A security analyst attempted to troubleshoot the monitoring of suspicious security group changes. The analyst was told that there is an Amazon CloudWatch alarm in place for these AWS CloudTrail log events. The analyst tested the monitoring setup by making a configuration change to the security group but did not receive any alerts. Which of the following troubleshooting steps should the analyst perform?
A. Ensure that CloudTrail and S3 bucket access logging is enabled for the analyst's AWSaccount.
B. Verify that a metric filter was created and then mapped to an alarm. Check the alarm notification action.
C. Check the CloudWatch dashboards to ensure that there is a metric configured with anappropriate dimension for security group changes.
D. Verify that the analyst's account is mapped to an IAM policy that includes permissionsfor cloudwatch:GetMetricStatistics and cloudwatch:ListMetrics.
A company has public certificates that are managed by AWS Certificate Manager (ACM). The certificates are either imported certificates or managed certificates from ACM with mixed validation methods. A security engineer needs to design a monitoring solution to provide alerts by email when a certificate is approaching its expiration date. What is the MOST operationally efficient way to meet this requirement?
A. Create an AWS Lambda function to list all certificates and to go through each certificateto describe the certificate by using the AWS SDK. Filter on the NotAfter attribute and sendan email notification. Use an Amazon EventBridge rate expression to schedule the Lambdafunction to run daily.
B. Create an Amazon CloudWatch alarm Add all the certificate ARNs in the AWS/CertificateManager namespace to the DaysToExpiry metnc. Configure the alarm topublish a notification to an Amazon Simple Notification Service (Amazon SNS) topic whenthe value for the DaysToExpiry metric is less than or equal to 31.
C. Set up AWS Security Hub. Turn on the AWS Foundational Security Best Practicesstandard with integrated ACM to send findings. Configure and use a custom action bycreating a rule to match the pattern from the ACM findings on the NotBefore attribute as theevent source Create an Amazon Simple Notification Service (Amazon SNS) topic as thetarget
D. Create an Amazon EventBridge rule by using a predefined pattern for ACM Choose themetric in the ACM Certificate Approaching Expiration event as the event pattern. Create anAmazon Simple Notification Service (Amazon SNS) topic as the target
A company runs workloads in the us-east-1 Region. The company has never deployed resources to other AWS Regions and does not have any multi-Region resources. The company needs to replicate its workloads and infrastructure to the us-west-1 Region. A security engineer must implement a solution that uses AWS Secrets Manager to store secrets in both Regions. The solution must use AWS Key Management Service (AWS KMS) to encrypt the secrets. The solution must minimize latency and must be able to work if only one Region is available. The security engineer uses Secrets Manager to create the secrets in us-east-1. What should the security engineer do next to meet the requirements?
A. Encrypt the secrets in us-east-1 by using an AWS managed KMS key. Replicate thesecrets to us-west-1. Encrypt the secrets in us-west-1 by using a new AWS managed KMSkey in us-west-1.
B. Encrypt the secrets in us-east-1 by using an AWS managed KMS key. Configure resources in us-west-1 to call the Secrets Manager endpoint in us-east-1.
C. Encrypt the secrets in us-east-1 by using a customer managed KMS key. Configureresources in us-west-1 to call the Secrets Manager endpoint in us-east-1.
D. Encrypt the secrets in us-east-1 by using a customer managed KMS key. Replicate thesecrets to us-west-1. Encrypt the secrets in us-west-1 by using the customer managedKMS key from us-east-1.
A company used AWS Organizations to set up an environment with multiple AWS accounts. The company's organization currently has two AWS accounts, and the company expects to add more than 50 AWS accounts during the next 12 months The company will require all existing and future AWS accounts to use Amazon GuardDuty. Each existing AWS account has GuardDuty active. The company reviews GuardDuty findings by logging into each AWS account individually. The company wants a centralized view of the GuardDuty findings for the existing AWS accounts and any future AWS accounts. The company also must ensure that any new AWS account has GuardDuty automatically turned on. Which solution will meet these requirements?
A. B. Create a new AWS account in the organization. Enable GuardDuty in the newaccount. Designate the new account as the delegated administrator account forGuardDuty. Configure GuardDuty to add existing accounts as member accounts. Select theoption to automatically add new AWS accounts to the organization
B. Create a new AWS account in the organization. Enable GuardDuty in the new account.Enable AWS Security Hub in each account. Select the option to automatically add newAWS accounts to the organization.
C. D. Enable AWS Security Hub in the organization's management account. Designate themanagement account as the delegated administrator account for Security Hub. Addexisting accounts as member accounts. Select the option to automatically add new AWSaccounts to the organization. Send all Security Hub findings to the organization'sGuardDuty account.
A company has AWS accounts that are in an organization in AWS Organizations. A security engineer needs to set up AWS Security Hub in a dedicated account for security monitoring. The security engineer must ensure that Security Hub automatically manages all existing accounts and all new accounts that are added to the organization. Security Hub also must receive findings from all AWS Regions. Which combination of actions will meet these requirements with the LEAST operational overhead? (Select TWO.)
A. B. Create an AWS Lambda function that routes events from other Regions to thededicated Security Hub account. Create an Amazon EventBridge rule to invoke theLambda function.
B. Turn on the option to automatically enable accounts for Security Hub.
C. Create an SCP that denies the securityhub DisableSecurityHub permission. Attach theSCP to the organization’s root account.
D. E. Configure services in other Regions to write events to an AWS CloudTrailorganization trail. Configure Security Hub to read events from the trail.
A security engineer is creating an AWS Lambda function. The Lambda function needs to use a role that is named LambdaAuditRole to assume a role that is named AcmeAuditFactoryRole in a different AWS account. When the code is processed, the following error message appears: "An error oc-curred (AccessDenied) when calling the AssumeRole operation." Which combination of steps should the security engineer take to resolve this er-ror? (Select TWO.)
A. Ensure that LambdaAuditRole has the sts:AssumeRole permission for AcmeAuditFactoryRole.
B. Ensure that LambdaAuditRole has the AWSLambdaBasicExecutionRole managedpolicy attached.
C. Ensure that the trust policy for AcmeAuditFactoryRole allows the sts:AssumeRole actionfrom LambdaAuditRole.
D. Ensure that the trust policy for LambdaAuditRole allows the sts:AssumeRole action fromthe lambda.amazonaws.com service.
E. Ensure that the sts:AssumeRole API call is being issued to the us-east-I Regionendpoint.
A systems engineer deployed containers from several custom-built images that an application team provided through a QA workflow The systems engineer used Amazon Elastic Container Service (Amazon ECS) with the Fargate launch type as the target platform The system engineer now needs to collect logs from all containers into an existing Amazon CloudWatch log group Which solution will meet this requirement?
A. Turn on the awslogs log driver by specifying parameters for awslogs-group andawslogs-region m the LogConfiguration property
B. Download and configure the CloudWatch agent on the container instances
C. Set up Fluent Bit and FluentO as a DaemonSet to send logs to Amazon CloudWatchLogs
D. Configure an 1AM policy that includes the togs CreateLogGroup action Assign the policyto the container instances
An Amazon EC2 Auto Scaling group launches Amazon Linux EC2 instances and installs the Amazon CloudWatch agent to publish logs to Amazon CloudWatch Logs. The EC2 instances launch with an IAM role that has an IAM policy attached. The policy provides access to publish custom metrics to CloudWatch. The EC2 instances run in a private subnet inside a VPC. The VPC provides ^ccess to the internet for private subnets through a NAT gateway. A security engineer notices that no logs are being published to CloudWatch Logs for the EC2 instances that the Auto Scaling group launches. The security engineer validates that the CloudWatch Logs agent is running and is configured properly on the EC2 instances. In addition, the security engineer validates that network communications are working properly to AWS services. What can the security engineer do to ensure that the logs are published to CloudWatch Logs?
A. Configure the IAM policy in use by the IAM role to have access to the requiredcloudwatch: API actions thatwill publish logs.
B. Adjust the Amazon EC2 Auto Scaling service-linked role to have permissions to write toCloudWatch Logs.
C. Configure the IAM policy in use by the IAM role to have access to the required AWSlogs: API actions that willpublish logs.
D. Add an interface VPC endpoint to provide a route to CloudWatch Logs.
A company has secured the AWS account root user for its AWS account by following AWS best practices. The company also has enabled AWS CloudTrail, which is sending its logs to Amazon S3. A security engineer wants to receive notification in near-real time if a user uses the AWS account root user credentials to sign in to the AWS Management Console. Which solutions will provide this notification? (Select TWO.)
A. Use AWS Trusted Advisor and its security evaluations for the root account. Configure an Amazon EventBridge event rule that is invoked by the Trusted Advisor API. Configure therule to target an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe anyrequired endpoints to the SNS topic so that these endpoints can receive notification.
B. B. Use AWS IAM Access Analyzer. Create an Amazon CloudWatch Logs metric filter toevaluate log entries from Access Analyzer that detect a successful root account login.Create an Amazon CloudWatch alarm that monitors whether a root login has occurred.Configure the CloudWatch alarm to notify an Amazon Simple Notification Service (AmazonSNS) topic when the alarm enters the ALARM state. Subscribe any required endpoints tothis SNS topic so that these endpoints can receive notification.
C. Configure AWS CloudTrail to send its logs to Amazon CloudWatch Logs. Configure ametric filter on the CloudWatch Logs log group used by CloudTrail to evaluate log entriesfor successful root account logins. Create an Amazon CloudWatch alarm that monitorswhether a root login has occurred Configure the CloudWatch alarm to notify an AmazonSimple Notification Service (Amazon SNS) topic when the alarm enters the ALARM state.Subscribe any required endpoints to this SNS topic so that these endpoints can receivenotification.
D. Configure AWS CloudTrail to send log notifications to an Amazon Simple NotificationService (Amazon SNS) topic. Create an AWS Lambda function that parses the CloudTrailnotification for root login activity and notifies a separate SNS topic that contains theendpoints that should receive notification. Subscribe the Lambda function to the SNS topicthat is receiving log notifications from CloudTrail.
E. E. Configure an Amazon EventBridge event rule that runs when Amazon CloudWatchAPI calls are recorded for a successful root login. Configure the rule to target an AmazonSimple Notification Service (Amazon SNS) topic. Subscribe any required endpoints to theSNS topic so that these endpoints can receive notification.
A company needs to create a centralized solution to analyze log files. The company uses an organization in AWS Organizations to manage its AWS accounts. The solution must aggregate and normalize events from the following sources: • The entire organization in Organizations • All AWS Marketplace offerings that run in the company’s AWS accounts • The company's on-premises systems Which solution will meet these requirements?
A. Configure log streams in Amazon CloudWatch Logs for the sources that needmonitoring. Create log subscription filters for each log stream. Forward the messages toAmazon OpenSearch Service for analysis.
B. Set up a delegated Amazon Security Lake administrator account in Organizations.Enable and configure Security Lake for the organization. Add the accounts that needmonitoring. Use Amazon Athena to query the log data.
C. D. Apply an SCP to configure all member accounts and services to deliver log files to acentralized Amazon S3 bucket. Use Amazon OpenSearch Service to query the centralizedS3 bucket for log entries.