New Year Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

Amazon Web Services Updated SCS-C01 Exam Questions and Answers by safaa

Page: 8 / 43

Amazon Web Services SCS-C01 Exam Overview :

Exam Name: AWS Certified Security - Specialty
Exam Code: SCS-C01 Dumps
Vendor: Amazon Web Services Certification: AWS Certified Specialty
Questions: 589 Q&A's Shared By: safaa
Question 32

A company Is trying to replace its on-premises bastion hosts used to access on-premises Linux servers with IAM Systems Manager Session Manager. A security engineer has installed the Systems Manager Agent on all servers. The security engineer verifies that the agent is running on all the servers, but Session Manager cannot connect to them. The security engineer needs to perform verification steps before Session Manager will work on the servers.

Which combination of steps should the security engineer perform? (Select THREE.)

Options:

A.

Open inbound port 22 to 0 0.0.0/0 on all Linux servers.

B.

Enable the advanced-instances tier in Systems Manager.

C.

Create a managed-instance activation for the on-premises servers.

D.

Reconfigure the Systems Manager Agent with the activation code and ID.

E.

Assign an IAM role to all of the on-premises servers.

F.

Initiate an inventory collection with Systems Manager on the on-premises servers

Discussion
Question 33

An application is currently secured using network access control lists and security groups. Web servers are located in public subnets behind an Application Load Balancer (ALB); application servers are located in private subnets.

How can edge security be enhanced to safeguard the Amazon EC2 instances against attack? (Choose two.)

Options:

A.

Configure the application’s EC2 instances to use NAT gateways for all inbound traffic.

B.

Move the web servers to private subnets without public IP addresses.

C.

Configure IAM WAF to provide DDoS attack protection for the ALB.

D.

Require all inbound network traffic to route through a bastion host in the private subnet.

E.

Require all inbound and outbound network traffic to route through an IAM Direct Connect connection.

Discussion
Question 34

A company is developing a new mobile app for social media sharing. The company's development team has decided to use Amazon S3 to store at media files generated by mobile app users The company wants to allow users to control whether their own tiles are public, private, of shared with other users in their social network

what should the development team do to implement the type of access control with the LEAST administrative effort?

Options:

A.

Use individual ACLs on each S3 object.

B.

Use IAM groups tor sharing files between application social network users

C.

Store each user's files in a separate S3 bucket and apery a bucket policy based on the user's sharing settings

D.

Generate presigned UPLs for each file access

Discussion
Question 35

A company wants to encrypt data locally while meeting regulatory requirements related to key exhaustion. The encryption key can be no more than 10 days old or encrypt more than 2" 16 objects Any encryption key must be generated on a FlPS-validated hardware security module (HSM). The company is cost-conscious, as plans to upload an average of 100 objects to Amazon S3 each second for sustained operations across 5 data producers

When approach MOST efficiently meets the company's needs?

Options:

A.

Use the IAM Encryption SDK and set the maximum age to 10 days and the minimum number of messages encrypted to 3" 16. Use IAM Key Management Service (IAM KMS) to generate the master key and data key Use data key caching with the Encryption SDk during the encryption process.

B.

Use IAM Key Management Service (IAM KMS) to generate an IAM managed CMK. Then use Amazon S3 client-side encryption configured to automatically rotate with every object

C.

Use IAM CloudHSM to generate the master key and data keys. Then use Boto 3 and Python to locally encrypt data before uploading the object Rotate the data key every 10 days or after 2" 16 objects have been Uploaded to Amazon 33

D.

Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) and set the master key to automatically rotate.

Discussion
Ivan
I tried these dumps for my recent certification exam and I found it pretty helpful.
Elis Sep 17, 2024
Agree!!! The questions in the dumps were quite similar to what came up in the actual exam. It gave me a good idea of the types of questions to expect and helped me revise efficiently.
Anaya
I found so many of the same questions on the real exam that I had already seen in the Cramkey Dumps. Thank you so much for making exam so easy for me. I passed it successfully!!!
Nina Oct 14, 2024
It's true! I felt so much more confident going into the exam because I had already seen and understood the questions.
Andrew
Are these dumps helpful?
Jeremiah Oct 27, 2024
Yes, Don’t worry!!! I'm confident you'll find them to be just as helpful as I did. Good luck with your exam!
Wyatt
Passed my exam… Thank you so much for your excellent Exam Dumps.
Arjun Sep 18, 2024
That sounds really useful. I'll definitely check it out.
Page: 8 / 43
Title
Questions
Posted

SCS-C01
PDF

$36.75  $104.99

SCS-C01 Testing Engine

$43.75  $124.99

SCS-C01 PDF + Testing Engine

$57.75  $164.99