You currently operate a web application In the AWS US-East region. The application runs on an auto-scaled layer of EC2 instances and an RDS Multi-AZ database. Your IT security compliance officer has tasked you to develop a reliable and durable logging solution to track changes made to your EC2.IAM and RDS resources. The solution must ensure the integrity and confidentiality of your log dat
a. Which of these solutions would you recommend?
Please select:

• A.Create a new CloudTrail trail with one new S3 bucket to store the logs and with the global services option selected. Use IAM roles S3 bucket policies and Mufti Factor Authentication (MFA) Delete on the S3 bucket that stores your logs.
• B.Create a new CloudTrail with one new S3 bucket to store the logs. Configure SNS to send log file delivery notifications to your management system. Use IAM roles and S3 bucket policies on the S3 bucket that stores your logs.
• C.Create a new CloudTrail trail with an existing S3 bucket to store the logs and with the global services option selected. Use S3 ACLsand Multi Factor Authentication (MFA) Delete on the S3 bucket that stores your logs.
• D.Create three new CloudTrail trails with three new S3 buckets to store the logs one for the AWS Management console, one for AWS SDKs and one for command line tools. Use IAM roles and S3 bucket policies on the S3 buckets that store your logs.

Comment: *

Name: *

Email: *

Verification: *

Developers in an organization have moved from a standard application deployment to containers. The Security Engineer is tasked with ensuring that containers are secure.
Which strategies will reduce the attack surface and enhance the security of the containers? (Choose two.)

• A.Limit resource consumption (CPU, memory), networking connections, ports, and unnecessary container libraries.
• B.Enable container breakout at the host kernel.
• C.Segregate container by host, function, and data classification.
• D.Use Docker Notary framework to sign task definitions.
• E.Use the containers to automate security deployments.

Comment: *

Name: *

Email: *

Verification: *

Your company has a set of 1000 EC2 Instances defined in an AWS Account. They want to effectively automate several administrative tasks on these instances. Which of the following would be an effective way to achieve this?
Please select:

• A.Use the AWS Systems Manager Parameter Store
• B.Use the AWS Systems Manager Run Command
• C.Use the AWS Inspector
• D.Use AWS Config

Comment: *

Name: *

Email: *

Verification: *

Your company has defined privileged users for their AWS Account. These users are administrators for key resources defined in the company. There is now a mandate to enhance the security authentication for these users. How can this be accomplished?
Please select:

• A.Enable MFA for these user accounts
• B.Enable versioning for these user accounts
• C.Enable accidental deletion for these user accounts
• D.Disable root access for the users

Comment: *

Name: *

Email: *

Verification: *

A company requires that SSH commands used to access its AWS instance be traceable to the user who executed each command.
How should a Security Engineer accomplish this?

• A.Deny inbound access on port 22 at the security group attached to the instance Use AWS Systems Manager Session Manager tor shell access to Amazon EC2 instances with the user tag defined Enable Amazon CloudWatch togging for Systems Manager sessions
• B.Use Amazon S3 to securely store one Privacy Enhanced Mail Certificate (PEM file) for each user Allow Amazon EC2 to read from Amazon S3 and import every user that wants to use SSH to access EC2 instances Allow inbound access on port 22 at the security group attached to the instance Install the Amazon CloudWatch agent on the EC2 instance and configure it to ingest audit logs for the instance
• C.Allow inbound access on port 22 at the security group attached to the instance Use AWS Systems Manager Session Manager for shell access to Amazon EC2 instances with the user tag defined Enable Amazon CloudWatch togging tor Systems Manager sessions
• D.Use Amazon S3 to securely store one Privacy Enhanced Mall Certificate (PEM fie) for each team or group Allow Amazon EC2 to read from Amazon S3 and import every user that wants to use SSH to access EC2 instances Allow inbound access on pod 22 at the security group attached to the instance Install the Amazon CloudWatch agent on the EC2 instance and configure it to ingest audit logs for the instance

Comment: *

Name: *

Email: *

Verification: *