New Year Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

Amazon Web Services Updated SCS-C01 Exam Questions and Answers by samir

Page: 16 / 43

Amazon Web Services SCS-C01 Exam Overview :

Exam Name: AWS Certified Security - Specialty
Exam Code: SCS-C01 Dumps
Vendor: Amazon Web Services Certification: AWS Certified Specialty
Questions: 589 Q&A's Shared By: samir
Question 64

A distributed web application is installed across several EC2 instances in public subnets residing in two Availability Zones. Apache logs show several intermittent brute-force attacks from hundreds of IP addresses at the layer 7 level over the past six months.

What would be the BEST way to reduce the potential impact of these attacks in the future?

Options:

A.

Use custom route tables to prevent malicious traffic from routing to the instances.

B.

Update security groups to deny traffic from the originating source IP addresses.

C.

Use network ACLs.

D.

Install intrusion prevention software (IPS) on each instance.

Discussion
Question 65

A company has a few dozen application servers in private subnets behind an Elastic Load Balancer (ELB) in an IAM Auto Scaling group. The application is accessed from the web over HTTPS. The data must always be encrypted in transit. The Security Engineer is worried about potential key exposure due to vulnerabilities in the application software.

Which approach will meet these requirements while protecting the external certificate during a breach?

Options:

A.

Use a Network Load Balancer (NLB) to pass through traffic on port 443 from the internet to port 443 on the instances.

B.

Purchase an external certificate, and upload it to the IAM Certificate Manager (for use with the ELB) and to the instances. Have the ELB decrypt traffic, and route and re-encrypt with the same certificate.

C.

Generate an internal self-signed certificate and apply it to the instances. Use IAM Certificate Manager to generate a new external certificate for the ELB. Have the ELB decrypt traffic, and route and re-encrypt with the internal certificate.

D.

Upload a new external certificate to the load balancer. Have the ELB decrypt the traffic and forward it on port 80 to the instances.

Discussion
Victoria
Hey, guess what? I passed the certification exam! I couldn't have done it without Cramkey Dumps.
Isabel Sep 21, 2024
Same here! I was so surprised when I saw that almost all the questions on the exam were exactly what I found in their study materials.
Norah
Cramkey is highly recommended.
Zayan Oct 17, 2024
Definitely. If you're looking for a reliable and effective study resource, look no further than Cramkey Dumps. They're simply wonderful!
Joey
I highly recommend Cramkey Dumps to anyone preparing for the certification exam. They have all the key information you need and the questions are very similar to what you'll see on the actual exam.
Dexter Aug 7, 2024
Agreed. It's definitely worth checking out if you're looking for a comprehensive and reliable study resource.
Anya
I must say they're considered the best dumps available and the questions are very similar to what you'll see in the actual exam. Recommended!!!
Cassius Nov 2, 2024
Yes, they offer a 100% success guarantee. And many students who have used them have reported passing their exams with flying colors.
Sarah
Yeah, I was so relieved when I saw that the question appeared in the exam were similar to their exam dumps. It made the exam a lot easier and I felt confident going into it.
Aaliyah Aug 27, 2024
Same here. I've heard mixed reviews about using exam dumps, but for us, it definitely paid off.
Question 66

What are the MOST secure ways to protect the IAM account root user of a recently opened IAM account? (Choose two.)

Options:

A.

Use the IAM account root user access keys instead of the IAM Management Console

B.

Enable multi-factor authentication for the IAM IAM users with the AdministratorAccess managed policy attached to them

C.

Enable multi-factor authentication for the IAM account root user

D.

Use IAM KMS to encrypt all IAM account root user and IAM IAM access keys and set automatic rotation to 30 days

E.

Do not create access keys for the IAM account root user; instead, create IAM IAM users

Discussion
Question 67

An IAM Lambda function was misused to alter data, and a Security Engineer must identify who invoked the function and what output was produced. The Engineer cannot find any logs created by the Lambda function in Amazon CloudWatch Logs.

Which of the following explains why the logs are not available?

Options:

A.

The execution role for the Lambda function did not grant permissions to write log data to CloudWatch Logs.

B.

The Lambda function was executed by using Amazon API Gateway, so the logs are not stored in CloudWatch Logs.

C.

The execution role for the Lambda function did not grant permissions to write to the Amazon S3 bucket where CloudWatch Logs stores the logs.

D.

The version of the Lambda function that was executed was not current.

Discussion
Page: 16 / 43
Title
Questions
Posted

SCS-C01
PDF

$36.75  $104.99

SCS-C01 Testing Engine

$43.75  $124.99

SCS-C01 PDF + Testing Engine

$57.75  $164.99