Month End Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

Amazon Web Services Updated SCS-C01 Exam Questions and Answers by erik

Page: 7 / 43

Amazon Web Services SCS-C01 Exam Overview :

Exam Name: AWS Certified Security - Specialty
Exam Code: SCS-C01 Dumps
Vendor: Amazon Web Services Certification: AWS Certified Specialty
Questions: 589 Q&A's Shared By: erik
Question 28

Users report intermittent availability of a web application hosted on IAM. Monitoring systems report an excess of abnormal network traffic followed by high CPU utilization on the application web tier. Which of the following techniques will improve the availability of the application? (Select TWO.)

Options:

A.

Deploy IAM WAF to block all unsecured web applications from accessing the internet.

B.

Deploy an Intrusion Detection/Prevention System (IDS/IPS) to monitor or block unusual incoming network traffic.

C.

Configure security groups to allow outgoing network traffic only from hosts that are protected with up-to-date antivirus software.

D.

Create Amazon CloudFront distribution and configure IAM WAF rules to protect the web applications from malicious traffic.

E.

Use the default Amazon VPC for externakfacing systems to allow IAM to actively block malicious network traffic affecting Amazon EC2 instances.

Discussion
Lois
I passed my exam with wonderful score. Their dumps are 100% valid and I felt confident during the exam.
Ernie Oct 29, 2024
Absolutely. The best part is, the answers in the dumps were correct. So, I felt confident and well-prepared for the exam.
Alaia
These Dumps are amazing! I used them to study for my recent exam and I passed with flying colors. The information in the dumps is so valid and up-to-date. Thanks a lot!!!
Zofia Sep 9, 2024
That's great to hear! I've been struggling to find good study material for my exam. I will ty it for sure.
Josie
I just passed my certification exam using their dumps and I must say, I was thoroughly impressed.
Fatimah Oct 24, 2024
You’re right. The dumps were authentic and covered all the important topics. I felt confident going into the exam and it paid off.
Atlas
What are these Dumps? Would anybody please explain it to me.
Reign Aug 14, 2024
These are exam dumps for a variety of IT certifications. They have a vast collection of updated questions and answers, which are very helpful in preparing for the exams.
Ari
Can anyone explain what are these exam dumps and how are they?
Ocean Oct 16, 2024
They're exam preparation materials that are designed to help you prepare for various certification exams. They provide you with up-to-date and accurate information to help you pass your exams.
Question 29

A Security Engineer discovered a vulnerability in an application running on Amazon ECS. The vulnerability allowed attackers to install malicious code. Analysis of the code shows it exfiltrates data on port 5353 in batches at random time intervals.

While the code of the containers is being patched, how can Engineers quickly identify all compromised hosts and stop the egress of data on port 5353?

Options:

A.

Enable IAM Shield Advanced and IAM WAF. Configure an IAM WAF custom filter for egress traffic on port 5353

B.

Enable Amazon Inspector on Amazon ECS and configure a custom assessment to evaluate containers that have port 5353 open. Update the NACLs to block port 5353 outbound.

C.

Create an Amazon CloudWatch custom metric on the VPC Flow Logs identifying egress traffic on port 5353. Update the NACLs to block port 5353 outbound.

D.

Use Amazon Athena to query IAM CloudTrail logs in Amazon S3 and look for any traffic on port 5353. Update the security groups to block port 5353 outbound.

Discussion
Question 30

A company uses Microsoft Active Directory for access management for on-premises resources and wants to use the same mechanism for accessing its IAM accounts. Additionally, the development team plans to launch a public-facing application for which they need a separate authentication solution.

When coma nation of the following would satisfy these requirements? (Select TWO)

Options:

A.

Set up domain controllers on Amazon EC2 to extend the on-premises directory to IAM

B.

Establish network connectivity between on-premises and the user's VPC

C.

Use Amazon Cognito user pools for application authentication

D.

Use AD Connector tor application authentication.

E.

Set up federated sign-in to IAM through ADFS and SAML.

Discussion
Question 31

An organization policy states that all encryption keys must be automatically rotated every 12 months.

Which IAM Key Management Service (KMS) key type should be used to meet this requirement?

Options:

A.

IAM managed Customer Master Key (CMK)

B.

Customer managed CMK with IAM generated key material

C.

Customer managed CMK with imported key material

D.

IAM managed data key

Discussion
Page: 7 / 43
Title
Questions
Posted

SCS-C01
PDF

$36.75  $104.99

SCS-C01 Testing Engine

$43.75  $124.99

SCS-C01 PDF + Testing Engine

$57.75  $164.99