ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 126 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 126
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A corporate cloud security policy states that communications between the company's VPC and KMS must travel entirely within the AWS network and not use public service endpoints.
Which combination of the following actions MOST satisfies this requirement? (Choose two.)

  • A. Add the aws:sourceVpce condition to the AWS KMS key policy referencing the company's VPC endpoint ID.
  • B. Remove the VPC internet gateway from the VPC and add a virtual private gateway to the VPC to prevent direct, public internet connectivity.
  • C. Create a VPC endpoint for AWS KMS with private DNS enabled.
  • D. Use the KMS Import Key feature to securely transfer the AWS KMS key over a VPN.
  • E. Add the following condition to the AWS KMS key policy: "aws:SourceIp": "10.0.0.0/16".
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by awssecuritynewbie at March 18, 2020, 9:54 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Larsson
Highly Voted 3 years, 9 months ago
AC for sure
upvoted 20 times
ramozo
3 years, 9 months ago
https://docs.aws.amazon.com/kms/latest/developerguide/kms-vpc-endpoint.html
upvoted 6 times
...
...
Meta512
Highly Voted 2 years, 5 months ago
Selected Answer: AC
Import Key is not applicable here
upvoted 5 times
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: AC
Correct answers AC
upvoted 1 times
...
IBANGA007
2 years, 6 months ago
Selected Answer: CD
C. Create a VPC endpoint for AWS KMS with private DNS enabled. D. Use the KMS Import Key feature to securely transfer the AWS KMS key over a VPN. To ensure that communications between the company's VPC and KMS travel entirely within the AWS network and do not use public service endpoints, the following actions should be taken: Create a VPC endpoint for AWS KMS with private DNS enabled. This will allow the company's VPC to communicate with KMS without the need to traverse the public internet. Use the KMS Import Key feature to securely transfer the AWS KMS key over a VPN. This will ensure that the key is securely transferred to the company's VPC without the need to traverse the public internet.
upvoted 1 times
...
jAWStest
2 years, 7 months ago
Selected Answer: AC
Explanation is correct
upvoted 2 times
...
roger8978
3 years, 6 months ago
AC... easy
upvoted 1 times
...
kiev
3 years, 8 months ago
Ac for me as well
upvoted 3 times
...
refuz
3 years, 8 months ago
A and C
upvoted 3 times
...
gfhbox0083
3 years, 9 months ago
A, C, for sure.
upvoted 2 times
...
xaccan
3 years, 9 months ago
AC 100%
upvoted 1 times
...
Raj9
3 years, 9 months ago
a,c for sure
upvoted 1 times
...
RaySmith
3 years, 9 months ago
AC for me
upvoted 1 times
...
awssecuritynewbie
3 years, 9 months ago
A & Cis correct
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel