Security Engineering on AWS (Final test)

Can an Service Control Policy (SCP) effects to permission of an individual account in its AWS Organizations?

Which AWS service can rotate, manage, and retrieve database credentials throughout their lifecycle?

What AWS services/features help you to troubleshoot network security? (Select TWO.)

A secure web application runs in an Amazon VPC that has a public subnet and a private subnet. An Application Load Balancer is deployed into the public subnet. Each subnet has a separate Network ACL.

The public subnet CIDR range is 10.1.0.0/24 and the private subnet CIDR range is 10.1.1.0/24.

The web application is deployed on Amazon EC2 instances in the private subnet. Which combination of rules should be defined on the private subnet’s Network ACL to allow access from internet-based clients?

(Select TWO.)

Which of the following AWS services can help you implement DDoS mitigation? (Choose THREE.)

Alice has currently permission to access all actions of S3, EC2 services. When she assume a role which allows all actions of EC2 and Lambda, then what services Alice can access to?

Amazon Detective is a service used in what following stage of Layered Security Services?

Which of the following data storage services supports Amazon Macie for sensitive data monitoring?

The following diagram represents how you have organized your company’s AWS accounts using AWS Organizations. You now want to apply a policy to organizational unit #4 (OU4) that prevents only users from within that OU from deleting Amazon Elastic Compute Cloud (Amazon EC2) Flow Logs. What is the most effective way of accomplishing this? 

We can apply an IAM role to IAM group(s). True or False?