Amazon Web Services certkiller aws Certified Specialty Scs-c01 Syllabus Exam Questions Answers by Zorawar q426 vce pdf

Page: 18 / 43

Exam Name:	AWS Certified Security - Specialty
Exam Code:	SCS-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	589 Q&A's	Shared By:	zorawar

Question 72

During a security event, it is discovered that some Amazon EC2 instances have not been sending Amazon CloudWatch logs.

Which steps can the Security Engineer take to troubleshoot this issue? (Select two.)

Options:

Connect to the EC2 instances that are not sending the appropriate logs and verify that the CloudWatch Logs agent is running.

Log in to the IAM account and select CloudWatch Logs. Check for any monitored EC2 instances that are in the “Alerting” state and restart them using the EC2 console.

Verify that the EC2 instances have a route to the public IAM API endpoints.

Connect to the EC2 instances that are not sending logs. Use the command prompt to verify that the right permissions have been set for the Amazon SNS topic.

Verify that the network access control lists and security groups of the EC2 instances have the access to send logs over SNMP.

Discussion

Everleigh

I must say that they are updated regularly to reflect the latest exam content, so you can be sure that you are getting the most accurate information. Plus, they are easy to use and understand, so even new students can benefit from them.

Huxley Aug 26, 2024

That's great to know. So, you think new students should buy these dumps?

Alaya

Best Dumps among other dumps providers. I like it so much because of their authenticity.

Kaiden Sep 16, 2024

That's great. I've used other dump providers in the past and they were often outdated or had incorrect information. This time I will try it.

Norah

Cramkey is highly recommended.

Zayan Oct 17, 2024

Definitely. If you're looking for a reliable and effective study resource, look no further than Cramkey Dumps. They're simply wonderful!

Cody

I used Cramkey Dumps to prepare and a lot of the questions on the exam were exactly what I found in their study materials.

Eric Sep 13, 2024

Really? That's great to hear! I used Cramkey Dumps too and I had the same experience. The questions were almost identical.

Question 73

A Security Engineer discovers that developers have been adding rules to security groups that allow SSH and RDP traffic from 0.0.0.0/0 instead of the organization firewall IP.

What is the most efficient way to remediate the risk of this activity?

Options:

Delete the internet gateway associated with the VPC.

Use network access control lists to block source IP addresses matching 0.0.0.0/0.

Use a host-based firewall to prevent access from all but the organization’s firewall IP.

Use IAM Config rules to detect 0.0.0.0/0 and invoke an IAM Lambda function to update the security group with the organization's firewall IP.

Discussion

Question 74

A company is hosting a website that must be accessible to users for HTTPS traffic. Also port 22 should be open for administrative purposes. The administrator's workstation has a static IP address of 203.0.113.1/32. Which of the following security group configurations are the MOST secure but still functional to support these requirements? Choose 2 answers from the options given below

Please select:

Options:

Port 443 coming from 0.0.0.0/0

Port 443 coming from 10.0.0.0/16

Port 22 coming from 0.0.0.0/0

Port 22 coming from 203.0.113.1/32

Discussion

Question 75

The Security Engineer has discovered that a new application that deals with highly sensitive data is storing Amazon S3 objects with the following key pattern, which itself contains highly sensitive data.

Pattern:

"randomID_datestamp_PII.csv"

Example:

"1234567_12302017_000-00-0000 csv"

The bucket where these objects are being stored is using server-side encryption (SSE).

Which solution is the most secure and cost-effective option to protect the sensitive data?

Options:

Remove the sensitive data from the object name, and store the sensitive data using S3 user-defined metadata.

Add an S3 bucket policy that denies the action s3:GetObject

Use a random and unique S3 object key, and create an S3 metadata index in Amazon DynamoDB using client-side encrypted attributes.

Store all sensitive objects in Binary Large Objects (BLOBS) in an encrypted Amazon RDS instance.