A company uses Amazon EC2 as its primary compute platform. A DevOps team wants to audit the company ' s EC2 instances to check whether any prohibited applications have been installed on the EC2 instances.
Which solution will meet these requirements with the MOST operational efficiency?
A security review has identified that an AWS CodeBuild project is downloading a database population script from an Amazon S3 bucket using an unauthenticated request. The security team does not allow unauthenticated requests to S3 buckets for this project.
How can this issue be corrected in the MOST secure manner?
A production account has a requirement that any Amazon EC2 instance that has been logged in to manually must be terminated within 24 hours. All applications in the production account are using Auto Scaling groups with the Amazon CloudWatch Logs agent configured.
How can this process be automated?
A DevOps engineer at a company maintains a Git repository that contains AWS Cloud Development Kit (AWS CDK) constructs that are written in TypeScript. Many of the company’s applications use the AWS CDK constructs.
The company uses AWS CodePipeline, AWS CodeBuild, and AWS CodeDeploy. The company used AWS CodeConnections to set up its Git source code provider. Each application has its own Git repository configured as a source action within the application’s pipeline.
The DevOps engineer must ensure that new releases to the AWS CDK constructs that are qualified for use in production are immediately made available across all applications. The company uses semantic versioning to assign version numbers to releases that can be used in production.
Which solution will meet these requirements?
A company manages a multi-tenant environment in its VPC and has configured Amazon GuardDuty for the corresponding AWS account. The company sends all GuardDuty findings to AWS Security Hub.
Traffic from suspicious sources is generating a large number of findings. A DevOps engineer needs to implement a solution to automatically deny traffic across the entire VPC when GuardDuty discovers a new suspicious source.
Which solution will meet these requirements?
A company has application code in an AWS CodeConnections compatible Git repository. The company wants to configure unit tests to run when pull requests are opened. The company wants to ensure that the test status is visible in pull requests when the tests are completed. The company wants to save output data files that the tests generate to an Amazon S3 bucket after the tests are finished. Which combination of solutions will meet these requirements? (Select THREE.)
A company has configured Amazon RDS storage autoscaling for its RDS DB instances. A DevOps team needs to visualize the autoscaling events on an Amazon CloudWatch dashboard. Which solution will meet this requirement?
A company manages a large fleet of Amazon EC2 Linux instances in its production AWS account by using AWS Systems Manager . The EC2 instances must comply with a list of compliance requirements.
The company ' s DevOps engineers wrote Chef cookbooks to detect and remediate configuration deviations. The company does not want to manage a Chef server and agent infrastructure.
The DevOps engineers need to set up the Chef cookbooks to run periodically on the EC2 instances.
Which solution will meet these requirements?
A DevOps learn has created a Custom Lambda rule in AWS Config. The rule monitors Amazon Elastic Container Repository (Amazon ECR) policy statements for ecr: ' actions. When a noncompliant repository is detected, Amazon EventBridge uses Amazon Simple Notification Service (Amazon SNS) to route the notification to a security team.
When the custom AWS Config rule is evaluated, the AWS Lambda function fails to run.
Which solution will resolve the issue?
A company manages shared libraries across development and production accounts with IAM roles and CodePipeline/CDK. Developers must be the only ones to access latest versions. Shared packages must be independently tested before production.
Which solution meets these requirements?