Amazon Web Services Updated SCS-C01 Exam Questions and Answers by kyan

The IAM Documentation mentions the following

IAM WAF is a web application firewall that helps detect and block malicious web requests targeted at your web applications. IAM WAF allows you to create rules that can help protect against common web exploits like SQL injection and cross-site scripting. With IAM WAF you first identify the resource (either an Amazon CloudFront distribution or an Application Load Balancer) that you need to protect.

Option A is invalid because this will only give advise on how you can better the security in your IAM account but not protect against threats mentioned in the question.

Option C is invalid because this can be used to scan EC2 Instances for vulnerabilities but not protect against threats mentioned in the question.

Option D is invalid because this can be used to check config changes but not protect against threats mentioned in the quest

For more information on IAM WAF, please visit the following URL:

https://IAM.amazon.com/waf/details;

The correct answer is: IAM WAF

Submit your Feedback/Queries to our Experts

"automatic key rotation has no effect on the data that the CMK protects. It does not rotate the data keys that the CMK generated or re-encrypt any data protected by the CMK, and it will not mitigate the effect of a compromised data key. You might decide to create a new CMK and use it in place of the original CMK. This has the same effect as rotating the key material in an existing CMK, so it's often thought of as manually rotating the key." https://docs.a ws.amazon.com/kms/latest/developerguide/rotate-keys.html

https://docs.IAM.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-manually for IAM standards

A year's time is generally too long a gap for conducting security audits

The IAM Documentation mentions the following

You should audit your security configuration in the following situations:

On a periodic basis.

If there are changes in your organization, such as people leaving.

If you have stopped using one or more individual IAM services. This is important for removing permissions that users in your account no longer need.

If you've added or removed software in your accounts, such as applications on Amazon EC2 instances, IAM OpsWor stacks, IAM CloudFormation templates, etc.

If you ever suspect that an unauthorized person might have accessed your account.

Option B, C and D are all the right ways and recommended best practices when it comes to conducting audits For more information on Security Audit guideline, please visit the below URL:

https://docs.IAM.amazon.com/eeneral/latest/gr/IAM-security-audit-euide.html

The correct answer is: Conduct an audit on a yearly basis Submit your Feedback/Queries to our Experts