SCS-C01 Questions Bank

in every IAM account, configure IAM Lambda to query me IAM Support API tor IAM Trusted Advisor security checks Send the results from Lambda to an Amazon SNS topic to send reports.

Configure Amazon GuardDuty in a master account and invite all other accounts to be managed by the master account Use GuardDuty's integration with Amazon SNS to report on findings

Use Amazon Athena and Amazon QuickSight to build reports off of IAM CloudTrail Create a daily Amazon CloudWatch trigger to run the report dally and email It using Amazon SNS

Use IAM Artifact's prebuilt reports and subscriptions Subscribe the Director of Information Security to the reports by adding the Director as the security alternate contact tor each account

The EC2 instance role does not have decrypt permissions on the IAM Key Management Sen/ice (IAM KMS) key used to encrypt the secret

The EC2 instance role does not have read permissions to read the parameters In Parameter Store

Parameter Store does not have permission to use IAM Key Management Service (IAM KMS) to decrypt the parameter

The EC2 instance role does not have encrypt permissions on the IAM Key Management Service (IAM KMS) key associated with the secret

The EC2 instance does not have any tags associated.

Create a NACL to allow access on TCP port 443 from the 1;500 subsidiary CIDR block ranges. Associate the NACL to both the NLB and EC2 instances

Create an IAM security group to allow access on TCP port 443 from the 1,500 subsidiary CIDR block ranges. Associate the security group to the NLB. Create a second security group for EC2 instances with access on TCP port 443 from the NLB security group.

Create an IAM PrivateLink endpoint service in the parent company account attached to the NLB. Create an IAM security group for the instances to allow access on TCP port 443 from the IAM PrivateLink endpoint. Use IAM PrivateLink interface endpoints in the 1,500 subsidiary IAM accounts to connect to the data processing application.

Create an IAM security group to allow access on TCP port 443 from the 1,500 subsidiary CIDR block ranges. Associate the security group with EC2 instances.

Configuring IAM Organizations to monitor root user API calls on the paying account

Creating an Amazon CloudWatch Events rule that will trigger when any API call from the root user is reported

Configuring Amazon Inspector to scan the IAM account for any root user activity

Configuring IAM Trusted Advisor to send an email to the Security team when the root user logs in to the console

Using Amazon SNS to notify the target group