AWS Certified Security Specialty Exam Questions 2021

AWS Certified Security Specialty Sample Exam (10 Questions)

/10

Sample Exam : AWS Certified Security Specialty Set (10 Questions)

This is free Sample Practice Test. You will have 20 mins to complete this test. Please purchase to get life time access to all 210 Real exam questions.

Please fill your Name and Email address and click on next to Start the Exam

1 / 10

A company has hired a third-party security auditor, and the auditor needs read-only access to all AWS resources and logs of all VPC records and events that have occurred on AWS. How can the company meet the auditor's requirements without comprising security in the AWS environment? Choose the correct answer from the options below

A. Create a role that has the required permissions for the auditor.

B. Create an SNS notification that sends the CloudTrail log files to the auditor's email when CloudTrail delivers the logs to S3, but do not allow the auditor access to the AWS environment.

C. The company should contact AWS as part of the shared responsibility model, and AWS will grant required access to the third-party auditor.

D. Enable CloudTrail logging and create an IAM user who has read-only permissions to the required AWS resources, including the bucket containing the CloudTrail logs.

2 / 10

You have a bucket and a VPC defined in AWS. You need to ensure that the bucket can only be accessed by the VPC endpoint. How can you accomplish this?

A. Modify the security groups for the VPC to allow access to the S3 bucket

B. Modify the route tables to allow access for the VPC endpoint

C. Modify the IAM Policy for the bucket to allow access for the VPC endpoint

D. Modify the bucket Policy for the bucket to allow access for the VPC endpoint

3 / 10

Your company use AWS KMS for management of its customer keys. From time to time , there is a requirement to delete existing keys as part of housekeeping activities. What can be done during the deletion process to verify that the key is no longer being used.

A. Use CloudTrail to see if any KMS API request has been issued against existing keys

B. Use Key policies to see the access level for the keys

C. Rotate the keys once before deletion to see if other services are using the keys

D. Change the IAM policy for the keys to see if other services are using the keys

4 / 10

One of the EC2 Instances in your company has been compromised. What steps would you take to ensure that you could apply digital forensics on the Instance. Select 2 answers from the options given below

A. Remove the role applied to the Ec2 Instance

B. Create a separate forensic instance

C. Ensure that the security groups only allow communication to this forensic instance

D. Terminate the instance

5 / 10

A company has a large set of keys defined in AWS KMS. Their developers frequently use the keys for the applications being developed. What is one of the ways that can be used to reduce the cost of accessing the keys in the AWS KMS service.

A. Enable rotation of the keys

B. Use Data key caching

C. Create an alias of the key

D. Use the right key policy

6 / 10

You are responsible to deploying a critical application onto AWS. Part of the requirements for this application is to ensure that the controls set for this application met PCI compliance. Also there is a need to monitor web application logs to identify any malicious activity. Which of the following services can be used to fulfil this requirement. Choose 2 answers from the options given below

A. Amazon Cloudwatch Logs

B. Amazon VPC Flow Logs

C. Amazon AWS Config

D. Amazon Cloudtrail

7 / 10

You have a requirement to conduct penetration testing on the AWS Cloud for a couple of EC2 Instances. How could you go about doing this? Choose 2 right answers from the options given below.

A. Get prior approval from AWS for conducting the test

B. Use a pre-approved penetration testing tool.

C. Work with an AWS partner and no need for prior approval request from AWS

D. Choose the right AMI for the underlying instance type

8 / 10

Company policy requires that all insecure server protocols, such as FTP, Telnet, HTTP, etc be disabled on all servers. The security team would like to regularly check all servers to ensure compliance with this requirement by using a scheduled CloudWatch event to trigger a review of the current infrastructure.
What process will check compliance of the company’s EC2 instances?

A. Trigger an AWS Config Rules evaluation of the restricted-common-ports rule against every EC2 instance.

B. Query the Trusted Advisor API for all best practice security checks and check for “action recommened” status.

C. Enable a GuardDuty threat detection analysis targeting the port configuration on every EC2 instance.

D. Run an Amazon Inspector assessment using the Runtime Behavior Analysis rules package against every EC2 instance.

9 / 10

A company continually generates sensitive records that it stores in an S3 bucket. All objects in the bucket are encrypted using SSE-KMS using one of the company’s CMKs. Company compliance policies require that no more than one month of data be encrypted using the same encryption key.
What solution below will meet the company’s requirements?

A. Trigger a Lambda function with a monthly CloudWatch event that creates a new CMK and updates the S3 bucket to use the new CMK.

B. Configure the CMK to rotate the key material every month.

C. Trigger a Lambda function with a monthly CloudWatch event that creates a new CMK, updates the S3 bucket to use the new CMK, and deletes the old CMK.

D. Trigger a Lambda function with a monthly CloudWatch event that rotates the key material in the CMK.

10 / 10

When managing permissions for the API gateway, what can be used to ensure that the right level of permissions are given to developers, IT admins and users? These permissions should be easily managed.

