A Security Engineer is troubleshooting an issue with a company's custom logging application. The application logs are written to an Amazon S3 bucket with event notifications enabled to send events lo an Amazon SNS topic. All logs are encrypted at rest using an IAM KMS CMK. The SNS topic is subscribed to an encrypted Amazon SQS queue. The logging application polls the queue for new messages that contain metadata about the S3 object. The application then reads the content of the object from the S3 bucket for indexing. The Logging team reported that Amazon CloudWatch metrics for the number of messages sent or received is showing zero. No togs are being received. What should the Security Engineer do to troubleshoot this issue? A) Add the following statement to the IAM managed CMKs: [image: https://examprepare.s3.amazonaws.com/Amazon/SCS-C01_Exam_Amazon_Specialty_2025_428-0.png] B) Add the following statement to the CMK key policy: [image: https://examprepare.s3.amazonaws.com/Amazon/SCS-C01_Exam_Amazon_Specialty_2025_429-0.png] C) Add the following statement to the CMK key policy: [image: https://examprepare.s3.amazonaws.com/Amazon/SCS-C01_Exam_Amazon_Specialty_2025_429-1.png] D) Add the following statement to the CMK key policy: [image: https://examprepare.s3.amazonaws.com/Amazon/SCS-C01_Exam_Amazon_Specialty_2025_429-2.png]
Developers in an organization have moved from a standard application deployment to containers. The Security Engineer is tasked with ensuring that the containers are secure. Which strategies will reduce the attack surface and enhance the security of the containers? (Select TWO.)
An organization wants to log all IAM API calls made within all of its IAM accounts, and must have a central place to analyze these logs. What steps should be taken to meet these requirements in the MOST secure manner? (Select TWO)
An IT department currently has a Java web application deployed on Apache Tomcat running on Amazon EC2 instances. All traffic to the EC2 instances is sent through an internet-facing Application Load Balancer (ALB) The Security team has noticed during the past two days thousands of unusual read requests coming from hundreds of IP addresses. This is causing the Tomcat server to run out of threads and reject new connections Which the SIMPLEST change that would address this server issue?
An organization has a multi-petabyte workload that it is moving to Amazon S3, but the CISO is concerned about cryptographic wear-out and the blast radius if a key is compromised. How can the CISO be assured that IAM KMS and Amazon S3 are addressing the concerns? (Select TWO )
A company wants to deploy a distributed web application on a fleet of EC2 instances. The fleet will be fronted by a Classic Load Balancer that will be configured to terminate the TLS connection The company wants to make sure that all past and current TLS traffic to the Classic Load Balancer stays secure even if the certificate private key is leaked. To ensure the company meets these requirements, a Security Engineer can configure a Classic Load Balancer with:
