Amazon Web Services certsexpert aws Certified Specialty Scs-c01 Amazon Web Services Study Notes by Mimi q479 vce pdf

Page: 19 / 43

Exam Name:	AWS Certified Security - Specialty
Exam Code:	SCS-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	589 Q&A's	Shared By:	mimi

Question 76

During a recent security audit, it was discovered that multiple teams in a large organization have placed restricted data in multiple Amazon S3 buckets, and the data may have been exposed. The auditor has requested that the organization identify all possible objects that contain personally identifiable information (PII) and then determine whether this information has been accessed.

What solution will allow the Security team to complete this request?

Options:

Using Amazon Athena, query the impacted S3 buckets by using the PII query identifier function. Then, create a new Amazon CloudWatch metric for Amazon S3 object access to alert when the objects are accessed.

Enable Amazon Macie on the S3 buckets that were impacted, then perform data classification. For identified objects that contain PII, use the research function for auditing IAM CloudTrail logs and S3 bucket logs for GET operations.

Enable Amazon GuardDuty and enable the PII rule set on the S3 buckets that were impacted, then perform data classification. Using the PII findings report from GuardDuty, query the S3 bucket logs by using Athena for GET operations.

Enable Amazon Inspector on the S3 buckets that were impacted, then perform data classification. For identified objects that contain PII, query the S3 bucket logs by using Athena for GET operations.

Discussion

Question 77

A company has Windows Amazon EC2 instances in a VPC that are joined to on-premises Active Directory servers for domain services. The security team has enabled Amazon GuardDuty on the IAM account to alert on issues with the instances.

During a weekly audit of network traffic, the Security Engineer notices that one of the EC2 instances is attempting to communicate with a known command-and-control server but failing. This alert does not show up in GuardDuty.

Why did GuardDuty fail to alert to this behavior?

Options:

GuardDuty did not have the appropriate alerts activated.

GuardDuty does not see these DNS requests.

GuardDuty only monitors active network traffic flow for command-and-control activity.

GuardDuty does not report on command-and-control activity.

Discussion

Question 78

A company hosts a popular web application that connects to an Amazon RDS MySQL DB instance running in a private VPC subnet that was created with default ACL settings. The IT Security department has a suspicion that a DDos attack is coming from a suspecting IP. How can you protect the subnets from this attack?

Please select:

Options:

Change the Inbound Security Groups to deny access from the suspecting IP

Change the Outbound Security Groups to deny access from the suspecting IP

Change the Inbound NACL to deny access from the suspecting IP

Change the Outbound NACL to deny access from the suspecting IP

Discussion

Question 79

An application outputs logs to a text file. The logs must be continuously monitored for security incidents.

Which design will meet the requirements with MINIMUM effort?

Options:

Create a scheduled process to copy the component’s logs into Amazon S3. Use S3 events to trigger a Lambda function that updates Amazon CloudWatch metrics with the log data. Set up CloudWatch alerts based on the metrics.

Install and configure the Amazon CloudWatch Logs agent on the application’s EC2 instance. Create a CloudWatch metric filter to monitor the application logs. Set up CloudWatch alerts based on the metrics.

Create a scheduled process to copy the application log files to IAM CloudTrail. Use S3 events to trigger Lambda functions that update CloudWatch metrics with the log data. Set up CloudWatch alerts based on the metrics.

Create a file watcher that copies data to Amazon Kinesis when the application writes to the log file. Have Kinesis trigger a Lambda function to update Amazon CloudWatch metrics with the log data. Set up CloudWatch alerts based on the metrics.

Discussion

Sarah

Yeah, I was so relieved when I saw that the question appeared in the exam were similar to their exam dumps. It made the exam a lot easier and I felt confident going into it.

Aaliyah Aug 27, 2024

Same here. I've heard mixed reviews about using exam dumps, but for us, it definitely paid off.

Peyton

Hey guys. Guess what? I passed my exam. Thanks a lot Cramkey, your provided information was relevant and reliable.

Coby Sep 6, 2024

Thanks for sharing your experience. I think I'll give Cramkey a try for my next exam.

Aliza

I used these dumps for my recent certification exam and I can say with certainty that they're absolutely valid dumps. The questions were very similar to what came up in the actual exam.

Jakub Sep 22, 2024

That's great to hear. I am going to try them soon.

Osian

Dumps are fantastic! I recently passed my certification exam using these dumps and I must say, they are 100% valid.

Azaan Aug 8, 2024

They are incredibly accurate and valid. I felt confident going into my exam because the dumps covered all the important topics and the questions were very similar to what I saw on the actual exam. The team of experts behind Cramkey Dumps make sure the information is relevant and up-to-date.

Page: 19 / 43

Title

Questions

Posted

amazon web services.actualtests.amazon web services scs-c01 questions answers.by serena.q53.vce.pdf

2024-12-26

amazon web services.passcert.scs-c01 based on real exam environment.by cassius.q372.vce.pdf

372

2025-01-31

amazon web services.passguarantee.aws certified specialty scs-c01 updated exam.by corey.q532.vce.pdf

532

2025-01-12