A company uses Amazon GuardDuty. The company's security team wants all High severity findings to automatically generate a ticket in a third-party ticketing system through email integration.Which solution will meet this requirement?
A company is using AWS Organizations to implement a multi-account strategy. The company does not have on-premises infrastructure. All workloads run on AWS. The company currently has eight member accounts. The company anticipates that it will have no more than 20 AWS accounts total at any time.The company issues a new security policy that contains the following requirements:• No AWS account should use a VPC within the AWS account for workloads.• The company should use a centrally managed VPC that all AWS accounts can access to launch workloads in subnets.• No AWS account should be able to modify another AWS account's application resources within the centrally managed VPC.• The centrally managed VPC should reside in an existing AWS account that is named Ac-count-A within an organization.The company uses an AWS CloudFormation template to create a VPC that contains multiple subnets in Account-A. This template exports the subnet IDs through the CloudFormation Outputs section.Which solution will complete the security setup to meet these requirements?
A company's security team needs to receive a notification whenever an AWS access key has not been rotated in 90 or more days. A security engineer must develop a solution that provides these notifications automatically.Which solution will meet these requirements with the LEAST amount of effort?
A company maintains an open-source application that is hosted on a public GitHub repository. While creating a new commit to the repository, an engineer uploaded their AWS access key and secret access key. The engineer reported the mistake to a manager, and the manager immediately disabled the access key.The company needs to assess the impact of the exposed access key. A security engineer must recommend a solution that requires the least possible managerial overhead.Which solution meets these requirements?
A company plans to create individual child accounts within an existing organization in AWS Organizations for each of its DevOps teams. AWS CloudTrail has been enabled and configured on all accounts to write audit logs to an Amazon S3 bucket in a centralized AWS account. A security engineer needs to ensure that DevOps team members are unable to modify or disable this configuration.How can the security engineer meet these requirements?
A company has a group of Amazon EC2 instances in a single private subnet of a VPC with no internet gateway attached. A security engineer has installed the Amazon CloudWatch agent on all instances in that subnet to capture logs from a specific application. To ensure that the logs flow securely, the company's networking team has created VPC endpoints for CloudWatch monitoring and CloudWatch logs. The networking team has attached the endpoints to the VPC.The application is generating logs However, when the security engineer queries CloudWatch, the logs do not appear.Which combination of steps should the security engineer take to troubleshoot this issue? (Choose three.)
