New Year Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

Amazon Web Services Updated SCS-C01 Exam Questions and Answers by zorawar

Page: 18 / 43

Amazon Web Services SCS-C01 Exam Overview :

Exam Name: AWS Certified Security - Specialty
Exam Code: SCS-C01 Dumps
Vendor: Amazon Web Services Certification: AWS Certified Specialty
Questions: 589 Q&A's Shared By: zorawar
Question 72

During a security event, it is discovered that some Amazon EC2 instances have not been sending Amazon CloudWatch logs.

Which steps can the Security Engineer take to troubleshoot this issue? (Select two.)

Options:

A.

Connect to the EC2 instances that are not sending the appropriate logs and verify that the CloudWatch Logs agent is running.

B.

Log in to the IAM account and select CloudWatch Logs. Check for any monitored EC2 instances that are in the “Alerting” state and restart them using the EC2 console.

C.

Verify that the EC2 instances have a route to the public IAM API endpoints.

D.

Connect to the EC2 instances that are not sending logs. Use the command prompt to verify that the right permissions have been set for the Amazon SNS topic.

E.

Verify that the network access control lists and security groups of the EC2 instances have the access to send logs over SNMP.

Discussion
Question 73

A Security Engineer discovers that developers have been adding rules to security groups that allow SSH and RDP traffic from 0.0.0.0/0 instead of the organization firewall IP.

What is the most efficient way to remediate the risk of this activity?

Options:

A.

Delete the internet gateway associated with the VPC.

B.

Use network access control lists to block source IP addresses matching 0.0.0.0/0.

C.

Use a host-based firewall to prevent access from all but the organization’s firewall IP.

D.

Use IAM Config rules to detect 0.0.0.0/0 and invoke an IAM Lambda function to update the security group with the organization's firewall IP.

Discussion
Neve
Will I be able to achieve success after using these dumps?
Rohan Oct 24, 2024
Absolutely. It's a great way to increase your chances of success.
Ayesha
They are study materials that are designed to help students prepare for exams and certification tests. They are basically a collection of questions and answers that are likely to appear on the test.
Ayden Oct 16, 2024
That sounds interesting. Why are they useful? Planning this week, hopefully help me. Can you give me PDF if you have ?
Lennie
I passed my exam and achieved wonderful score, I highly recommend it.
Emelia Oct 2, 2024
I think I'll give Cramkey a try next time I take a certification exam. Thanks for the recommendation!
Faye
Yayyyy. I passed my exam. I think all students give these dumps a try.
Emmeline Sep 12, 2024
Definitely! I have no doubt new students will find them to be just as helpful as I did.
Inaya
Passed the exam. questions are valid. The customer support is top-notch. They were quick to respond to any questions I had and provided me with all the information I needed.
Cillian Oct 20, 2024
That's a big plus. I've used other dump providers in the past and the customer support was often lacking.
Question 74

A company is hosting a website that must be accessible to users for HTTPS traffic. Also port 22 should be open for administrative purposes. The administrator's workstation has a static IP address of 203.0.113.1/32. Which of the following security group configurations are the MOST secure but still functional to support these requirements? Choose 2 answers from the options given below

Please select:

Options:

A.

Port 443 coming from 0.0.0.0/0

B.

Port 443 coming from 10.0.0.0/16

C.

Port 22 coming from 0.0.0.0/0

D.

Port 22 coming from 203.0.113.1/32

Discussion
Question 75

The Security Engineer has discovered that a new application that deals with highly sensitive data is storing Amazon S3 objects with the following key pattern, which itself contains highly sensitive data.

Pattern:

"randomID_datestamp_PII.csv"

Example:

"1234567_12302017_000-00-0000 csv"

The bucket where these objects are being stored is using server-side encryption (SSE).

Which solution is the most secure and cost-effective option to protect the sensitive data?

Options:

A.

Remove the sensitive data from the object name, and store the sensitive data using S3 user-defined metadata.

B.

Add an S3 bucket policy that denies the action s3:GetObject

C.

Use a random and unique S3 object key, and create an S3 metadata index in Amazon DynamoDB using client-side encrypted attributes.

D.

Store all sensitive objects in Binary Large Objects (BLOBS) in an encrypted Amazon RDS instance.

Discussion
Page: 18 / 43
Title
Questions
Posted

SCS-C01
PDF

$36.75  $104.99

SCS-C01 Testing Engine

$43.75  $124.99

SCS-C01 PDF + Testing Engine

$57.75  $164.99