elastic IP addresses you use so that you don't go beyond the service limit. Which of the below services can help in this regard?
Please select:

  • A. IAM Trusted Advisor
  • B. IAM EC2
  • C. IAM SNS
  • D. IAM Cloudwatch

正解:A

解説:
Explanation
Below is a snapshot of the service limits that the Trusted Advisor can monitor

Option A is invalid because even though you can monitor resources, it cannot be checked against the service limit.
Option B is invalid because this is the Elastic Compute cloud service Option D is invalid because it can be send notification but not check on service limit For more information on the Trusted Advisor monitoring, please visit the below URL:
https://IAM.amazon.com/premiumsupport/ta-faqs>
The correct answer is: IAM Trusted Advisor
Submit your Feedback/Queries to our Experts


質問 # 243
A company has a set of EC2 Instances hosted in AWS. The EC2 Instances have EBS volumes which is used to store critical information. There is a business continuity requirement to ensure high availability for the EBS volumes. How can you achieve this?

  • A. Use EBS volume encryption
  • B. Use EBS volume replication
  • C. Use lifecycle policies for the EBS volumes
  • D. Use EBS Snapshots

正解:D

解説:
Data stored in Amazon EBS volumes is redundantly stored in multiple physical locations as part of normal operation of those services and at no additional charge. However, Amazon EBS replication is stored within the same availability zone, not across multiple zones; therefore, it is highly recommended that you conduct regular snapshots to Amazon S3 for long-term data durability Option A is invalid because there is no lifecycle policy for EBS volumes Option C is invalid because there is no EBS volume replication Option D is invalid because EBS volume encryption will not ensure business continuity For information on security for Compute Resources, please visit the below URL: https://d1.awsstatic.com/whitepapers/Security/Security_Compute_Services_Whitepaper.pdf


質問 # 244
A Security Engineer is trying to determine whether the encryption keys used in an AWS service are in
compliance with certain regulatory standards.
Which of the following actions should the Engineer perform to get further guidance?

  • A. Run AWS Config and evaluate the configuration outputs.
  • B. Use AWS Artifact to access AWS compliance reports.
  • C. Read the AWS Customer Agreement.
  • D. Post the question on the AWS Discussion Forums.

正解:B


質問 # 245
Your company has a set of 1000 EC2 Instances defined in an IAM Account. They want to effectively automate several administrative tasks on these instances. Which of the following would be an effective way to achieve this?
Please select:

  • A. Use the IAM Systems Manager Run Command
  • B. Use the IAM Systems Manager Parameter Store
  • C. Use the IAM Inspector
  • D. Use IAM Config

正解:A

解説:
The IAM Documentation mentions the following
IAM Systems Manager Run Command lets you remotely and securely manage the configuration of your managed instances. A managed instance is any Amazon EC2 instance or on-premises machine in your hybrid environment that has been configured for Systems Manager. Run Command enables you to automate common administrative tasks and perform ad hoc configuration changes at scale. You can use Run Command from the IAM console, the IAM Command Line Interface, IAM Tools for Windows PowerShell, or the IAM SDKs. Run Command is offered at no additional cost.
Option A is invalid because this service is used to store parameter Option C is invalid because this service is used to scan vulnerabilities in an EC2 Instance. Option D is invalid because this service is used to check for configuration changes For more information on executing remote commands, please visit the below U
https://docs.IAM.amazon.com/systems-manaEer/latest/usereuide/execute-remote-commands.htmll ( The correct answer is: Use the IAM Systems Manager Run Command Submit your Feedback/Queries to our Experts


質問 # 246
Your development team is using access keys to develop an application that has access to S3 and DynamoDB.
A new security policy has outlined that the credentials should not be older than 2 months, and should be rotated. How can you achieve this?
Please select:

  • A. Use a script to query the creation date of the keys. If older than 2 months, create new access key and update all applications to use it inactivate the old key and delete it.
  • B. Delete the IAM Role associated with the keys after every 2 months. Then recreate the IAM Role again.
  • C. Use the application to rotate the keys in every 2 months via the SDK
  • D. Delete the user associated with the keys after every 2 months. Then recreate the user again.

