A security engineer recently rotated the host keys for an Amazon EC2 instance. The security engineer is trying to access the EC2 instance by using the EC2 Instance Connect feature. However, the security engineer receives an error for failed host key validation. Before the rotation of the host keys, EC2 Instance Connect worked correctly with this EC2 instance.
What should the security engineer do to resolve this error?
A company receives an alert from AWS Support. The alert shows a compromised access key on a single standalone AWS account. A security engineer must determine the scope of the issue. Then, the security engineer must triage and remediate the issue.
Which solution will meet these requirements?
A company has an Amazon RDS database. The database contains sensitive data that is shared across teams in the company. The company needs a solution to detect anomalous logins to the database. The solution must notify an existing Amazon SNS topic when anomalous logins occur.
Which solution will meet these requirements?
A company uses an incident response team to troubleshoot incidents. The incident response team must use temporary credentials from AWS STS for cross-account IAM role access when troubleshooting. Occasionally, each team member will need to respond to multiple different types of incidents simultaneously. Based on the type of incident, the company wants to dynamically assign minimal permissions to whichever team member responds.
Which solution will meet these requirements?
A company uses an organization in AWS Organizations and AWS IAM Identity Center to manage its AWS environment. The company configures IAM Identity Center to access the company’s on-premises Active Directory through a properly configured AD Connector. All the company’s employees are in an Active Directory group namedCloud.
The employees can view and access nearly all the AWS accounts in the organization, and the employees have the permissions that they require. However, the employees cannot access an account namedAccount A. The company verifies that Account A exists in the organization.
What is the likely reason that the employees are unable to access Account A?
A company has a compliance requirement to encrypt all data in transit. The company recently discovered an Amazon Aurora cluster that does not meet this requirement.
How can the company enforce encryption for all connections to the Aurora cluster?
A company is expanding its group of stores. On the day that each new store opens, the company wants to launch a customized web application for that store. Each store ' s application will have a non-production environment and a production environment. Each environment will be deployed in a separate AWS account. The company uses AWS Organizations and has an OU that is used only for these accounts.
The company distributes most of the development work to third-party development teams. A security engineer needs to ensure that each team follows the company ' s deployment plan for AWS resources. The security engineer also must limit access to the deployment plan to only the developers who need access. The security engineer already has created an AWS CloudFormation template that implements the deployment plan.
What should the security engineer do next to meet the requirements in theMOST secureway?
A company’s platform has grown rapidly over the past 6 months. The company’s platform architecture evolved quickly to accommodate the growth. The company’s development team has been deploying features quickly by using different AWS services. The development team has not performed formal architecture reviews.
The company needs to evaluate its security posture against AWS security best practices.
Which solution will meet these requirements?
A company creates AWS Lambda functions from container images that are stored in Amazon Elastic Container Registry (Amazon ECR). The company needs to identify any software vulnerabilities in the container images and any code vulnerabilities in the Lambda functions.
Which solution will meet these requirements?
A security team manages a company’s AWS Key Management Service (AWS KMS) customer managed keys. Only members of the security team can administer the KMS keys. The company ' s application team has a software process that needs temporary access to the keys occasionally. The security team needs to provide the application team ' s software process with access to the keys.
Which solution will meet these requirements with the LEAST operational overhead?