Amazon Web Services dumpsboss changed Scs-c01 Exam Questions by Erik q319 vce pdf

Page: 7 / 43

Exam Name:	AWS Certified Security - Specialty
Exam Code:	SCS-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	589 Q&A's	Shared By:	erik

Question 28

Users report intermittent availability of a web application hosted on IAM. Monitoring systems report an excess of abnormal network traffic followed by high CPU utilization on the application web tier. Which of the following techniques will improve the availability of the application? (Select TWO.)

Options:

Deploy IAM WAF to block all unsecured web applications from accessing the internet.

Deploy an Intrusion Detection/Prevention System (IDS/IPS) to monitor or block unusual incoming network traffic.

Configure security groups to allow outgoing network traffic only from hosts that are protected with up-to-date antivirus software.

Create Amazon CloudFront distribution and configure IAM WAF rules to protect the web applications from malicious traffic.

Use the default Amazon VPC for externakfacing systems to allow IAM to actively block malicious network traffic affecting Amazon EC2 instances.

Discussion

Question 29

A Security Engineer discovered a vulnerability in an application running on Amazon ECS. The vulnerability allowed attackers to install malicious code. Analysis of the code shows it exfiltrates data on port 5353 in batches at random time intervals.

While the code of the containers is being patched, how can Engineers quickly identify all compromised hosts and stop the egress of data on port 5353?

Options:

Enable IAM Shield Advanced and IAM WAF. Configure an IAM WAF custom filter for egress traffic on port 5353

Enable Amazon Inspector on Amazon ECS and configure a custom assessment to evaluate containers that have port 5353 open. Update the NACLs to block port 5353 outbound.

Create an Amazon CloudWatch custom metric on the VPC Flow Logs identifying egress traffic on port 5353. Update the NACLs to block port 5353 outbound.

Use Amazon Athena to query IAM CloudTrail logs in Amazon S3 and look for any traffic on port 5353. Update the security groups to block port 5353 outbound.

Discussion

Question 30

A company uses Microsoft Active Directory for access management for on-premises resources and wants to use the same mechanism for accessing its IAM accounts. Additionally, the development team plans to launch a public-facing application for which they need a separate authentication solution.

When coma nation of the following would satisfy these requirements? (Select TWO)

Options:

Set up domain controllers on Amazon EC2 to extend the on-premises directory to IAM

Establish network connectivity between on-premises and the user's VPC

Use Amazon Cognito user pools for application authentication

Use AD Connector tor application authentication.

Set up federated sign-in to IAM through ADFS and SAML.

Discussion

Question 31

An organization policy states that all encryption keys must be automatically rotated every 12 months.

Which IAM Key Management Service (KMS) key type should be used to meet this requirement?

Options:

IAM managed Customer Master Key (CMK)

Customer managed CMK with IAM generated key material

Customer managed CMK with imported key material

IAM managed data key

Discussion

Faye

Yayyyy. I passed my exam. I think all students give these dumps a try.

Emmeline Sep 12, 2024

Definitely! I have no doubt new students will find them to be just as helpful as I did.

Ace

No problem! I highly recommend Cramkey Dumps to anyone looking to pass their certification exams. They will help you feel confident and prepared on exam day. Good luck!

Harris Oct 31, 2024

That sounds amazing. I'll definitely check them out. Thanks for the recommendation!

Everleigh

I must say that they are updated regularly to reflect the latest exam content, so you can be sure that you are getting the most accurate information. Plus, they are easy to use and understand, so even new students can benefit from them.

Huxley Aug 26, 2024

That's great to know. So, you think new students should buy these dumps?

Victoria

Hey, guess what? I passed the certification exam! I couldn't have done it without Cramkey Dumps.

Isabel Sep 21, 2024

Same here! I was so surprised when I saw that almost all the questions on the exam were exactly what I found in their study materials.

Kylo

What makes Cramkey Dumps so reliable? Please guide.

Sami Aug 29, 2024

Well, for starters, they have a team of experts who are constantly updating their material to reflect the latest changes in the industry. Plus, they have a huge database of questions and answers, which makes it easy to study and prepare for the exam.

Page: 7 / 43

Title

Questions

Posted

amazon web services.actualtests.amazon web services scs-c01 questions answers.by serena.q53.vce.pdf

2024-12-29

amazon web services.passcert.scs-c01 based on real exam environment.by cassius.q372.vce.pdf

372

2024-12-24

amazon web services.passguarantee.aws certified specialty scs-c01 updated exam.by corey.q532.vce.pdf

532

2024-12-20