New Year Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

Amazon Web Services Updated SCS-C01 Exam Questions and Answers by ashton

Page: 25 / 43

Amazon Web Services SCS-C01 Exam Overview :

Exam Name: AWS Certified Security - Specialty
Exam Code: SCS-C01 Dumps
Vendor: Amazon Web Services Certification: AWS Certified Specialty
Questions: 589 Q&A's Shared By: ashton
Question 100

A company is undergoing a layer 3 and layer 4 DDoS attack on its web servers running on IAM.

Which combination of IAM services and features will provide protection in this scenario? (Select THREE).

Options:

A.

Amazon Route 53

B.

IAM Certificate Manager (ACM)

C.

Amazon S3

D.

IAM Shield

E.

Elastic Load Balancer

F.

Amazon GuardDuty

Discussion
Question 101

A company's Security Engineer is copying all application logs to centralized Amazon S3 buckets. Currently, each of the company's applications is in its own IAM account, and logs are pushed into S3 buckets associated with each account. The Engineer will deploy an IAM Lambda function into each account that copies the relevant log files to the centralized S3 bucket.

The Security Engineer is unable to access the log files in the centralized S3 bucket. The Engineer's IAM user policy from the centralized account looks like this:

Questions 101

The centralized S3 bucket policy looks like this:

Questions 101

Why is the Security Engineer unable to access the log files?

Options:

A.

The S3 bucket policy does not explicitly allow the Security Engineer access to the objects in the bucket.

B.

The object ACLs are not being updated to allow the users within the centralized account to access the objects

C.

The Security Engineers IAM policy does not grant permissions to read objects in the S3 bucket

D.

The s3:PutObject and s3:PutObjectAcl permissions should be applied at the S3 bucket level

Discussion
Question 102

A business stores website images in an Amazon S3 bucket. The firm serves the photos to end users through Amazon CloudFront. The firm learned lately that the photographs are being accessible from nations in which it does not have a distribution license.

Which steps should the business take to safeguard the photographs and restrict their distribution? (Select two.)

Options:

A.

Update the S3 bucket policy to restrict access to a CloudFront origin access identity (OAI).

B.

Update the website DNS record to use an Amazon Route 53 geolocation record deny list of countries where the company lacks a license.

C.

Add a CloudFront geo restriction deny list of countries where the company lacks a license.

D.

Update the S3 bucket policy with a deny list of countries where the company lacks a license.

E.

Enable the Restrict Viewer Access option in CloudFront to create a deny list of countries where the company lacks a license.

Discussion
Question 103

A company is designing a new application stack. The design includes web servers and backend servers that are hosted on Amazon EC2 instances. The design also includes an Amazon Aurora MySQL DB cluster.

The EC2 instances are m an Auto Scaling group that uses launch templates. The EC2 instances for the web layer and the backend layer are backed by Amazon Elastic Block Store (Amazon EBS) volumes. No layers are encrypted at rest. A security engineer needs to implement encryption at rest.

Which combination of steps will meet these requirements? (Select TWO.)

Options:

A.

Modify EBS default encryption settings in the target AWS Region to enable encryption. Use an Auto Scaling group instance refresh.

B.

Modify the launch templates for the web layer and the backend layer to add AWS Certificate Manager (ACM) encryption for the attached EBS volumes. Use an Auto Scaling group instance refresh.

C.

Create a new AWS Key Management Service (AWS KMS) encrypted DB cluster from a snapshot of the existing DB cluster.

D.

Apply AWS Key Management Service (AWS KMS) encryption to the existing DB cluster.

E.

Apply AWS Certificate Manager (ACM) encryption to the existing DB cluster.

Discussion
Sam
Can I get help from these dumps and their support team for preparing my exam?
Audrey Aug 29, 2024
Definitely, you won't regret it. They've helped so many people pass their exams and I'm sure they'll help you too. Good luck with your studies!
Freddy
I passed my exam with flying colors and I'm confident who will try it surely ace the exam.
Aleksander Sep 26, 2024
Thanks for the recommendation! I'll check it out.
Alaya
Best Dumps among other dumps providers. I like it so much because of their authenticity.
Kaiden Sep 16, 2024
That's great. I've used other dump providers in the past and they were often outdated or had incorrect information. This time I will try it.
Hassan
Highly Recommended Dumps… today I passed my exam! Same questions appear. I bought Full Access.
Kasper Oct 20, 2024
Hey wonderful….so same questions , sounds good. Planning to write this week, I will go for full access today.
Page: 25 / 43
Title
Questions
Posted

SCS-C01
PDF

$36.75  $104.99

SCS-C01 Testing Engine

$43.75  $124.99

SCS-C01 PDF + Testing Engine

$57.75  $164.99