New Year Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

Amazon Web Services Updated SCS-C01 Exam Questions and Answers by richard

Page: 6 / 43

Amazon Web Services SCS-C01 Exam Overview :

Exam Name: AWS Certified Security - Specialty
Exam Code: SCS-C01 Dumps
Vendor: Amazon Web Services Certification: AWS Certified Specialty
Questions: 589 Q&A's Shared By: richard
Question 24

A company hosts a web-based application that captures and stores sensitive data in an Amazon DynamoDB table. A security audit reveals that the application does not provide end-to-end data protection or the ability to detect unauthorized data changes The software engineering team needs to make changes that will address the audit findings.

Which set of steps should the software engineering team take?

Options:

A.

Use an IAM Key Management Service (IAM KMS) CMK. Encrypt the data at rest.

B.

Use IAM Certificate Manager (ACM) Private Certificate Authority Encrypt the data in transit.

C.

Use a DynamoDB encryption client. Use client-side encryption and sign the table items

D.

Use the IAM Encryption SDK. Use client-side encryption and sign the table items.

Discussion
Question 25

A company has a VPC with an IPv6 address range and a public subnet with an IPv6 address block. The VPC currently hosts some public Amazon EC2 instances but a Security Engineer needs to migrate a second application into the VPC that also requires IPv6 connectivity.

This new application will occasionally make API requests to an external, internet-accessible endpoint to receive updates However, the Security team does not want the application's EC2 instance exposed directly to the internet The Security Engineer intends to create a private subnet with a custom route table and to associate the route table with the private subnet

What else does the Security Engineer need to do to ensure the application will not be exposed directly to the internet, but can still communicate as required''

Options:

A.

Launch a NAT instance in the public subnet Update the custom route table with a new route to the NAT instance

B.

Remove the internet gateway, and add IAM PrivateLink to the VPC Then update the custom route table with a new route to IAM PrivateLink

C.

Add a managed NAT gateway to the VPC Update the custom route table with a new route to the gateway

D.

Add an egress-only internet gateway to the VPC. Update the custom route table with a new route to the gateway

Discussion
Question 26

A company wants to encrypt the private network between its orvpremises environment and IAM. The company also wants a consistent network experience for its employees.

What should the company do to meet these requirements?

Options:

A.

Establish an IAM Direct Connect connection with IAM and set up a Direct Connect gateway. In the Direct Connect gateway configuration, enable IPsec and BGP, and then leverage native IAM network encryption between Availability Zones and Regions,

B.

Establish an IAM Direct Connect connection with IAM and set up a Direct Connect gateway. Using the Direct Connect gateway, create a private virtual interface and advertise the customer gateway private IP addresses. Create a VPN connection using the customer gateway and the virtual private gateway

C.

Establish a VPN connection with the IAM virtual private cloud over the internet

D.

Establish an IAM Direct Connect connection with IAM and establish a public virtual interface. For prefixes that need to be advertised, enter the customer gateway public IP addresses. Create a VPN connection over Direct Connect using the customer gateway and the virtual private gateway.

Discussion
Question 27

A Security Engineer for a large company is managing a data processing application used by 1,500 subsidiary companies. The parent and subsidiary companies all use IAM. The application uses TCP port 443 and runs on Amazon EC2 behind a Network Load Balancer (NLB). For compliance reasons, the application should only be accessible to the subsidiaries and should not be available on the public internet. To meet the compliance requirements for restricted access, the Engineer has received the public and private CIDR block ranges for each subsidiary

What solution should the Engineer use to implement the appropriate access restrictions for the application?

Options:

A.

Create a NACL to allow access on TCP port 443 from the 1;500 subsidiary CIDR block ranges. Associate the NACL to both the NLB and EC2 instances

B.

Create an IAM security group to allow access on TCP port 443 from the 1,500 subsidiary CIDR block ranges. Associate the security group to the NLB. Create a second security group for EC2 instances with access on TCP port 443 from the NLB security group.

C.

Create an IAM PrivateLink endpoint service in the parent company account attached to the NLB. Create an IAM security group for the instances to allow access on TCP port 443 from the IAM PrivateLink endpoint. Use IAM PrivateLink interface endpoints in the 1,500 subsidiary IAM accounts to connect to the data processing application.

D.

Create an IAM security group to allow access on TCP port 443 from the 1,500 subsidiary CIDR block ranges. Associate the security group with EC2 instances.

Discussion
Pippa
I was so happy to see that almost all the questions on the exam were exactly what I found in their Dumps.
Anastasia Sep 21, 2024
You are right…It was amazing! The Cramkey Dumps were so comprehensive and well-organized, it made studying for the exam a breeze.
Georgina
I used Cramkey Dumps to prepare for my recent exam and I have to say, they were a huge help.
Corey Oct 2, 2024
Really? How did they help you? I know these are the same questions appears in exam. I will give my try. But tell me if they also help in some training?
Lennie
I passed my exam and achieved wonderful score, I highly recommend it.
Emelia Oct 2, 2024
I think I'll give Cramkey a try next time I take a certification exam. Thanks for the recommendation!
Ava-Rose
Yes! Cramkey Dumps are amazing I passed my exam…Same these questions were in exam asked.
Ismail Sep 18, 2024
Wow, that sounds really helpful. Thanks, I would definitely consider these dumps for my certification exam.
Syeda
I passed, Thank you Cramkey for your precious Dumps.
Stella Aug 25, 2024
That's great. I think I'll give Cramkey Dumps a try.
Page: 6 / 43
Title
Questions
Posted

SCS-C01
PDF

$36.75  $104.99

SCS-C01 Testing Engine

$43.75  $124.99

SCS-C01 PDF + Testing Engine

$57.75  $164.99