A company is implementing new compliance requirements to meet customer needs. According to the new requirements, the company must not use any Amazon RDS DB instances or DB clusters that lack encryption of the underlying storage. The company needs a solution that will generate an email alert when an unencrypted DB instance or DB cluster is created. The solution also must terminate the unencrypted DB instance or DB cluster.
Which solution will meet these requirements in the MOST operationally efficient manner?

1. A. Create an AWS Config managed rule to detect unencrypted RDS storag
2. B. Configure an automatic remediation action to publish messages to an Amazon Simple Notification Service (Amazon SNS) topic that includes an AWS Lambda function and an email delivery target as subscriber
3. C. Configure the Lambda function to delete the unencrypted resource.
4. D. Create an AWS Config managed rule to detect unencrypted RDS storag
5. E. Configure a manual remediation action to invoke an AWS Lambda functio
6. F. Configure the Lambda function to publish messages to an Amazon Simple Notification Service (Amazon SNS) topic and to delete the unencrypted resource.
7. G. Create an Amazon EventBridge rule that evaluates RDS event patterns and is initiated by the creation of DB instances or DB cluster
8. H. Configure the rule to publish messages to an Amazon Simple Notification Service (Amazon SNS) topic that includes an AWS Lambda function and an email delivery target as subscriber
9. I. Configure the Lambda function to delete the unencrypted resource.
10. J. Create an Amazon EventBridge rule that evaluates RDS event patterns and is initiated by the creation of DB instances or DB cluster
11. K. Configure the rule to invoke an AWS Lambda functio
12. L. Configure the Lambda function to publish messages to an Amazon Simple Notification Service (Amazon SNS) topic and to delete the unencrypted resource.

Correct Answer: A

A company must immediately disable compromised IAM users across all AWS accounts and collect all actions performed by the user in the last 7 days.
Which solution will meet these requirements?

1. A. Disable the IAM user and query CloudTrail logs in Amazon S3 using Athena.
2. B. Remove IAM policies and query logs in Security Hub.
3. C. Remove permission sets and query logs using CloudWatch Logs Insights.
4. D. Disable the user in IAM Identity Center and query the organizational event data store.

Correct Answer: D

A security administrator is setting up a new AWS account. The security administrator wants to secure the data that a company stores in an Amazon S3 bucket. The security administrator also wants to reduce the chance of unintended data exposure and the potential for misconfiguration of objects that are in the S3 bucket.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Configure the S3 Block Public Access feature for the AWS account.
2. B. Configure the S3 Block Public Access feature for all objects that are in the bucket.
3. C. Deactivate ACLs for objects that are in the bucket.
4. D. Use AWS PrivateLink for Amazon S3 to access the bucket.

Correct Answer: A

A company has security requirements for Amazon Aurora MySQL databases regarding encryption, deletion protection, public access, and audit logging. The company needs continuous monitoring and real-time visibility into compliance status.
Which solution will meet these requirements?

1. A. Use AWS Audit Manager with a custom framework.
2. B. Enable AWS Config and use managed rules to monitor Aurora MySQL compliance.
3. C. Use AWS Security Hub configuration policies.
4. D. Use EventBridge and Lambda with custom metrics.

Correct Answer: B

A company needs to scan all AWS Lambda functions for code vulnerabilities.

1. A. Use Amazon Macie.
2. B. Enable Amazon Inspector Lambda scanning.
3. C. Use GuardDuty and Security Hub.
4. D. Use GuardDuty Lambda Protection.

Correct Answer: B