A company is running its application on AWS. Malicious users exploited a recent promotion event and created many fake accounts.The application currently uses Amazon CloudFront in front of an Amazon API Gateway API. AWS Lambda functions serve the different API endpoints. The GET registration endpoint is behind the path of /store/registration. The URI for submission of the new account details is at /store/newaccount.A security engineer needs to design a solution that prevents similar exploitations for future promotion events.Which combination of steps will meet these requirements? (Choose two.)
A company runs an application that sends logs to a log group in Amazon CloudWatch Logs. The email addresses of the application users are in the logs.The company’s developers need to view the logs in CloudWatch Logs. A security engineer must ensure that the developers who access the log group cannot see the user email addresses.Which solution will meet this requirement?
A security engineer is implementing a logging solution for a company’s AWS environment. The security engineer has configured an AWS CloudTrail trail in the company’s AWS account. The logs are stored in an Amazon S3 bucket for a third-party service provider to monitor. The service provider has a designated IAM role to access the S3 bucket.The company requires all logs to be encrypted at rest with a customer managed key. The security engineer uses AWS Key Management Service (AWS KMS) to create the customer managed key and key policy. The security engineer also configures CloudTrail to use the key to encrypt the trail.When the security engineer implements this configuration, the service provider no longer can read the logs.What should the security engineer do to allow the service provider to read the logs?
A company runs workloads on Amazon EC2 instances in VPCs. The EC2 instances make requests to Amazon S3 buckets through VPC endpoints. The company uses AWS Organizations to manage its AWS accounts.The company needs the requests from the EC2 instances to originate from the same VPC that the EC2 instance credentials were issued to.Which solution will meet this requirement?
A security engineer has created an Amazon GuardDuty detector in several AWS accounts. The accounts are in an organization in AWS Organizations. The security engineer needs centralized visibility of the security findings from the detectors.Which solution will meet this requirement?
A security engineer is designing a solution that will provide end-to-end encryption between clients and Docker containers running in Amazon Elastic Container Service (Amazon ECS). This solution will also handle volatile traffic patterns.Which solution would have the MOST scalability and LOWEST latency?
