Month End Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

Amazon Web Services Updated SCS-C01 Exam Questions and Answers by safaa

Page: 8 / 43

Amazon Web Services SCS-C01 Exam Overview :

Exam Name: AWS Certified Security - Specialty
Exam Code: SCS-C01 Dumps
Vendor: Amazon Web Services Certification: AWS Certified Specialty
Questions: 589 Q&A's Shared By: safaa
Question 32

A company Is trying to replace its on-premises bastion hosts used to access on-premises Linux servers with IAM Systems Manager Session Manager. A security engineer has installed the Systems Manager Agent on all servers. The security engineer verifies that the agent is running on all the servers, but Session Manager cannot connect to them. The security engineer needs to perform verification steps before Session Manager will work on the servers.

Which combination of steps should the security engineer perform? (Select THREE.)

Options:

A.

Open inbound port 22 to 0 0.0.0/0 on all Linux servers.

B.

Enable the advanced-instances tier in Systems Manager.

C.

Create a managed-instance activation for the on-premises servers.

D.

Reconfigure the Systems Manager Agent with the activation code and ID.

E.

Assign an IAM role to all of the on-premises servers.

F.

Initiate an inventory collection with Systems Manager on the on-premises servers

Discussion
Question 33

An application is currently secured using network access control lists and security groups. Web servers are located in public subnets behind an Application Load Balancer (ALB); application servers are located in private subnets.

How can edge security be enhanced to safeguard the Amazon EC2 instances against attack? (Choose two.)

Options:

A.

Configure the application’s EC2 instances to use NAT gateways for all inbound traffic.

B.

Move the web servers to private subnets without public IP addresses.

C.

Configure IAM WAF to provide DDoS attack protection for the ALB.

D.

Require all inbound network traffic to route through a bastion host in the private subnet.

E.

Require all inbound and outbound network traffic to route through an IAM Direct Connect connection.

Discussion
Stefan
Thank you so much Cramkey I passed my exam today due to your highly up to date dumps.
Ocean Aug 31, 2024
Agree….Cramkey Dumps are constantly updated based on changes in the exams. They also have a team of experts who regularly review the materials to ensure their accuracy and relevance. This way, you can be sure you're studying the most up-to-date information available.
Hendrix
Great website with Great Exam Dumps. Just passed my exam today.
Luka Aug 31, 2024
Absolutely. Cramkey Dumps only provides the latest and most updated exam questions and answers.
Melody
My experience with Cramkey was great! I was surprised to see that many of the questions in my exam appeared in the Cramkey dumps.
Colby Aug 17, 2024
Yes, In fact, I got a score of above 85%. And I attribute a lot of my success to Cramkey's dumps.
Amy
I passed my exam and found your dumps 100% relevant to the actual exam.
Lacey Aug 9, 2024
Yeah, definitely. I experienced the same.
Question 34

A company is developing a new mobile app for social media sharing. The company's development team has decided to use Amazon S3 to store at media files generated by mobile app users The company wants to allow users to control whether their own tiles are public, private, of shared with other users in their social network

what should the development team do to implement the type of access control with the LEAST administrative effort?

Options:

A.

Use individual ACLs on each S3 object.

B.

Use IAM groups tor sharing files between application social network users

C.

Store each user's files in a separate S3 bucket and apery a bucket policy based on the user's sharing settings

D.

Generate presigned UPLs for each file access

Discussion
Question 35

A company wants to encrypt data locally while meeting regulatory requirements related to key exhaustion. The encryption key can be no more than 10 days old or encrypt more than 2" 16 objects Any encryption key must be generated on a FlPS-validated hardware security module (HSM). The company is cost-conscious, as plans to upload an average of 100 objects to Amazon S3 each second for sustained operations across 5 data producers

When approach MOST efficiently meets the company's needs?

Options:

A.

Use the IAM Encryption SDK and set the maximum age to 10 days and the minimum number of messages encrypted to 3" 16. Use IAM Key Management Service (IAM KMS) to generate the master key and data key Use data key caching with the Encryption SDk during the encryption process.

B.

Use IAM Key Management Service (IAM KMS) to generate an IAM managed CMK. Then use Amazon S3 client-side encryption configured to automatically rotate with every object

C.

Use IAM CloudHSM to generate the master key and data keys. Then use Boto 3 and Python to locally encrypt data before uploading the object Rotate the data key every 10 days or after 2" 16 objects have been Uploaded to Amazon 33

D.

Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) and set the master key to automatically rotate.

Discussion
Page: 8 / 43
Title
Questions
Posted

SCS-C01
PDF

$36.75  $104.99

SCS-C01 Testing Engine

$43.75  $124.99

SCS-C01 PDF + Testing Engine

$57.75  $164.99