During a recent internal investigation, it was discovered that all API logging was disabled in a production account, and the root user had created new API keys that appear to have been used several times.What could have been done to detect and automatically remediate the incident?
An application has a requirement to be resilient across not only Availability Zones within the application's primary region but also be available within another region altogether.Which of the following supports this requirement for AWS resources that are encrypted by AWS KMS?
An organization policy states that all encryption keys must be automatically rotated every 12 months.Which AWS Key Management Service (KMS) key type should be used to meet this requirement?
A Security Engineer received an AWS Abuse Notice listing EC2 instance IDs that are reportedly abusing other hosts.Which action should the Engineer take based on this situation? (Choose three.)
A Security Administrator is configuring an Amazon S3 bucket and must meet the following security requirements:✑ Encryption in transit✑ Encryption at rest✑ Logging of all object retrievals in AWS CloudTrailWhich of the following meet these security requirements? (Choose three.)
The Security team believes that a former employee may have gained unauthorized access to AWS resources sometime in the past 3 months by using an identified access key.What approach would enable the Security team to find out what the former employee may have done within AWS?
