Amazon Web Services certkiller aws Certified Specialty Scs-c01 Syllabus Exam Questions Answers by Zorawar q426 vce pdf

Page: 18 / 43

Exam Name:	AWS Certified Security - Specialty
Exam Code:	SCS-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	589 Q&A's	Shared By:	zorawar

Question 72

During a security event, it is discovered that some Amazon EC2 instances have not been sending Amazon CloudWatch logs.

Which steps can the Security Engineer take to troubleshoot this issue? (Select two.)

Options:

Connect to the EC2 instances that are not sending the appropriate logs and verify that the CloudWatch Logs agent is running.

Log in to the IAM account and select CloudWatch Logs. Check for any monitored EC2 instances that are in the “Alerting” state and restart them using the EC2 console.

Verify that the EC2 instances have a route to the public IAM API endpoints.

Connect to the EC2 instances that are not sending logs. Use the command prompt to verify that the right permissions have been set for the Amazon SNS topic.

Verify that the network access control lists and security groups of the EC2 instances have the access to send logs over SNMP.

Discussion

Question 73

A Security Engineer discovers that developers have been adding rules to security groups that allow SSH and RDP traffic from 0.0.0.0/0 instead of the organization firewall IP.

What is the most efficient way to remediate the risk of this activity?

Options:

Delete the internet gateway associated with the VPC.

Use network access control lists to block source IP addresses matching 0.0.0.0/0.

Use a host-based firewall to prevent access from all but the organization’s firewall IP.

Use IAM Config rules to detect 0.0.0.0/0 and invoke an IAM Lambda function to update the security group with the organization's firewall IP.

Discussion

Question 74

A company is hosting a website that must be accessible to users for HTTPS traffic. Also port 22 should be open for administrative purposes. The administrator's workstation has a static IP address of 203.0.113.1/32. Which of the following security group configurations are the MOST secure but still functional to support these requirements? Choose 2 answers from the options given below

Please select:

Options:

Port 443 coming from 0.0.0.0/0

Port 443 coming from 10.0.0.0/16

Port 22 coming from 0.0.0.0/0

Port 22 coming from 203.0.113.1/32

Discussion

Zayaan

Successfully aced the exam… Thanks a lot for providing amazing Exam Dumps.

Harmony Sep 16, 2025

That's fantastic! I'm glad to hear that their dumps helped you. I also used them and found it accurate.

Wyatt

Passed my exam… Thank you so much for your excellent Exam Dumps.

Arjun Sep 26, 2025

That sounds really useful. I'll definitely check it out.

Ace

No problem! I highly recommend Cramkey Dumps to anyone looking to pass their certification exams. They will help you feel confident and prepared on exam day. Good luck!

Harris Sep 15, 2025

That sounds amazing. I'll definitely check them out. Thanks for the recommendation!

Georgina

I used Cramkey Dumps to prepare for my recent exam and I have to say, they were a huge help.

Corey Sep 22, 2025

Really? How did they help you? I know these are the same questions appears in exam. I will give my try. But tell me if they also help in some training?

Nia

Why are these Dumps so important for students these days?

Mary Sep 12, 2025

With the constantly changing technology and advancements in the industry, it's important for students to have access to accurate and valid study material. Cramkey Dumps provide just that. They are constantly updated to reflect the latest changes and ensure that the information is up-to-date.

Question 75

The Security Engineer has discovered that a new application that deals with highly sensitive data is storing Amazon S3 objects with the following key pattern, which itself contains highly sensitive data.

Pattern:

"randomID_datestamp_PII.csv"

Example:

"1234567_12302017_000-00-0000 csv"

The bucket where these objects are being stored is using server-side encryption (SSE).

Which solution is the most secure and cost-effective option to protect the sensitive data?

Options:

Remove the sensitive data from the object name, and store the sensitive data using S3 user-defined metadata.

Add an S3 bucket policy that denies the action s3:GetObject

Use a random and unique S3 object key, and create an S3 metadata index in Amazon DynamoDB using client-side encrypted attributes.

Store all sensitive objects in Binary Large Objects (BLOBS) in an encrypted Amazon RDS instance.