Your organization has a policy that mandates the rotation of encryption keys every 12 months. What AWS Key Management Service (KMS) key type would fulfill this requirement?
Your organization has a policy that mandates the rotation of encryption keys every 12 months. What AWS Key Management Service (KMS) key type would fulfill this requirement?
In your organization, it is mandatory that IP packet data is scrutinized for any invalid or harmful content. Which of the below strategies would fulfill this requirement? (Select two)
In your organization, it is mandatory that IP packet data is scrutinized for any invalid or harmful content. Which of the below strategies would fulfill this requirement? (Select two)
An application requires high resilience across different Availability Zones within a primary region, and also needs to be accessible in another region. Regarding the resources encrypted by AWS KMS, which strategy supports these requirements?
An application requires high resilience across different Availability Zones within a primary region, and also needs to be accessible in another region. Regarding the resources encrypted by AWS KMS, which strategy supports these requirements?
A recent audit in your organization, which allows a large number of remote workers to submit data files, showed concerns that data files are not encrypted while in transit over untrusted networks. Which solution would address this audit finding with the least effort required?
A recent audit in your organization, which allows a large number of remote workers to submit data files, showed concerns that data files are not encrypted while in transit over untrusted networks. Which solution would address this audit finding with the least effort required?
As a Security Engineer, you are managing a web application that processes highly sensitive personal data on Amazon EC2. This application has strict compliance requirements demanding that all incoming traffic to the application is protected from common web exploits and that all outbound traffic from the EC2 instances is limited to particular whitelisted URLs. Which architecture should the Security Engineer implement to meet these requirements?
As a Security Engineer, you are managing a web application that processes highly sensitive personal data on Amazon EC2. This application has strict compliance requirements demanding that all incoming traffic to the application is protected from common web exploits and that all outbound traffic from the EC2 instances is limited to particular whitelisted URLs. Which architecture should the Security Engineer implement to meet these requirements?
An Administrator is working through a considerable volume of AWS CloudTrail log files due to a suspected AWS account compromise. What method would most efficiently facilitate a search through the logs?
An Administrator is working through a considerable volume of AWS CloudTrail log files due to a suspected AWS account compromise. What method would most efficiently facilitate a search through the logs?
Among the practices for managing keys with AWS Key Management Service (KMS), which approach would best minimize the potential scope of data exposure in the event of a future key compromise?
Among the practices for managing keys with AWS Key Management Service (KMS), which approach would best minimize the potential scope of data exposure in the event of a future key compromise?
In the aftermath of a DDoS attack that obstructed content delivery on a company's web server, what could be the most effective countermeasure to secure the static site, which is laden with HTML, CSS, and PDF files, and minimize maintenance?
In the aftermath of a DDoS attack that obstructed content delivery on a company's web server, what could be the most effective countermeasure to secure the static site, which is laden with HTML, CSS, and PDF files, and minimize maintenance?
What's the most straightforward strategy for a security team to record and store AWS API call activity for ongoing and future regions in a central repository, allowing for security violation checks?
What's the most straightforward strategy for a security team to record and store AWS API call activity for ongoing and future regions in a central repository, allowing for security violation checks?
Your organization recently discovered unauthorized API activity that could be linked to a compromised root user. The root user created new API keys, and the organization realized that API logging had been disabled. What precautionary measure could have been implemented to both identify and address this issue automatically?
Your organization recently discovered unauthorized API activity that could be linked to a compromised root user. The root user created new API keys, and the organization realized that API logging had been disabled. What precautionary measure could have been implemented to both identify and address this issue automatically?
A Security Engineer has launched two Amazon EC2 instances within the same Amazon VPC but in different Availability Zones. Each instance has a public IP address and can connect to external hosts on the internet. They can communicate with each other using their private IP addresses, but not when using their public IP addresses. What action should the Security Engineer perform to allow communication over the public IP addresses?
A Security Engineer has launched two Amazon EC2 instances within the same Amazon VPC but in different Availability Zones. Each instance has a public IP address and can connect to external hosts on the internet. They can communicate with each other using their private IP addresses, but not when using their public IP addresses. What action should the Security Engineer perform to allow communication over the public IP addresses?
After discovering restricted data placed in several Amazon S3 buckets by various teams, a recent security audit exposed potential data exposure. How can the Security team identify all objects that hold personally identifiable information (PII) and confirm if this data has been accessed?
After discovering restricted data placed in several Amazon S3 buckets by various teams, a recent security audit exposed potential data exposure. How can the Security team identify all objects that hold personally identifiable information (PII) and confirm if this data has been accessed?
Following a transition from Classic Load Balancers to Application Load Balancers to reduce expenses, users of older devices are unable to access the company's website. What could be the reason behind this?
Following a transition from Classic Load Balancers to Application Load Balancers to reduce expenses, users of older devices are unable to access the company's website. What could be the reason behind this?
An organization's database developer has recently transitioned an Amazon RDS database credential to be managed and stored by the AWS Secrets Manager. The rotation of this credential is also activated within the Secrets Manager console and is scheduled to rotate every 30 days. Unexpectedly, some applications have encountered authentication errors not long after this change was implemented. What is the primary cause of these authentication errors?
An organization's database developer has recently transitioned an Amazon RDS database credential to be managed and stored by the AWS Secrets Manager. The rotation of this credential is also activated within the Secrets Manager console and is scheduled to rotate every 30 days. Unexpectedly, some applications have encountered authentication errors not long after this change was implemented. What is the primary cause of these authentication errors?