A. Use the secure token service to manage the permissions for the different users

B. Use IAM Policies to create different policies for the different types of users.

C. Use the AWS Config tool to manage the permissions for the different users

D. Use IAM Access Keys to create sets of keys for the different types of users.

Your score is

We are offering 350 latest real AWS Certified Security Specialty Exam Questions for practice, which will help you to score higher in your exam.
Aim for above 85% or above in our mock exams before giving the main exam.
Do review wrong & right answers and thoroughly go through explanations provided to each question which will help you understand the question.
Master Cheat Sheet was prepared by instructors which contains personal notes of them for all exam objectives. Carefully written to help you all understand the topics easily. It is recommended to use the Master cheat sheet as a final step of preparation to cram the important topics before the exam.
Weekly updates: We have a dedicated team updating our question bank on a regular basis, based on the feedback of students on what appeared on the actual exam, as well as through external benchmarking.

The AWS Certified Security – Specialty is intended for individuals who perform a security role with at least two years of hands-on experience securing AWS workloads.

Abilities Validated by the Certification

An understanding of specialized data classifications and AWS data protection mechanisms
An understanding of data encryption methods and AWS mechanisms to implement them
An understanding of secure Internet protocols and AWS mechanisms to implement them
A working knowledge of AWS security services and features of services to provide a secure production environment
Competency gained from two or more years of production deployment experience using AWS security services and features
Ability to make tradeoff decisions with regard to cost, security, and deployment complexity given a set of application requirements
An understanding of security operations and risk

Recommended Knowledge and Experience

At least two years of hands-on experience securing AWS workloads
Security controls for workloads on AWS
A minimum of five years of IT security experience designing and implementing security solutions

Refer to our FAQ in case of further questions: https://skillcertpro.com/faq

12 reviews for AWS Certified Security Specialty Exam Questions 2021

Rated 5 out of 5

Anirban Ghosh – September 13, 2020

The content for the explanations was thorough and very specific. I learned a lot from the questions that were right and those that were wrong. Very good supportive detail attached to each test.
Rated 4 out of 5

Ravi Sankar Chamarthi – September 19, 2020

This will surely help you to understand features of AWS services thoroughly. I would suggest to new members. Please go though all explanations given for correct as well as incorrect options given. Passed my exam with good score.
Rated 5 out of 5

Baldeep Bhambra – November 25, 2020

Espectacular. Helps a lot to understand AWS and clarify better each concept in it. Not only for the exam but to know more about AWS Security in many aspects of it. Passed!
Rated 5 out of 5

Jiho Ahn – December 7, 2020

Cleared the exam.

These mock tests would really help anyone who wants to get the certification in less than 1-2 weeks’ time.

Would recommend this test series to everyone.
Rated 5 out of 5

Sona Reddy – December 28, 2020

Very well structured set of questions in each of these sample tests. It was quite similar in difficulty to the questions that I faced in the actual certification exam. Provided a great hand-on experience in how one should go about choosing answers in the multi-choice, as many questions in the actual exam have tricky choices. I would greatly recommend these tests for anyone wishing to take the Security specialty certifications. The recommendation to retake the exams till we achieve 80% consistently was spot on!

I was able to successfully get a passing grade thanks to these!
Rated 5 out of 5

Mohamed Kibriya Kauser – January 21, 2021

Answers with detail description helped me in getting a better understanding of. AWS products and offering as well as the value proposition. I took and passed the exam last Monday with a score of. 947/1000
Rated 5 out of 5

Amit Gupta – February 25, 2021

I feel much more confident after practicing the test. These tests are obviously twisted well which I do recommend. The explanations are very specific and up to the point.
Rated 5 out of 5

Abhinandan Redy – March 30, 2021

The first time I took these practice exams . I like the explanations on the answers of the ones I missed and also the ones I got right to reinforce the concepts. These exams gave me a good feel for what to expect on the exam. I’m now AWS Certified. Thank you!
Rated 5 out of 5

Narendra Mohit – April 12, 2021

I passed the Security Speciality exam with 94%. These practice tests were extremely useful. All the questions are carefully drafted along with detailed explanation for all questions.
Rated 5 out of 5

Kevin Peter – April 16, 2021

A definite must-have if you are planning to take the certification! The exams are continuously updated with the latest exam topics. The explanations are in-depth and well-detailed. I’ve used their other courses to pass my other AWS sysops and solutions rchitect exam.
Rated 5 out of 5

Adam Sojka – June 1, 2021

Guys yesterday i passed my AWS security exam with 912 score. I really recommend you to do this course and have at least 80% scores and above before sitting the real exam. What i like in this course that they have very detailed explanations for the topics and for almost all correct and incorrect answers. Thanks and keep up doing great work!
Rated 5 out of 5

Billy Vollman – June 8, 2021

Solutions to the questions are explained in detail. Queries asked were answered quickly in 24 hrs in detail and satisfactory way. I recommend this course to every cloud aspirant.