An Application team has requested a new IAM KMS master key for use with Amazon S3, but the organizational security policy requires separate master keys for different IAM services to limit blast radius. How can an IAM KMS customer master key (CMK) be constrained to work with only Amazon S3?
A Development team has built an experimental environment to test a simple stale web application It has built an isolated VPC with a private and a public subnet. The public subnet holds only an Application Load Balancer a NAT gateway, and an internet gateway. The private subnet holds ail of the Amazon EC2 instances There are 3 different types of servers Each server type has its own Security Group that limits access lo only required connectivity. The Security Groups nave both inbound and outbound rules applied Each subnet has both inbound and outbound network ACls applied to limit access to only required connectivity Which of the following should the team check if a server cannot establish an outbound connection to the internet? (Select THREE.)
A company uses a third -party application to store encrypted data in Amazon S3. The company uses another third -party application trial decrypts the data from Amazon S3 to ensure separation of duties Between the applications A Security Engineer warns to separate the permissions using IAM roles attached to Amazon EC2 instances. The company prefers to use native IAM services. Which encryption method will meet these requirements?
A recent security audit found that IAM CloudTrail logs are insufficiently protected from tampering and unauthorized access Which actions must the Security Engineer take to address these audit findings? (Select THREE )
A company's Security Auditor discovers that users are able to assume roles without using multi - factor authentication (MFA). An example of a current policy being applied to these users is as follows: The Security Auditor finds that the users who are able to assume roles without MFA are alt coming from the IAM CLI. These users are using long -term IAM credentials. Which changes should a Security Engineer implement to resolve this security issue? (Select TWO.) A) B) C) D) E)
You have an S3 bucket defined in IAM. You want to ensure that you encrypt the data before sending it across the wire. What is the best way to achieve this. Please select:
