How can a security engineer provide the appropriate access to the EC2 instance to meet these requirements?

2025-10-16
By:
In: SCS-C01
With: 1 Comment

A company does not allow the permanent installation of SSH keys onto an Amazon Linux 2 EC2 instance.However, three employees who have IAM user accounts require access to the EC2 instance.The employees must use an SSH session to perform critical duties.How can a security engineer provide the appropriate access to the EC2 instance to meet these requirements?Read More →

Which solution will meet these requirements?

2025-10-16
By:
In: SCS-C01
With: 1 Comment

A company has two VPCs in the us-east-1 Region: vpc-1 and vpe-2.The company recently created an Amazon API Gateway REST API with the endpoint type set to PRIVATE.The company also created a VPC endpoint for the REST API in vpc-1.Resources in vpc-1 can access the REST API successfully.The company now wants to give resources in vpc-2 the ability to access the REST API.The company creates a VPC endpoint for the REST API in vpc-2, but the resources in vpc-2 cannot access the REST API.A security engineer must make the REST API accessible to resources in vpc-2 by creating a solution that provides the minimum access that is necessary.Which solution will meet these requirements?Read More →

Which solution will meet this requirement in the MOST operationally efficient manner?

2025-10-16
By:
In: SCS-C01
With: 1 Comment

A company is operating an AWS workload that consists of multiple applications that are deployed on Amazon EC2 instances.Recent changes to a security group caused connectivity issues for some application instances that use the security group.The company now needs all changes to security groups to initiate an alert to a specific company email address.Which solution will meet this requirement in the MOST operationally efficient manner?Read More →

What should the security engineer do to resolve this issue?

2025-10-16
By:
In: SCS-C01
With: 1 Comment

A security engineer is attempting to assign a virtual multi-factor authentication (MFA) device to an IAM user whose current virtual MFA device is faulty.The security engineer receives an error message that indicates that the security engineer is not authorized to perform iam:DeleteVirtualMFADevice.The IAM role that the security engineer is using has the correct permissions to delete, list, and create a virtual MFA device.The IAM user also has permissions to delete their own virtual MFA device, but only if the IAM user is authenticated with MFA.What should the security engineer do to resolve this issue?Read More →

Which combination of actions should the company take to meet these requirements?

2025-10-16
By:
In: SCS-C01
With: 1 Comment

A company has two web applications that run on Amazon EC2 and Amazon S3.The applications failed an HTTP security audit, and users are reporting latency issues.The applications need to deliver web content at low latencies while improving security and privacy for users and content providers.The company must implement a solution that does not require changes to the application code.Which combination of actions should the company take to meet these requirements? (Choose two.)Read More →

Which combination of steps should the security engineer take to MINIMIZE the consequences of this compromise?

2025-10-16
By:
In: SCS-C01
With: 1 Comment

A company’s security engineer receives an abuse notification from AWS.The notification indicates that someone is hosting malware from the company’s AWS account.After investigation, the security engineer finds a new Amazon S3 bucket that an IAM user created without authorization.Which combination of steps should the security engineer take to MINIMIZE the consequences of this compromise? (Choose three.)Read More →