Question: 1
During a security incident, the security operations team identified sustained network traffic from a malicious IP
address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the
organization’s network. Which of the following fulfills this request?
Comment Loading
Question : 2
A security analyst is reviewing alerts in the SIEM(Security information and event management) related to potential
malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that
additional data about the executable running on the machine is necessary to continue the investigation. Which of the
following logs should the analyst use as a data source?
Ans: Endpoint
Explanation:
Endpoint logs: Endpoint logs, also known as host logs, record events and activities that occur on
individual endpoints (such as laptops, desktops, or servers). These logs can include information about processes,
applications, system events, user logins, file accesses, and more. Endpoint logs are a valuable source of data for
investigating security incidents on specific devices, including information about the executables running on the
machine. For the investigation described in the scenario, the most appropriate data source for obtaining additional
information about the executable running on the employee's corporate laptop is Endpoint logs. Endpoint logs can provide
detailed insights into the processes and executables running on the machine, helping the security analyst to further
analyze and respond to the potential security threat.
Note; Endpoint logs are stored on the actual device so the data they are looking for should be in the endpoint logs.
Question: 3
A systems administrator receives the following alert from a file integrity monitoring tool:
The hash of the cmd.exe file has changed.
The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of
the following most likely occurred?
Comment Loading
Question : 4
A Security Administrator is tasked to set up an automated system to
manage the access keys in the company’s AWS account.
A solution must be implemented to automatically disable all IAM user
access keys that are more than 90 days old.
How do you implement this
Comment Loading
Question: 5
A Security Engineer refactored an application to remove the hardcoded
Amazon RDS database credential from the
application and store it to AWS Secrets Manager instead. The application
works fine after the code change. For improved
data security, the Engineer enabled rotation of the credential in
Secrets Manager and then set the rotation to change
every 30 days. The change was done successfully without any issues but
after a short while, the application is getting
an authentication error whenever it connects to the database.
What is the MOST likely cause of this issue?
Comment Loading
Scenario: 1
A website is hosted in an Auto Scaling group of EC2 instances behind an
Application Load Balancer in
US West (N. California) region. There is a new requirement to place a
CloudFront distribution in front
of the load balancer to improve the site's latency and lower the load on
the
origin servers. The Security
Engineer must implement HTTPS communication from the client to
CloudFront
and then from
CloudFront to the load balancer. A custom domain name must be used for
your
distribution and the
SSL/TLS certificate should be generated from AWS Certificate Manager
(ACM).
How many certificates should be generated by the Engineer in this
scenario?
Scenario: 2
Welcome to Home Depot!. You have just joined the team and your first
task is to enhance security for the company
website. The site runs on Linux, PHP and Apache and uses an EC2 an
autoscaling group behind an Application Load Balancer
(ALB). After an initial architecture assessment you have found multiple
vulnerabilities and configuration issues. The
dev team is swamped and will not be able to remediate code level issues
for several weeks. Your mission in this workshop
round is to build an effective set of controls that mitigate common
attack vectors against web applications, and provide
you with the monitoring capabilities needed to react to emerging threats
when they occur.
An organization is implementing a security policy in which their
cloud-based users must be contained in a separate
authentication domain and prevented from accessing on-premises systems.
Their IT Operations team is launching and
maintaining a number of Amazon RDS for SQL Server databases and EC2
instances. The organization also has an on-premises
Active Directory service that contains the administrator accounts that
must have access to the databases and EC2
instances.
How would the Security Engineer manage the AWS resources of the
organization in the MOST secure manner?
Comment Loading
Scenario: 2
We found out that anyone from the Internet can bypass CloudFront that we
have configured for security
and open the app skipping protection we have from the components at the
Edge. Meaning: the
Application Load Balancer can be an easier target for an attack and a
weak
spot. Help us to fix that!
The LORD appeared to us in the past, saying: “I have loved you with an everlasting love; I have drawn you with unfailing kindness.(Jeremiah 31:3, NIV)
If you want to stay at the top of your career, you have to keep on learning. No one was created to depend on the other, no one was created to be a bagger, We were all created in the image of God and empowered by God to do greater things, We are all equip and bless with potentials, talent and gifts. Join us to make a different in our world
The LORD appeared to us in the past, saying: “I have loved you with an everlasting love; I have drawn you with unfailing kindness.(Jeremiah 31:3, NIV)
If you want to stay at the top of your career, you have to keep on learning. No one was created to depend on the other, no one was created to be a bagger, We were all created in the image of God and empowered by God to do greater things, We are all equip and bless with potentials, talent and gifts. Join us to make a different in our world
And so we know and rely on the love God has for us. God is love. Whoever lives in love lives in God, and God in them. ( 1John 4:16 NIV)
If you want to stay at the top of your career, you have to keep on learning. No one was created to depend on the other, no one was created to be a bagger, We were all created in the image of God and empowered by God to do greater things, We are all equip and bless with potentials, talent and gifts. Join us to make a different in our world