Amazon Web Services chinesedumps scs-c01 Exam Results by Elara q426 vce pdf

Page: 27 / 43

Exam Name:	AWS Certified Security - Specialty
Exam Code:	SCS-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	589 Q&A's	Shared By:	elara

Question 108

A security engineer needs to build a solution to turn IAM CloudTrail back on in multiple IAM Regions in case it is ever turned off.

What is the MOST efficient way to implement this solution?

Options:

Use IAM Config with a managed rule to trigger the IAM-EnableCloudTrail remediation.

Create an Amazon EventBridge (Amazon CloudWatch Events) event with a cloudtrail.amazonIAM.com event source and a StartLogging event name to trigger an IAM Lambda function to call the StartLogging API.

Create an Amazon CloudWatch alarm with a cloudtrail.amazonIAM.com event source and a StopLogging event name to trigger an IAM Lambda function to call the StartLogging API.

Monitor IAM Trusted Advisor to ensure CloudTrail logging is enabled.

Discussion

Question 109

A security engineer needs to see up an Amazon CloudFront distribution for an Amazon S3 bucket that hosts a static website. The security engineer must allow only specified IP addresses to access the website. The security engineer also must prevent users from accessing the website directly by using S3 URLs.

Which solution will meet these requirements?

Options:

Generate an S3 bucket policy. Specify cloudfront amazonaws com as the principal. Use the aws Sourcelp condition key to allow access only if the request conies from the specified IP addresses.

Create a CloudFront origin access identity (OAl). Create the S3 bucket policy so that only the OAl has access. Create an AWS WAF web ACL and add an IP set rule. Associate the web ACL with the CloudFront distribution.

Implement security groups to allow only the specified IP addresses access and to restrict S3 bucket access by using the CloudFront distribution.

Create an S3 bucket access point to allow access from only the CloudFront distribution. Create an AWS WAF web ACL and add an IP set rule. Associate the web ACL with the CloudFront distribution.

Discussion

Question 110

Developers in an organization have moved from a standard application deployment to containers. The Security Engineer is tasked with ensuring that the containers are secure. Which strategies will reduce the attack surface and enhance the security of the containers? (Select TWO.)

Options:

Use the containers to automate security deployments.

Limit resource consumption (CPU, memory), networking connections, ports, and unnecessary container libraries.

Segregate containers by host, function, and data classification.

Use Docker Notary framework to sign task definitions.

Enable container breakout at the host kernel.

Discussion

Carson

Yeah, definitely. I would definitely recommend Cramkey Dumps to anyone who is preparing for an exam.

Rufus Aug 20, 2024

Me too. They're a lifesaver!

Elise

I've heard that Cramkey is one of the best websites for exam dumps. They have a high passing rate and the questions are always up-to-date. Is it true?

Cian Sep 26, 2024

Definitely. The dumps are constantly updated to reflect the latest changes in the certification exams. And I also appreciate how they provide explanations for the answers, so I could understand the reasoning behind each question.

Hassan

Highly Recommended Dumps… today I passed my exam! Same questions appear. I bought Full Access.

Kasper Oct 20, 2024

Hey wonderful….so same questions , sounds good. Planning to write this week, I will go for full access today.

Anaya

I found so many of the same questions on the real exam that I had already seen in the Cramkey Dumps. Thank you so much for making exam so easy for me. I passed it successfully!!!

Nina Oct 14, 2024

It's true! I felt so much more confident going into the exam because I had already seen and understood the questions.

Question 111

A website currently runs on Amazon EC2, wan mostly statics content on the site. Recently the site was subjected to a DDoS attack a security engineer was (asked was redesigning the edge security to help

Mitigate this risk in the future.

What are some ways the engineer could achieve this (Select THREE)?

Options:

Use IAM X-Ray to inspect the trafﬁc going to the EC2 instances.

Move the static content to Amazon S3, and front this with an Amazon Cloud Front distribution.

Change the security group conﬁguration to block the source of the attack trafﬁc

Use IAM WAF security rules to inspect the inbound trafﬁc.

Use Amazon Inspector assessment templates to inspect the inbound traffic.

Use Amazon Route 53 to distribute trafﬁc.

Discussion

Page: 27 / 43

Title