Amazon Web Services examstrust amazon Web Services Scs-c01 Online Access by Amani q53 vce pdf

Page: 42 / 43

Exam Name:	AWS Certified Security - Specialty
Exam Code:	SCS-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	589 Q&A's	Shared By:	amani

Question 168

DDoS attacks that happen at the application layer commonly target web applications with lower volumes of traffic compared to infrastructure attacks. To mitigate these types of attacks, you should probably want to include a WAF (Web Application Firewall) as part of your infrastructure. To inspect all HTTP requests, WAFs sit in-line with your application traffic. Unfortunately, this creates a scenario where WAFs can become a point of failure or bottleneck. To mitigate this problem, you need the ability to run multiple WAFs on demand during traffic spikes. This type of scaling for WAF is done via a "WAF sandwich." Which of the following statements best describes what a "WAF sandwich" is? Choose the correct answer from the options below

Please select:

Options:

The EC2 instance running your WAF software is placed between your private subnets and any NATed connections to the internet.

The EC2 instance running your WAF software is placed between your public subnets and your Internet Gateway.

The EC2 instance running your WAF software is placed between your public subnets and your private subnets.

The EC2 instance running your WAF software is included in an Auto Scaling group and placed in between two Elastic load balancers.

Discussion

Question 169

Your company has defined a set of S3 buckets in IAM. They need to monitor the S3 buckets and know the source IP address and the person who make requests to the S3 bucket. How can this be achieved?

Please select:

Options:

Enable VPC flow logs to know the source IP addresses

Monitor the S3 API calls by using Cloudtrail logging

Monitor the S3 API calls by using Cloudwatch logging

Enable IAM Inspector for the S3 bucket

Discussion

Question 170

Your company has a set of EC2 Instances defined in IAM. They need to ensure that all traffic packets are monitored and inspected for any security threats. How can this be achieved? Choose 2 answers from the options given below

Please select:

Options:

Use a host based intrusion detection system

Use a third party firewall installed on a central EC2 instance

Use VPC Flow logs

Use Network Access control lists logging

Discussion

Freddy

I passed my exam with flying colors and I'm confident who will try it surely ace the exam.

Aleksander Sep 26, 2024

Thanks for the recommendation! I'll check it out.

Georgina

I used Cramkey Dumps to prepare for my recent exam and I have to say, they were a huge help.

Corey Oct 2, 2024

Really? How did they help you? I know these are the same questions appears in exam. I will give my try. But tell me if they also help in some training?

Honey

I highly recommend it. They made a big difference for me and I'm sure they'll help you too. Just make sure to use them wisely and not solely rely on them. They should be used as a supplement to your regular studies.

Antoni Oct 25, 2024

Good point. Thanks for the advice. I'll definitely keep that in mind.

Aryan

Absolutely rocked! They are an excellent investment for anyone who wants to pass the exam on the first try. They save you time and effort by providing a comprehensive overview of the exam content, and they give you a competitive edge by giving you access to the latest information. So, I definitely recommend them to new students.

Jessie Sep 28, 2024

did you use PDF or Engine? Which one is most useful?

Esmae

I highly recommend Cramkey Dumps to anyone preparing for the certification exam.

Mollie Aug 15, 2024

Absolutely. They really make it easier to study and retain all the important information. I'm so glad I found Cramkey Dumps.

Question 171

A company is using a Redshift cluster to store their data warehouse. There is a requirement from the Internal IT Security team to ensure that data gets encrypted for the Redshift database. How can this be achieved?

Please select:

Options:

Encrypt the EBS volumes of the underlying EC2 Instances

Use IAM KMS Customer Default master key

Use SSL/TLS for encrypting the data

Use S3 Encryption