Amazon Web Services Updated SCS-C01 Exam Questions and Answers by carson

The IAM Documentation mentions the following

By default the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3)

Option B,C and D are all invalid because by default all logs are encrypted when they sent by Cloudtrail to S3 buckets

For more information on IAM Cloudtrail log encryption, please visit the following URL:

https://docs.IAM.amazon.com/IAMcloudtrail/latest/usereuide/encryptine-cloudtrail-loe-files-with-IAM-kms.htmll

The correct answer is: Don't do anything since CloudTrail logs are automatically encrypted. Submit your Feedback/Queries to our Experts

The IAM Documentation mentions the following

A user pool is a user directory in Amazon Cognito. With a user pool, your users can sign in to your web or mobile app through Amazon Cognito. Your users can also sign in through social identity providers like Facebook or Amazon, and through SAML identity providers. Whether your users sign in directly or through a third party, all members of the user pool have a directory profile that you can access through an SDK.

User pools provide:

Sign-up and sign-in services.

A built-in, customizable web Ul to sign in users.

Social sign-in with Facebook, Google, and Login with Amazon, as well as sign-in with SAML identity providers from your user

pool.

User directory management and user profiles.

Security features such as multi-factor authentication (MFA), checks for compromised credentials, account takeover protection, and phone and email verification.

Customized workflows and user migration through IAM Lambda triggers.

Options A and B are invalid because these are not used to manage users

Option D is invalid because this would be a maintenance overhead

For more information on Cognito User Identity pools, please refer to the below Link:

https://docs.IAM.amazon.com/coenito/latest/developerguide/cognito-user-identity-pools.html

The correct answer is: Use IAM Cognito to manage the user profiles Submit your Feedback/Queries to our Experts

The IAM Documentation mentions the following

You can create a load balancer that listens on both the HTTP (80) and HTTPS (443) ports. If you specify that the HTTPS listener sends requests to the instances on port 80, the load balancer terminates the requests and communication from the load balancer to the instances is not encrypted, if the HTTPS listener sends requests to the instances on port 443, communication from the load balancer to the instances is encrypted.

Option A is invalid because there is a need for secure traffic, so port 80 should not be used

Option D is invalid because for the HTTPS listener you need to use port 443

For more information on HTTPS with ELB, please refer to the below Link:

https://docs.IAM.amazon.com/elasticloadbalancing/latest/classic/elb-create-https-ssl-load-balancer.htmll

The correct answers are: Ensure the load balancer listens on port 443, Ensure the HTTPS listener sends requests to the instances on port 443

Submit your Feedback/Queries to our Experts

This is given in the IAM Documentation Creating a Key Pair

You can use Amazon EC2 to create your key pair. For more information, see Creating a Key Pair Using Amazon EC2.

Alternatively, you could use a third-party tool and then import the public key to Amazon EC2. For more information, see Importing Your Own Public Key to Amazon EC2.

Option B is Correct, because you can use the IAM CLI to create a new key pair 1 https://docs.IAM.amazon.com/cli/latest/userguide/cli-ec2-keypairs.html

Option D is invalid because the public key needs to be stored in the EC2 Instance For more information on EC2 Key pairs, please visit the below URL:

* https://docs.IAM.amazon.com/IAMEC2/latest/UserGuide/ec2-key-pairs

The correct answers are: Use a third party tool to create the Key pair. Create a new key pair using the IAM CLI, Import the public key into EC2

Submit your Feedback/Queries to our Experts