A company manages and runs a critical data management application in containers that are hosted on Amazon Elastic Container Service (Amazon ECS). The application has endpoints that are exposed through Application Load Balancers (ALBs). The application uses an Amazon Elastic File System (Amazon EFS) file system mount for persistent data storage. The company has configured Amazon ECS to use a minimal IAM instance role. Which combination of actions should a solutions architect take to improve the overall security posture of the application? (Choose two.)

Topic #: - All AWS Certified Solutions Architect - Associate SAA-C02 Questions

A. Decompose the Amazon ECS IAM instance role. Use only ECS task roles.
B. Enable EFS encryption in transit to protect data that is being written to Amazon EFS. Most Voted
C. Use AWS Config to define patch management policies on the container instances.
D. Use Amazon Macie integration with Amazon EFS to monitor and protect sensitive information in the file system.
E. Use Amazon GuardDuty to authenticate data access between the ALBs and the container instances. Most Voted

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion