AWS Certified Security Specialty SCS-C01 Exam Updated Dumps

AWS Certified Security Specialty SCS-C01 Exam Updated Dumps

Are you worried about your SCS-C01 exam? AWS Certified Security – Specialty (SCS-C01) exam is intended for individuals who perform a security role. The exam validates a candidate’s ability to effectively demonstrate knowledge about securing the AWS platform. The latest updated CS-C01 practice tests help you know about the AWS Certified Security Specialty exam layout and topics. You can practice the actual test questions in the SCS-C01 section online first.

Test yourself with these SCS-C01 practice exam questions now!

Page 1 of 12

1. For compliance rea s ons, an org a nization limits the use of r esources to three spe c ific A WS regions. I t wants to be alerted w h en any resources a r e launched in un a p p ro v ed regi ons .

Which of the following approaches will provide aler t s on any resources launched in an u n app r oved regio n ?

2. An appl ic ation has b een built w ith Amazon E C 2 instances t h a t retrieve messages from Amazon SQS. Recentl y , IAM changes were ma d e and the instances can no long e r retrieve messages.

What actions should be taken to troubleshoot the issue while maintaining lea s t privilege. ( S elect two.) A. Configure and assign an M F A de v ice to the role used by the i nstances.

B. V erify that the SQS resource policy does not explicitly deny a cce s s to the role used by the instances. C. V erify that the access key a ttached to the role used by the instances is active.

D. Attach the AmazonSQSFullAcce s s manag e d po l icy to the role u s ed by t h e instances.

E. V erify that the role attached to the instances c o ntains policies that allow a ccess to the que u e.

3. Auditors tor a health care compa n y have mandated mat all d a ta volumes be en c rypted at rest Infrastructure is deployed mainly via A WS CloudFormation h o wever third- p arty frameworks and manual deployment are re q uir e d on some legacy systems.

What is the BEST way to monito r , on a recurring basis, whether all EBS volumes are e nc rypted?

4. A compa n y uses HTTP Live Streaming (HLS) to stream live video content to paying subscribers by using Amazon CloudF r on t . HLS sp l its the video content into ch u nks so that the user can request the right chunk based on di f ferent conditions Because the video events l a st for several hours, the total video is made up of thou s ands of chunks

The origin U RL is not disclosed and every user is forced to access the CloudFront URL The compa n y h a s a web a pplication that authenticates the paying us e rs against an internal r e p os itory and a CloudF r ont key pair that is already issued.

What is the simplest and MOST e f fect i ve way to p r otect the content?

5. An appl ic ation runn in g on EC2 instances p rocesses sensitive information stored on Amazon S3. The information is accessed o v er the Internet. The se c urity team i s concerned t h at the Int e rnet connectivity to Amazon S3 is a s e curity r isk.

Which solut i on will resolve the security concern? A. Access t h e data thro u gh an Inter n et Gatewa y . B. Access t h e data thro u gh a VPN c o nnection.

C. Acc e ss the data thro u gh a N A T Gatewa y .

D. Acc e ss the data through a VPC endpoint for Amazon S3

6. An A WS account administrator created an IAM gro u p and a pplied the following man a ged policy to requi r e that each individ u al user auth e nticate u s ing multi-fac t or authentication:

After implementing the p o lic y , t he administrator receives reports t hat users are unable to p e rform Amazon

EC2 commands using the A WS CLI.

What should the administrator do to r es olve this problem while still enforcing multi-f a ctor authentication? A. Change the value of aws Mu l tiFactorAuthPresent to true.

B. I n struct u s ers to run the aws s t s ge t -session-to k en CLI command and pa ss the multi-factor authentication ―serial-n u mber and ― t oken-code p arameters. Use these resulting values to make API/CLI c alls

C. Implement federated API/CLI ac c ess using SAML 2.0, then con f igure the i dentity provider to enforce multi-factor a uthentication.

D. Create a r ole and enf or ce mu l ti-factor authentic a tion in the role trust poli c y Instru c t use r s to run the s ts assume-role CLI command and pass --serial-num be r and ―token-code p a r a meters Store the resulting values in environment variables. Add s t s: A ssumeRole to NotAc tio n in the polic y .

7. Some h i ghly sensitive analyti c s workloads are to be moved t o Amazon EC2 hosts. T h reat modeli n g has found that a risk exists where a subnet could be malicious l y or accidentally expo s ed to the interne t . Which of the following mitigations should be recommende d ?

8. A comp a ny needs a forensic- l ogg i ng solution for hu n dreds of applications running in Docker on Amazon EC2. The solution must perform real-time analytics on the togs must support the replay of messages a nd must persist the logs.

Which A WS services should be u s ed to meet these requirements? ( Select T WO) A. Amazon Athena

B. Amazon Kinesis

C. Amazon SQS

D. Amazon Elasticsearch

E. Amazon EMR

9. Y our cu r rent setup in A WS con s ists of the following architecture. 2 public subnets, o n e subnet wh i ch has the web servers acc e ssed by u se r s across the internet and t he other subnet for the database serve r . Which of the following ch a nges to the architecture would add a b etter security boun d ary to the resourc e s hosted in your setup

10. A Security Administrator at a university is confi g uring a fleet of Amazon EC2 instances. The EC2 instances a r e shared a m ong studen t s, and non- ro ot SSH access is allowed. The Administrator is concerned a bout students att a ck i ng o ther A WS account resou r ces by using the EC2 instance metad a ta service.

What can the Administrator do to pro t ect against this potential attack? A. Disable t h e EC2 instance metadata service.

B. Log all student SSH interactive session activit y .

C. Implement ip tables-based r e stricti o ns on the in s tances. D. Install the Amazon Ins p e c tor agent on the instances.


Share this post

Leave a Reply

Your email address will not be published.