An organization has setup multiple 1AM users. The organization wants that each 1AM user accesses the 1AM console only within the organization and not from outside. How can it achieve this?
Attach the following SCP to the OU that contains this account:
A Security Administrator is configuring an Amazon S3 bucket and must meet the following security requirements:
* Encryption in transit
* Encryption at rest
* Logging of all object retrievals in AWS CloudTrail
Which of the following meet these security requirements? (Choose three.)
A financial institution has the following security requirements:
* Cloud-based users must be contained in a separate authentication domain.
* Cloud-based users cannot access on-premises systems.
As part of standing up a cloud environment, the financial institution is creating a number of Amazon managed databases and Amazon EC2 instances. An Active Directory service exists on-premises that has all the administrator accounts, and these must be able to access the databases and instances.
How would the organization manage its resources in the MOST secure manner? (Choose two.)
A company is building a data lake on Amazon S3. The data consists of millions of small files containing sensitive information. The Security team has the following requirements for the architecture:
* Data must be encrypted in transit.
* Data must be encrypted at rest.
* The bucket must be private, but if the bucket is accidentally made public, the data must remain confidential.
Which combination of steps would meet the requirements? (Choose two.)