Multiple Choice
A Security Engineer must design a solution that enables the incident Response team to audit for changes to a user's IAM permissions in the case of a security incident. How can this be accomplished?
A) Use AWS Config to review the IAM policy assigned to users before and after the incident.
B) Run the GenerateCredentialReport via the AWS CLI, and copy the output to Amazon S3 daily for auditing purposes. Run the GenerateCredentialReport via the AWS CLI, and copy the output to Amazon S3 daily for auditing purposes.
C) Copy AWS CloudFormation templates to S3, and audit for changes from the template.
D) Use Amazon EC2 Systems Manager to deploy images, and review AWS CloudTrail logs for changes.
Correct Answer:
Verified
Correct Answer:
Verified
Q204: A company's database developer has just migrated
Q205: Due to new compliance requirements, a Security
Q206: A company plans to use custom AMIs
Q207: A company wants to control access to
Q208: A company had one of its Amazon
Q210: The AWS Systems Manager Parameter Store is
Q211: A Development team has built an experimental
Q212: An application has been written that publishes
Q213: A company is using AWS Organizations to
Q214: A company has complex connectivity rules governing