Infosys Certified AWS Security Specialty
Practice with real exam-pattern questions for Infosys Certified AWS Security Specialty. Each question includes a detailed explanation to help you understand the concept, not just memorise the answer. Try 10 questions free — no login required.
Full question bank for this exam + 1,357+ others. Cancel anytime.
Join Premium10 Infosys Certified AWS Security Specialty practice questions with answers
Real Lex exam-pattern multiple-choice questions for the Infosys Certified AWS Security Specialty certification. Each question includes the correct answer. The full question bank is available to Premium members.
- Question 1
Most of your Infrastructure is on premises and you have a small footprint on AWS. Your company has decided to roll out a new application that is heavily dependent on low latency connectivity to LDAP for authentication. Your security policy requires minimal changes to the company's existing application user management processes. What option would you implement to successfully launch this application?
- ✓Establish a VPN connection so your applications can authenticate against your existing on-premises LDAP servers.Correct
- BCreate a second, independent LDAP server in AWS for your application to use for authentication.
- CEstablish a VPN connection between your data center and AWS. Create a LDAP replica on AWS and configure your application to use the LDAP replica for authentication.
- DCreate a second LDAP domain on AWS establish a VPN connection to establish a trust relationship.
- Question 2
You currently operate a web application In the AWS US-East region. The application runs on an auto-scaled layer of EC2 instances and an RDS Multi-AZ database. Your IT security compliance officer has tasked you to develop a reliable and durable logging solution to track changes made to your EC2, IAM and RDS resources. The solution must ensure the integrity and confidentiality of your log data. Which of these solutions would you recommend?
- ✓Create a new CloudTrail trail with one new S3 bucket to store the logs and with the global services option selected. Use IAM roles or S3 bucket policies and Multi Factor Authentication (MFA) Delete on the S3 bucket that stores your logs.Correct
- BCreate a new CloudTrail with one new S3 bucket to store the logs. Configure SNS to send log file delivery notifications to your management system. Use IAM roles and S3 bucket policies on the S3 bucket mat stores your logs.
- CCreate a new CloudTrail trail with an existing S3 bucket to store the logs and with the global services option selected. Use S3 ACLs and Multi Factor Authentication (MFA) Delete on the S3 bucket that stores your logs.
- DCreate three new CloudTrail trails with three new S3 buckets to store the logs one for the AWS Management console, one for AWS SDKs and one for command line tools. Use IAM roles and S3 bucket policies on the S3 buckets that store your logs.
- Question 3
A sports broadcasting channel has uploaded past sporting events to S3 bucket. They have enabled CDN using CloudFront to allow users across globe to access this content at lower latencies. They want to prevent users from directly accessing the content from S3 bucket. However, CloudFront IP ranges must be allowed to access S3 bucket and content. Which of the following is the best solution that you can recommend?
- ✓Trigger a Lambda function on receiving an SNS notification as and when AWS CloudFront IP ranges change. Lambda function updates the Security Groups with the updated IP ranges to allow CloudFront to access S3 bucket.Correct
- BDeploy an EC2 instance with a piece of code to poll for changes in CloudFront IP ranges and update the Security Groups.
- CCreate an Amazon CloudWatch event to update Security Groups at regular intervals with the updated CloudFront IP address ranges
- DAll of the given options
- Question 4
You are a designated security engineer for IT operations. An enterprise has recently migrated their workload to AWS. In the quest to improve authentication and authorization, you have been asked to evaluate and update the way IAM roles have been used in the enterprise AWS account. In which of the following scenarios, would you use IAM roles?
- ✓One service needs to access another AWS serviceCorrect
- BYou need to access resources from on AWS account from another AWS account
- CYou need to enable federated access using Google, Facebook etc.
- DAll of the given options
- Question 5
You are asked to improve the security of the workload deployed on AWS infrastructure. Which of following would be your top priority implementations?
