Many thanks to AcloudGuru and the people that posts to this forum, that make it possible for Acloudguru update it’s course. I finished my trainning when AcloudGuru updated it’s course with content about Athena, Macie, etc. So, I think that in my exam today, I had some uncovered topics. Another big help was the WhizLabs questions too.
My exam was very, very, very hard, it’s scope was so beyond AcloudGuru and WhizLabs.
One key point about the trainning, please, pay atention to that AcloudGuru says in the course, because this is much more important than the slides, these tips helped a lot.
No questions about CloudHSM nor Shared Responsability Model.
Please, don’t try to pass the AWS Security Specialty Exam by learning about how to answer the questions, instead, be a high skilled professional, in this way you have more chances to be approved!
I have deep experience with AWS, Microsoft, mainly with Active Directory, Linux Servers and FreeBSD. I also have advanced network and security skills.
These above lines with AcloudGuru course, it’s forum, WhizLabs and many, many labs resume my success in the exam today.
I will update my post in the future with more details.
Here are some details about the questions that I remember:
Application servers use an S3 rule associated with EC2 instance to access S3 buckets
You suspect that a server x in account 1 is leaking confidential information through
of an account 2, in which hackers have control over the account and its buckets
The x server needs access to S3 buckets and connects to the internet through a proxy
Users use replicated resources in other regions where they need to use the same KMS key
to encrypt and decrypt these resources
Prevention of DDos attacks in layer 7 the easiest way for multiple instances EC2, IPs in each
You have static files on a web server made available in a single AZ
How to prevent DDOS attacks on this server?
Using an Application Load Balancer behind CloudFront?
Terminate the WEB server and use CloudFront with S3?
You use OUs in your AWS account, the root user is only used for billing in the main OU
How to prevent your administrative access to daughter OUs?
You use OUs in your AWS account where there is a group that needs access to billing attached to OU
Financial, how to grant this access in the main OU?
You want to use your AD to grant permissions to AWS resources, so you created another AD in AWS, but this one
new AD can not access your AD On premises, only On-Premises can access the AWS AD
Lambda permissions to access the encrypted Parameter Store to access an RDS
Prevent attacks by decreasing surface attacks
subnet, or firewall rules that act at the Hypervisor level?
Lambda function activated via CloudWatch event, which uses Athena to filter CloudTrail logs on S3
User Permissions – User 1 and Lambda
Users of another AWS account accessing data in their AWS account on S3 with KMS certificate turnover
An application gets an error message when trying to use a KMS key, what’s the problem?
An EC2 instance does not initialize with an encrypted volume, in which the encryption key has been deleted
Rotativity of S3 /?
Lambda function to automatically activate VPC Flow Logs or CloudWatch Event?
Encryption between proprietary application On-premises and Instances EC2, ALB, ELB?
Disable Vault Lock, correct it, and re enable?
Custom SSL certificate, CloudFront, ALB in another region, how many certificates?
Congrats on passing! We have updated our course quite a bit since you sat the exam, but thanks a lot for your feedback!