Amazon Web Services certkiller aws Certified Specialty Scs-c01 Syllabus Exam Questions Answers by Zorawar q426 vce pdf

Page: 18 / 43

Exam Name:	AWS Certified Security - Specialty
Exam Code:	SCS-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	589 Q&A's	Shared By:	zorawar

Question 72

During a security event, it is discovered that some Amazon EC2 instances have not been sending Amazon CloudWatch logs.

Which steps can the Security Engineer take to troubleshoot this issue? (Select two.)

Options:

Connect to the EC2 instances that are not sending the appropriate logs and verify that the CloudWatch Logs agent is running.

Log in to the IAM account and select CloudWatch Logs. Check for any monitored EC2 instances that are in the “Alerting” state and restart them using the EC2 console.

Verify that the EC2 instances have a route to the public IAM API endpoints.

Connect to the EC2 instances that are not sending logs. Use the command prompt to verify that the right permissions have been set for the Amazon SNS topic.

Verify that the network access control lists and security groups of the EC2 instances have the access to send logs over SNMP.

Discussion

Question 73

A Security Engineer discovers that developers have been adding rules to security groups that allow SSH and RDP traffic from 0.0.0.0/0 instead of the organization firewall IP.

What is the most efficient way to remediate the risk of this activity?

Options:

Delete the internet gateway associated with the VPC.

Use network access control lists to block source IP addresses matching 0.0.0.0/0.

Use a host-based firewall to prevent access from all but the organization’s firewall IP.

Use IAM Config rules to detect 0.0.0.0/0 and invoke an IAM Lambda function to update the security group with the organization's firewall IP.

Discussion

Question 74

A company is hosting a website that must be accessible to users for HTTPS traffic. Also port 22 should be open for administrative purposes. The administrator's workstation has a static IP address of 203.0.113.1/32. Which of the following security group configurations are the MOST secure but still functional to support these requirements? Choose 2 answers from the options given below

Please select:

Options:

Port 443 coming from 0.0.0.0/0

Port 443 coming from 10.0.0.0/16

Port 22 coming from 0.0.0.0/0

Port 22 coming from 203.0.113.1/32

Discussion

Question 75

The Security Engineer has discovered that a new application that deals with highly sensitive data is storing Amazon S3 objects with the following key pattern, which itself contains highly sensitive data.

Pattern:

"randomID_datestamp_PII.csv"

Example:

"1234567_12302017_000-00-0000 csv"

The bucket where these objects are being stored is using server-side encryption (SSE).

Which solution is the most secure and cost-effective option to protect the sensitive data?

Options:

Remove the sensitive data from the object name, and store the sensitive data using S3 user-defined metadata.

Add an S3 bucket policy that denies the action s3:GetObject

Use a random and unique S3 object key, and create an S3 metadata index in Amazon DynamoDB using client-side encrypted attributes.

Store all sensitive objects in Binary Large Objects (BLOBS) in an encrypted Amazon RDS instance.

Discussion

Inaya

Passed the exam. questions are valid. The customer support is top-notch. They were quick to respond to any questions I had and provided me with all the information I needed.

Cillian Oct 20, 2024

That's a big plus. I've used other dump providers in the past and the customer support was often lacking.

Josie

I just passed my certification exam using their dumps and I must say, I was thoroughly impressed.

Fatimah Oct 24, 2024

You’re right. The dumps were authentic and covered all the important topics. I felt confident going into the exam and it paid off.

Pippa

I was so happy to see that almost all the questions on the exam were exactly what I found in their Dumps.

Anastasia Sep 21, 2024

You are right…It was amazing! The Cramkey Dumps were so comprehensive and well-organized, it made studying for the exam a breeze.

Rae

I tried using Cramkey dumps for my recent certification exam and I found them to be more accurate and up-to-date compared to other dumps I've seen. Passed the exam with wonderful score.

Rayyan Sep 14, 2024

I see your point. Thanks for sharing your thoughts. I might give it a try for my next certification exam.

Marley

Hey, I heard the good news. I passed the certification exam!

Jaxson Oct 5, 2024

Yes, I passed too! And I have to say, I couldn't have done it without Cramkey Dumps.

Page: 18 / 43

Title

Questions

Posted

amazon web services.actualtests.amazon web services scs-c01 questions answers.by serena.q53.vce.pdf

2024-11-16