正解:A

解説:
Explanation
One can use the CLI command list-access-keys to get the access keys. This command also returns the
"CreateDate" of the keys. If the CreateDate is older than 2 months, then the keys can be deleted.
The Returns list-access-keys CLI command returns information about the access key IDs associated with the specified IAM user. If there are none, the action returns an empty list Option A is incorrect because you might as use a script for such maintenance activities Option C is incorrect because you would not rotate the users themselves Option D is incorrect because you don't use IAM roles for such a purpose For more information on the CLI command, please refer to the below Link:
http://docs.aws.amazon.com/cli/latest/reference/iam/list-access-keys.htmll The correct answer is: Use a script to query the creation date of the keys. If older than 2 months, create new access key and update all applications to use it inactivate the old key and delete it.
Submit your Feedback/Queries to our Experts


質問 # 247
Your company is planning on using bastion hosts for administering the servers in AWS. Which of the following is the best description of a bastion host from a security perspective?
Please select:

  • A. A Bastion host should maintain extremely tight security and monitoring as it is available to the public A bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer.
  • B. A Bastion host sits on the outside of an internal network and is used as a gateway into the private network and is considered the critical strong point of the network
  • C. A Bastion host should be on a private subnet and never a public subnet due to security concerns
  • D. Bastion hosts allow users to log in using RDP or SSH and use that session to S5H into internal network to access private subnet resources.

正解:D

解説:
In AWS, A bastion host is kept on a public subnet. Users log on to the bastion host via SSH or RDP and then use that session to manage other hosts in the private subnets.
Options A and B are invalid because the bastion host needs to sit on the public network. Option D is invalid because bastion hosts are not used for monitoring For more information on bastion hosts, just browse to the below URL:
https://docsaws.amazon.com/quickstart/latest/linux-bastion/architecture.htl The correct answer is: Bastion hosts allow users to log in using RDP or SSH and use that session to SSH into internal network to access private subnet resources.
Submit your Feedback/Queries to our Experts


質問 # 248
A Security Engineer has discovered that, although encryption was enabled on the Amazon S3 bucket example bucket, anyone who has access to the bucket has the ability to retrieve the files. The Engineer wants to limit access to each IAM user can access an assigned folder only.
What should the Security Engineer do to achieve this?

  • A. Change the applicable IAM policy to grant S3 access to "Resource": "arn:aws:s3:::examplebucket/${aws:username}/*"
  • B. Create a customer-managed CMK with a key policy granting "kms:Decrypt" based on the "${aws:username}" variable.
  • C. Use envelope encryption with the AWS-managed CMK aws/s3.
  • D. Create a customer-managed CMK for each user. Add each user as a key user in their corresponding key policy.

正解:B


質問 # 249
A company had developed an incident response plan 18 months ago. Regular implementations of the response plan are carried out. No changes have been made to the response plan have been made since its creation.
Which of the following is a right statement with regards to the plan?
Please select:

  • A. The response plan is complete in its entirety
  • B. The response plan does not cater to new services
  • C. It places too much emphasis on already implemented security controls.
  • D. The response plan is not implemented on a regular basis

正解:B

解説:
Explanation
So definitely the case here is that the incident response plan is not catering to newly created services. AWS keeps on changing and adding new services and hence the response plan must cater to these new services.
Option A and B are invalid because we don't know this for a fact.
Option D is invalid because we know that the response plan is not complete, because it does not cater to new features of AWS For more information on incident response plan please visit the following URL:
https://aws.amazon.com/blogs/publicsector/buildins-a-cloud-specific-incident-response-plan; The correct answer is: The response plan does not cater to new services Submit your Feedback/Queries to our Experts


質問 # 250
A Security Engineer has launched multiple Amazon EC2 instances from a private AMI using an IAM CloudFormation template. The Engineer notices instances terminating right after they are launched.
What could be causing these terminations?

  • A. IAM currently does not have sufficient capacity in the Region.
  • B. The IAM user launching those instances is missing ec2:Runinstances permission.
  • C. The AMI used as encrypted and the IAM does not have the required IAM KMS permissions.
  • D. The instance profile used with the EC2 instances in unable to query instance metadata.

正解:C

解説:
https://docs.IAM.amazon.com/IAMEC2/latest/UserGuide/troubleshooting-launch.html


質問 # 251
A Security Engineer is trying to determine whether the encryption keys used in an AWS service are in compliance with certain regulatory standards.
Which of the following actions should the Engineer perform to get further guidance?

  • A. Run AWS Config and evaluate the configuration outputs.
  • B. Use AWS Artifact to access AWS compliance reports.
  • C. Read the AWS Customer Agreement.
  • D. Post the question on the AWS Discussion Forums.

正解:B

解説:
https://aws.amazon.com/artifact/
Third-party auditors assess the security and compliance of AWS Key Management Service as part of multiple AWS compliance programs. These include SOC, PCI, FedRAMP, HIPPA, and others. The compliance document is found in AWS Artifact.


質問 # 252
A security team must present a daily briefing to the CISO that includes a report of which of the company's thousands of EC2 instances and on-premises servers are missing the latest security patches. All instances/servers must be brought into compliance within 24 hours so they do not show up on the next day's report. How can the security team fulfill these requirements?
Please select:

  • A. Use Trusted Advisor to generate the report of out of compliance instances/servers. Use Systems Manger Patch Manger to install the missing patches.
  • B. Use Amazon QuickSight and Cloud Trail to generate the report of out of compliance instances/servers. Redeploy all out of compliance instances/servers using an AMI with the latest patches.
  • C. Use Systems Manger Patch Manger to generate the report of out of compliance instances/ servers. Use Systems Manager Patch Manger to install the missing patches.
  • D. Use Systems Manger Patch Manger to generate the report of out of compliance instances/ servers. Redeploy all out of1 compliance instances/servers using an AMI with the latest patches.

正解:C

解説:
Use the Systems Manger Patch Manger to generate the report and also install the missing patches The IAM Documentation mentions the following IAM Systems Manager Patch Manager automates the process of patching managed instances with security-related updates. For Linux-based instances, you can also install patches for non-security updates. You can patch fleets of Amazon EC2 instances or your on-premises servers and virtual machines (VMs) by operating system type. This includes supported versions of Windows, Ubuntu Server, Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise Server (SLES), and Amazon Linux. You can scan instances to see only a report of missing patches, or you can scan and automatically install all missing patches.
Option A is invalid because Amazon QuickSight and Cloud Trail cannot be used to generate the list of servers that don't meet compliance needs.
Option C is wrong because deploying instances via new AMI'S would impact the applications hosted on these servers Option D is invalid because Amazon Trusted Advisor cannot be used to generate the list of servers that don't meet compliance needs.
For more information on the IAM Patch Manager, please visit the below URL:
https://docs.IAM.amazon.com/systems-manager/latest/userguide/systems-manager-patch.html ( The correct answer is: Use Systems Manger Patch Manger to generate the report of out of compliance instances/ servers. Use Systems Manager Patch Manger to install the missing patches.
Submit your Feedback/Queries to our Experts


質問 # 253
A threat assessment has identified a risk whereby an internal employee could exfiltrate sensitive data from production host running inside AWS (Account 1). The threat was documented as follows:
Threat description: A malicious actor could upload sensitive data from Server X by configuring credentials for an AWS account (Account 2) they control and uploading data to an Amazon S3 bucket within their control.
Server X has outbound internet access configured via a proxy server. Legitimate access to S3 is required so that the application can upload encrypted files to an S3 bucket. Server X is currently using an IAM instance role. The proxy server is not able to inspect any of the server communication due to TLS encryption.
Which of the following options will mitigate the threat? (Choose two.)

