A company uses a third-party application to store encrypted data in Amazon S3. The company uses another third-party application trial decrypts the data from Amazon S3 to ensure separation of duties Between the applications A Security Engineer warns to separate the permissions using IAM roles attached to Amazon EC2 instances. The company prefers to use native IAM services. Which encryption method will meet these requirements?
A recent security audit found that IAM CloudTrail logs are insufficiently protected from tampering and unauthorized access Which actions must the Security Engineer take to address these audit findings? (Select THREE )
A company's Security Auditor discovers that users are able to assume roles without using multi- factor authentication (MFA). An example of a current policy being applied to these users is as follows: [image: https://examprepare.s3.amazonaws.com/Amazon/SCS-C01_Exam_Amazon_Specialty_2025_425-0.png] The Security Auditor finds that the users who are able to assume roles without MFA are alt coming from the IAM CLI. These users are using long-term IAM credentials. Which changes should a Security Engineer implement to resolve this security issue? (Select TWO.) A) [image: https://examprepare.s3.amazonaws.com/Amazon/SCS-C01_Exam_Amazon_Specialty_2025_425-1.png] B) [image: https://examprepare.s3.amazonaws.com/Amazon/SCS-C01_Exam_Amazon_Specialty_2025_425-2.png] C) [image: https://examprepare.s3.amazonaws.com/Amazon/SCS-C01_Exam_Amazon_Specialty_2025_425-3.png] D) [image: https://examprepare.s3.amazonaws.com/Amazon/SCS-C01_Exam_Amazon_Specialty_2025_425-4.png] E) [image: https://examprepare.s3.amazonaws.com/Amazon/SCS-C01_Exam_Amazon_Specialty_2025_425-5.png]
A company hosts multiple externally facing applications, each isolated in its own IAM account The company'B Security team has enabled IAM WAF. IAM Config. and Amazon GuardDuty on all accounts. The company's Operations team has also joined all of the accounts to IAM Organizations and established centralized logging for CloudTrail. IAM Config, and GuardDuty. The company wants the Security team to take a reactive remediation in one account, and automate implementing this remediation as proactive prevention in all the other accounts. How should the Security team accomplish this?
A company is using IAM Secrets Manager to store secrets for its production Amazon RDS database. The Security Officer has asked that secrets be rotated every 3 months. Which solution would allow the company to securely rotate the secrets? (Select TWO.)
A corporation is preparing to acquire several companies. A Security Engineer must design a solution to ensure that newly acquired IAM accounts follow the corporation's security best practices. The solution should monitor each Amazon S3 bucket for unrestricted public write access and use IAM managed services. What should the Security Engineer do to meet these requirements?
