A Developer's unencrypted laptop, which contained the SSH key used to access multiple Amazon EC2 instances, was stolen. The SSH key hasn't been used so far and port 22 to all EC2 instances has been blocked by a Security Engineer. How can the Security Engineer further safeguard the currently running instances?
A Developer's unencrypted laptop, which contained the SSH key used to access multiple Amazon EC2 instances, was stolen. The SSH key hasn't been used so far and port 22 to all EC2 instances has been blocked by a Security Engineer. How can the Security Engineer further safeguard the currently running instances?
The DevOps team encounters an error message every time they try to encrypt or decrypt a Secure String parameter from the SSM Parameter Store using an AWS KMS customer managed key (CMK). What could be the underlying issues related to CMK? (Select two.)
The DevOps team encounters an error message every time they try to encrypt or decrypt a Secure String parameter from the SSM Parameter Store using an AWS KMS customer managed key (CMK). What could be the underlying issues related to CMK? (Select two.)
A Software Engineer has developed a custom reporting service for a fleet of Amazon EC2 instances. As per the company security policy, the application logs for the reporting service must be centrally collected. Which solution would be the most efficient for meeting these requirements?
A Software Engineer has developed a custom reporting service for a fleet of Amazon EC2 instances. As per the company security policy, the application logs for the reporting service must be centrally collected. Which solution would be the most efficient for meeting these requirements?
Observe the following AWS Key Management Service (KMS) policy attached to a customer master key (CMK). This policy was configured for the user 'SampleUser' in account '444455556666'. What are the implications of this setup?
Observe the following AWS Key Management Service (KMS) policy attached to a customer master key (CMK). This policy was configured for the user 'SampleUser' in account '444455556666'. What are the implications of this setup?
A Security Engineer has received an AWS Abuse Notice detailing abuse from certain EC2 instance IDs. Which steps should be taken in response to this situation? Choose three.
A Security Engineer has received an AWS Abuse Notice detailing abuse from certain EC2 instance IDs. Which steps should be taken in response to this situation? Choose three.
A Security Architect needs to ensure the encryption keys used in an AWS service meet specific regulatory standards. What is the appropriate course of action?
A Security Architect needs to ensure the encryption keys used in an AWS service meet specific regulatory standards. What is the appropriate course of action?
Please examine the following segment of an AWS Key Management Service (KMS) key policy within your AWS account. What permissions does this policy confer?
Please examine the following segment of an AWS Key Management Service (KMS) key policy within your AWS account. What permissions does this policy confer?
A Security Administrator is setting up an Amazon S3 bucket and needs to satisfy the following security requirements: Encryption in transit, Encryption at rest, Logging of all object retrievals in AWS CloudTrail. What would meet these requirements? Choose three.
A Security Administrator is setting up an Amazon S3 bucket and needs to satisfy the following security requirements: Encryption in transit, Encryption at rest, Logging of all object retrievals in AWS CloudTrail. What would meet these requirements? Choose three.
An organization has deployed tens of applications on thousands of Amazon EC2 instances. For testing, the Application team needs to know whether the network ACLs and security groups are functioning as expected. What would be an efficient way to meet this requirement?
An organization has deployed tens of applications on thousands of Amazon EC2 instances. For testing, the Application team needs to know whether the network ACLs and security groups are functioning as expected. What would be an efficient way to meet this requirement?
Changes were recently made to IAM on an account, and an application that publishes custom metrics to Amazon CloudWatch is no longer able to report metrics. What's the least permissive solution to resume the metric delivery?
Changes were recently made to IAM on an account, and an application that publishes custom metrics to Amazon CloudWatch is no longer able to report metrics. What's the least permissive solution to resume the metric delivery?