A company uses user data scripts that contain sensitive information to bootstrap Amazon EC2 instances. A Security Engineer discovers that this sensitive information is viewable by people who should not have access to it. What is the MOST secure way to protect the sensitive information used to bootstrap the instances?
A) Store the scripts in the AMI and encrypt the sensitive data using AWS KMS Use the instance role profile to control access to the KMS keys needed to decrypt the data.
B) Store the sensitive data in AWS Systems Manager Parameter Store using the encrypted string parameter and assign the GetParameters permission to the EC2 instance role.
C) Externalize the bootstrap scripts in Amazon S3 and encrypt them using AWS KMS. Remove the scripts from the instance and clear the logs after the instance is configured.
D) Block user access of the EC2 instance's metadata service using IAM policies. Remove all scripts and clear the logs after execution.
Correct Answer:
Verified
Q64: A company has a few dozen application
Q65: Which of the following are valid event
Q66: A company is building a data lake
Q67: A Security Engineer must implement mutually authenticated
Q68: The AWS Systems Manager Parameter Store is
Q70: A Security Engineer is building a Java
Q71: A Security Engineer is defining the logging
Q72: An application uses Amazon Cognito to manage
Q73: An Amazon S3 bucket is encrypted using
Q74: A Security Engineer is working with a
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents