- All Exams Instant Download
Which IAM services should be used to meet these requirements?
A company needs a forensic-logging solution for hundreds of applications running in Docker on Amazon EC2 The solution must perform real-time analytics on the togs must support the replay of messages and must persist the logs. Which IAM services should be used to meet these requirements? (Select TWO)A . Amazon...
What should the security engineer recommend?
A company is building an application on IAM that will store sensitive Information. The company has a support team with access to the IT infrastructure, including databases. The company's security engineer must introduce measures to protect the sensitive data against any data breach while minimizing management overhead. The credentials must...
What should a security engineer do to ensure that the EC2 instances are logged?
A company deployed Amazon GuardDuty In the us-east-1 Region. The company wants all DNS logs that relate to the company's Amazon EC2 instances to be inspected. What should a security engineer do to ensure that the EC2 instances are logged?A . Use IPv6 addresses that are configured for hostnames.B ....
What should be done to enable the user to assume the appropriate role in the target account?
A company uses identity federation to authenticate users into an identity account (987654321987) where the users assume an IAM role named IdentityRole. The users then assume an IAM role named JobFunctionRole in the target IAM account (123456789123) to perform their job functions. A user is unable to assume the IAM...
Which solution meets these requirements in the MOST secure way?
A company is building a data processing application mat uses AWS Lambda functions. The application's Lambda functions need to communicate with an Amazon RDS OB instance that is deployed within a VPC in the same AWS account Which solution meets these requirements in the MOST secure way?A . Configure the...
Which solution will meet these requirements MOST securely?
A company uses AWS Organizations to run workloads in multiple AWS accounts Currently the individual team members at the company access all Amazon EC2 instances remotely by using SSH or Remote Desktop Protocol (RDP) The company does not have any audit trails and security groups are occasionally open. The company...
How could you accomplish this in the right way?
You need to create a policy and apply it for just an individual user. How could you accomplish this in the right way?A . Add an IAM managed policy for the userB . Add a service policy for the userC . Add an IAM role for the userD . Add...
Which combination of steps must the security engineer take to meet these requirements?
A security engineer receives an IAM abuse email message. According to the message, an Amazon EC2 instance that is running in the security engineer's IAM account is sending phishing email messages. The EC2 instance is part of an application that is deployed in production. The application runs on many EC2...
Which CMK-related problems possibly account for the error?
A development team is attempting to encrypt and decode a secure string parameter from the IAM Systems Manager Parameter Store using an IAM Key Management Service (IAM KMS) CMK. However, each attempt results in an error message being sent to the development team. Which CMK-related problems possibly account for the...
Which combination of steps should the company take to see findings from accounts that are outside the organization that includes the Security Hub administrator account?
A company that uses AWS Organizations wants to see AWS Security Hub findings for many AWS accounts and AWS Regions. Some of the accounts are in the company's organization, and some accounts are in organizations that the company manages for customers. Although the company can see findings in the Security...
