A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR 126.96.36.199/16. The public subnet uses CIDR 188.8.131.52/24. The user Is planning to host a web server In the pub subnet with port 80 and a Database server in the private subnet with port 3306. The user is configuring a security group for the public subnet (WebSecGrp) and the private subnet (DBSecGrp). which of the below mentioned entries is required in the private subnet database security group DBSecGrp? Please select
Allow Inbound on port 3306 for Source Web Server Security Group WebSecGrp.
Allow Inbound on port 3306 from source 184.108.40.206/16
Allow Outbound on port 3306 for Destination Web Server Security Group WebSecGrp.
Allow Outbound on port 80 for Destination NAT Instance IP
You are planning to use AWS Config to check the configuration of the resources in your AWS account. You are planning on using an existing lAM role and using it for the AWS Config resource. Which of the following 0 required to ensure the AWS config service can work as required? Please select:
Ensure that there is a trust policy in place for the AWS Config service within the role
Ensure that there Is a grant policy In place for the AWS Conflg service within the role
Ensure that there is a user policy in place for the AWS Config service within the role
Ensure that there is a group policy in place for the AWS Config service within the role
Your developer is using the KMS service and an assigned key in their Java program. They get the below erro when running the code arn:aws:iam::1 1374538871 2:user!UserB Is not authorized to perform: kms:DescribeKey Which of the following could help resolve the issue? Please select:
Ensure that User B is given the right lAM role to access the key
Ensure that User B Is given the right permissions In the lAM policy
Ensure that User B is given the right permissions in the Key policy
Ensure that User B is given the right permissions in the Bucket policy
Your company has an external web site. This web site needs to access the objects in an S3 bucket. Which of the following would allow the web site to access the objects in the most secure manner? Please select:
Grant public access for the bucket via the bucket policy
Use the aws:Referer key in the condition clause for the bucket policy
Use the aws:sites key in the condition clause for the bucket policy
Grant a role that can be assumed by the web site
Your IT Security team has identified a number of vulnerabilities across critical EC2 Instances in the company SWS Account. Which would be the easiest way to ensure these vulnerabilities are remediated? Please select
Create AWS Lambda functions to download the updates and patch the servers.
Use AWS CLI commands to download the updates and patch the servers.
Use AWS Inspector to patch the servers
Use AWS Systems Manager to patch the servers