Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

AWS Certified Security - SpecialtyFree trial

By amazon

Verified

25Q per page

Question 101

A Security Engineer has created an Amazon CloudWatch event that invokes an AWS Lambda function daily. The Lambda function runs an Amazon Athena query that checks AWS CloudTrail logs in Amazon S3 to detect whether any IAM user accounts or credentials have been created in the past 30 days. The results of the
Athena query are created in the same S3 bucket. The Engineer runs a test execution of the Lambda function via the AWS Console, and the function runs successfully.
After several minutes, the Engineer finds that his Athena query has failed with the error message: Insufficient Permissions. The IAM permissions of the Security
Engineer and the Lambda function are shown below:

Security Engineer -

Lambda function execution role -

What is causing the error?

A: The Lambda function does not have permissions to start the Athena query execution.
B: The Security Engineer does not have permissions to start the Athena query execution.
C: The Athena service does not support invocation through Lambda.
D: The Lambda function does not have permissions to access the CloudTrail S3 bucket.

—

Question 102

An organization has a multi-petabyte workload that it is moving to Amazon S3, but the CISO is concerned about cryptographic wear-out and the blast radius if a key is compromised.
How can the CISO be assured that AWS KMS and Amazon S3 are addressing the concerns? (Choose two.)

A: There is no API operation to retrieve an S3 object in its encrypted form.
B: Encryption of S3 objects is performed within the secure boundary of the KMS service.
C: S3 uses KMS to generate a unique data key for each individual object.
D: Using a single master key to encrypt all data includes having a single place to perform audits and usage validation.
E: The KMS encryption envelope digitally signs the master key during encryption to prevent cryptographic wear-out.

—

That’s the end of your free questions

You’ve reached the preview limit for AWS Certified Security - Specialty

Consider upgrading to gain full access!

Page 5 of 21 • Questions 101-125 of 509

←

3 4 5 6 7

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!