  • A. Remove the IAM instance role from the application server and save API access keys in a trusted and encrypted application config file.
  • B. Configure Network ACLs on Server X to deny access to S3 endpoints.
  • C. Modify the S3 bucket policy for the legitimate bucket to allow access only from the public IP addresses associated with the application server.
  • D. Block outbound access to public S3 endpoints on the proxy server.
  • E. Bypass the proxy and use an S3 VPC endpoint with a policy that whitelists only certain S3 buckets within Account 1.

正解:B、E


質問 # 254
Your company hosts a large section of EC2 instances in AWS. There are strict security rules governing the EC2 Instances. During a potential security breach , you need to ensure quick investigation of the underlying EC2 Instance. Which of the following service can help you quickly provision a test environment to look into the breached instance.
Please select:

  • A. AWS Cloudformation
  • B. AWS Config
  • C. AWS Cloudwatch
  • D. AWS Cloudtrail

正解:A

解説:
The AWS Security best practises mentions the following
Unique to AWS, security practitioners can use CloudFormation to quickly create a new, trusted environment in which to conduct deeper investigation. The CloudFormation template can pre-configure instances in an isolated environment that contains all the necessary tools forensic teams need to determine the cause of the incident This cuts down on the time it takes to gather necessary tools, isolates systems under examination, and ensures that the team is operating in a clean room.
Option A is incorrect since this is a logging service and cannot be used to provision a test environment
Option C is incorrect since this is an API logging service and cannot be used to provision a test environment
Option D is incorrect since this is a configuration service and cannot be used to provision a test environment
For more information on AWS Security best practises, please refer to below URL:
https://d1.awsstatic.com/whitepapers/architecture/AWS-Security-Pillar.pd1
The correct answer is: AWS Cloudformation
Submit your Feedback/Queries to our Experts


質問 # 255
An application running on EC2 instances in a VPC must access sensitive data in the data center. The access must be encrypted in transit and have consistent low latency. Which hybrid architecture will meet these requirements?
Please select:

  • A. A VPN between the VPC and the data center over a Direct Connect connection
  • B. A Direct Connect connection between the VPC and data center
  • C. A VPN between the VPC and the data center.
  • D. Expose the data with a public HTTPS endpoint.

正解:A

解説:
Since this is required over a consistency low latency connection, you should use Direct Connect. For encryption, you can make use of a VPN
Option A is invalid because exposing an HTTPS endpoint will not help all traffic to flow between a VPC and the data center.
Option C is invalid because low latency is a key requirement
Option D is invalid because only Direct Connect will not suffice
For more information on the connection options please see the below Link:
https://aws.amazon.com/answers/networking/aws-multiple-vpc-vpn-connection-sharint
The correct answer is: A VPN between the VPC and the data center over a Direct Connect connection
Submit your Feedback/Queries to our Experts


質問 # 256
......


Amazon SCS -C01(AWS認定セキュリティ - 専門)認定試験は、AWSクラウドのセキュリティ慣行のスキルと知識を検証することに関心のあるIT専門家向けに設計されています。この試験は、AWSサービスを使用してセキュリティソリューションの設計と展開において、最低2年間の実践的な経験を持つ個人を対象としています。

 

AWS-Security-Specialtyテストエンジンお試しセット、AWS-Security-Specialty問題集PDF:https://www.goshiken.com/Amazon/AWS-Security-Specialty-mondaishu.html

最新のAmazon AWS-Security-SpecialtyのPDFと問題集で(2024)無料試験問題解答はここ:https://drive.google.com/open?id=1I1ncrtwnNmlWfPKBOyUFMV94tm_FXKbZ

関するブログ

もっと
AWS-Security-Specialty無料問題集