- ✓Use Multi Factor AuthenticationCorrect
- BCentralize AWS Cloud Trail Logs
- CRemediate on GuardDuty findings
- DRotate Access keys
- EAll of the given options
- Question 6
You are a designated security expert for an enterprise that has recently migrated the workload to AWS. In the quest to improve the security posture of the architecture, you are asked to identify sensitive data disclosure through the NoSQL database used in the architecture. Choose the appropriate option from the following?
- ✓Deploy a Lambda function to read the data from DynamoDB and write to specific S3 bucket. Enable Macie on the bucket to classify and discover sensitive data.Correct
- BDeploy a custom script on EC2 instance to periodically retrieve data from DynamoDB and identify any potential sensitive data disclosure.
- CPlace the DynamoDB in a private subnet to deny public access to sensitive data.
- DDeploy a Lambda function to read data from DynamoDB and write to specific S3 bucket. Perform Inspector vulnerability scanning on the data to classify and discover sensitive data.
- Question 7
You are a security director for IT operations wing in a multi-national company. You are entrusted with the responsibility to monitor and proactively improve the security posture of the IT infrastructure deployed on AWS. Which of the following solutions would you adopt?
- ✓Enable Security Hub in the AWS account and set up security services like GuardDuty, Inspector, Macie etc. Set up CloudWatch time-based event to trigger a summary e-mail once in a week.Correct
- BWrite a custom script to collect data from GuardDuty, Inspector, Macie and analyze the data using Athena for insights on malicious requests.
- CUse CloudTrail to determine the risk of security threat and make changes to recover from the attack.
- DAnalyze the security flaws in the architecture through AWS Trusted Advisor and perform quick fix.
- Question 8
A company wants to control access to its AWS resources by using identities and groups that are defined in its existing organizational Microsoft Active Directory. What must the company create in its AWS account to map permissions for AWS services to Active Directory user attributes?
- ✓AWS AD connectorCorrect
- BAWS IAM users
- CAWS IAM roles
- DAWS Single-SignOn
- Question 9
Recently you have observed strange pattern of resource creation and modification in your AWS account. You suspect intrusion in your AWS account. Which of the following activities should you immediately perform?
- ✓Change your AWS root account password.Correct
- BRotate or delete AWS access keys
- CVerify and delete any potentially unauthorized IAM users
- DChange password for all IAM users
- EAll of the given options
- Question 10
You are a security advisor for an enterprise that has deployed applications in AWS. You want to analyze user activity in order to find out any misuse of access keys in the account. Which of the following options is the appropriate solution?
- ✓Search user activity in the Amazon CloudTrail console.Correct
- BStore the CloudTrail logs into S3 bucket. Query the logs directly from S3, using Athena.
- CUse Amazon CloudWatch to set alarms on suspected user activity
- DUse AWS Config to validate the infrastructure configuration and update desired configuration at intervals.
More in Cloud
Infosys Certified Google Professional Cloud Security Engineer
Infosys Certified AWS Cloud Beginner
Infosys Certified Google Cloud Digital Leader
Pay once. Clear every cert this year.
One subscription, full Telegram channel access, every PDF posted during your membership.
- Full access to all 1,357+ certifications
- Monthly updated question banks
- Telegram private channel access
- Cancel anytime
- Everything in Monthly
- Save ₹2,100 vs monthly billing
- Priority answer key requests
- Best for increasing DQ score fast
- Everything in Quarterly
- Lifetime channel access — no renewals
- All future certifications included
- Priority response from admin team
Common questions, straight answers.
A monthly-updated Telegram channel where we post real exam-pattern question banks and detailed answer keys for 1,357+ Infosys Lex certifications. You join once, you get every PDF posted during your membership.
Right after payment on our Graphy page, you'll receive a private invite link to the Telegram channel. Access is instant — usually under 30 seconds.
We compile question banks from the actual Lex test pattern, sourced and verified by 180K+ community members who've recently cleared these exams. Match rate is consistently 85–95%.
Every single month. When Infosys rolls out new versions of certifications, we post updated dumps within 7–10 days. You'll see channel activity weekly.
Clearing certifications is one of the highest-weighted DQ factors. Members typically clear 3–5 certifications in their first 3 months, which moves DQ scores up by a full band.