New Year Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

Amazon Web Services Updated SCS-C01 Exam Questions and Answers by damir

Page: 14 / 43

Amazon Web Services SCS-C01 Exam Overview :

Exam Name: AWS Certified Security - Specialty
Exam Code: SCS-C01 Dumps
Vendor: Amazon Web Services Certification: AWS Certified Specialty
Questions: 589 Q&A's Shared By: damir
Question 56

An application has been written that publishes custom metrics to Amazon CloudWatch. Recently, IAM changes have been made on the account and the metrics are no longer being reported.

Which of the following is the LEAST permissive solution that will allow the metrics to be delivered?

Options:

A.

Add a statement to the IAM policy used by the application to allow logs:putLogEvents and logs:createLogStream

B.

Modify the IAM role used by the application by adding the CloudWatchFullAccess managed policy.

C.

Add a statement to the IAM policy used by the application to allow cloudwatch:putMetricData.

D.

Add a trust relationship to the IAM role used by the application for cloudwatch.amazonIAM.com.

Discussion
Question 57

A company stores data on an Amazon EBS volume attached to an Amazon EC2 instance. The data is asynchronously replicated to an Amazon S3 bucket. Both the EBS volume and the S3 bucket are encrypted with the same IAM KMS Customer Master Key (CMK). A former employee scheduled a deletion of that CMK before leaving the company.

The company’s Developer Operations department learns about this only after the CMK has been deleted.

Which steps must be taken to address this situation?

Options:

A.

Copy the data directly from the EBS encrypted volume before the volume is detached from the EC2 instance.

B.

Recover the data from the EBS encrypted volume using an earlier version of the KMS backing key.

C.

Make a request to IAM Support to recover the S3 encrypted data.

D.

Make a request to IAM Support to restore the deleted CMK, and use it to recover the data.

Discussion
Question 58

During a recent internal investigation, it was discovered that all API logging was disabled in a production account, and the root user had created new API keys that appear to have been used several times.

What could have been done to detect and automatically remediate the incident?

Options:

A.

Using Amazon Inspector, review all of the API calls and configure the inspector agent to leverage SNS topics to notify security of the change to IAM CloudTrail, and revoke the new API keys for the root user.

B.

Using IAM Config, create a config rule that detects when IAM CloudTrail is disabled, as well as any calls to the root user create-api-key. Then use a Lambda function to re-enable CloudTrail logs and deactivate the root API keys.

C.

Using Amazon CloudWatch, create a CloudWatch event that detects IAM CloudTrail deactivation and a separate Amazon Trusted Advisor check to automatically detect the creation of root API keys. Then use a Lambda function to enable IAM CloudTrail and deactivate the root API keys.

D.

Using Amazon CloudTrail, create a new CloudTrail event that detects the deactivation of CloudTrail logs, and a separate CloudTrail event that detects the creation of root API keys. Then use a Lambda function to enable CloudTrail and deactivate the root API keys.

Discussion
Question 59

The Security Engineer is managing a web application that processes highly sensitive personal information. The application runs on Amazon EC2. The application has strict compliance requirements, which instruct that all incoming traffic to the application is protected from common web exploits and that all outgoing traffic from the EC2 instances is restricted to specific whitelisted URLs.

Which architecture should the Security Engineer use to meet these requirements?

Options:

A.

Use IAM Shield to scan inbound traffic for web exploits. Use VPC Flow Logs and IAM Lambda to restrict egress traffic to specific whitelisted URLs.

B.

Use IAM Shield to scan inbound traffic for web exploits. Use a third-party IAM Marketplace solution to restrict egress traffic to specific whitelisted URLs.

C.

Use IAM WAF to scan inbound traffic for web exploits. Use VPC Flow Logs and IAM Lambda to restrict egress traffic to specific whitelisted URLs.

D.

Use IAM WAF to scan inbound traffic for web exploits. Use a third-party IAM Marketplace solution to restrict egress traffic to specific whitelisted URLs.

Discussion
Alaya
Best Dumps among other dumps providers. I like it so much because of their authenticity.
Kaiden Sep 16, 2024
That's great. I've used other dump providers in the past and they were often outdated or had incorrect information. This time I will try it.
Victoria
Hey, guess what? I passed the certification exam! I couldn't have done it without Cramkey Dumps.
Isabel Sep 21, 2024
Same here! I was so surprised when I saw that almost all the questions on the exam were exactly what I found in their study materials.
Anaya
I found so many of the same questions on the real exam that I had already seen in the Cramkey Dumps. Thank you so much for making exam so easy for me. I passed it successfully!!!
Nina Oct 14, 2024
It's true! I felt so much more confident going into the exam because I had already seen and understood the questions.
Ari
Can anyone explain what are these exam dumps and how are they?
Ocean Oct 16, 2024
They're exam preparation materials that are designed to help you prepare for various certification exams. They provide you with up-to-date and accurate information to help you pass your exams.
Page: 14 / 43
Title
Questions
Posted

SCS-C01
PDF

$36.75  $104.99

SCS-C01 Testing Engine

$43.75  $124.99

SCS-C01 PDF + Testing Engine

$57.75  $164.99