A company is using AWS Organization to manage 50 AWS accounts. The finance staff members need to read the consolidated billing information in the MasterPayer AWS account while being restricted from viewing any other resources. IAM access to billing has been enabled in the MasterPayer account. How can the finance staff be granted the necessary permissions without any excessive permissions?
A company is using AWS Organization to manage 50 AWS accounts. The finance staff members need to read the consolidated billing information in the MasterPayer AWS account while being restricted from viewing any other resources. IAM access to billing has been enabled in the MasterPayer account. How can the finance staff be granted the necessary permissions without any excessive permissions?
The Amazon CloudWatch Logs agent is effectively delivering logs to the CloudWatch Logs service. However, after a particular number of hours, logs stop being delivered. Which steps should be taken to identify the cause of this issue? Choose two.
The Amazon CloudWatch Logs agent is effectively delivering logs to the CloudWatch Logs service. However, after a particular number of hours, logs stop being delivered. Which steps should be taken to identify the cause of this issue? Choose two.
A cybersecurity specialist is tasked with investigating an issue where one web server among several others is not accepting inbound connections from the internet. After confirming the accuracy of the rule sets in the Security Groups, network ACLs, and virtual appliance, what additional elements should the specialist inspect to resolve this issue? Choose two.
A cybersecurity specialist is tasked with investigating an issue where one web server among several others is not accepting inbound connections from the internet. After confirming the accuracy of the rule sets in the Security Groups, network ACLs, and virtual appliance, what additional elements should the specialist inspect to resolve this issue? Choose two.
A Software Engineer is struggling with network connectivity issues to an Amazon EC2 instance. The instance's security group permits inbound HTTP traffic from 0.0.0.0/0, and the outbound rules are default. The subnet's custom network ACL also allows inbound HTTP traffic from 0.0.0.0/0 but has no outbound rules. What's the solution to this connectivity problem?
A Software Engineer is struggling with network connectivity issues to an Amazon EC2 instance. The instance's security group permits inbound HTTP traffic from 0.0.0.0/0, and the outbound rules are default. The subnet's custom network ACL also allows inbound HTTP traffic from 0.0.0.0/0 but has no outbound rules. What's the solution to this connectivity problem?
As a Security Engineer, you're tasked with developing an automated process to disable IAM user access keys that are older than three months. Which option would be the most effective?
As a Security Engineer, you're tasked with developing an automated process to disable IAM user access keys that are older than three months. Which option would be the most effective?
The InfoSec team at your organization has mandated that only approved Amazon Machine Images (AMIs) can be used in the future. What is the most efficient way for the InfoSec team to ensure this compliance?
The InfoSec team at your organization has mandated that only approved Amazon Machine Images (AMIs) can be used in the future. What is the most efficient way for the InfoSec team to ensure this compliance?
In a scenario where a company has deployed a custom DNS server in AWS, a security engineer wishes to restrict Amazon EC2 instances from using the Amazon-provided DNS. What approach should the engineer take to block access to the Amazon-provided DNS within the VPC?
In a scenario where a company has deployed a custom DNS server in AWS, a security engineer wishes to restrict Amazon EC2 instances from using the Amazon-provided DNS. What approach should the engineer take to block access to the Amazon-provided DNS within the VPC?
A security engineer has just created an AWS Key Management Service (AWS KMS) key with a specific policy. The key policy includes permissions to perform all "kms:" actions for the principal identified as the root user of the AWS account 111122223333. What would be the implications of this key policy? (Choose two.)
A security engineer has just created an AWS Key Management Service (AWS KMS) key with a specific policy. The key policy includes permissions to perform all "kms:" actions for the principal identified as the root user of the AWS account 111122223333. What would be the implications of this key policy? (Choose two.)
A company has set up multiple production AWS accounts, each with AWS CloudTrail configured to log to a single Amazon S3 bucket in a central account. However, two of the production accounts are not logging anything to the S3 bucket. What steps should be taken to troubleshoot this issue? Choose three.
A company has set up multiple production AWS accounts, each with AWS CloudTrail configured to log to a single Amazon S3 bucket in a central account. However, two of the production accounts are not logging anything to the S3 bucket. What steps should be taken to troubleshoot this issue? Choose three.