Amazon Web Services nwexams ace Your Scs-c01 Aws Certified Specialty Exam by Mabli q426 vce pdf

Page: 17 / 43

Exam Name:	AWS Certified Security - Specialty
Exam Code:	SCS-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	589 Q&A's	Shared By:	mabli

Question 68

A company uses user data scripts that contain sensitive information to bootstrap Amazon EC2 instances. A Security Engineer discovers that this sensitive information is viewable by people who should not have access to it.

What is the MOST secure way to protect the sensitive information used to bootstrap the instances?

Options:

Store the scripts in the AMI and encrypt the sensitive data using IAM KMS Use the instance role profile to control access to the KMS keys needed to decrypt the data.

Store the sensitive data in IAM Systems Manager Parameter Store using the encrypted string parameter and assign the GetParameters permission to the EC2 instance role.

Externalize the bootstrap scripts in Amazon S3 and encrypt them using IAM KMS. Remove the scripts from the instance and clear the logs after the instance is configured.

Block user access of the EC2 instance's metadata service using IAM policies. Remove all scripts and clear the logs after execution.

Discussion

Question 69

An application uses Amazon Cognito to manage end users’ permissions when directly accessing IAM resources, including Amazon DynamoDB. A new feature request reads as follows:

Provide a mechanism to mark customers as suspended pending investigation or suspended permanently. Customers should still be able to log in when suspended, but should not be able to make changes.

The priorities are to reduce complexity and avoid potential for future security issues.

Which approach will meet these requirements and priorities?

Options:

Create a new database field “suspended_status” and modify the application logic to validate that field when processing requests.

Add suspended customers to second Cognito user pool and update the application login flow to check both user pools.

Use Amazon Cognito Sync to push out a “suspension_status” parameter and split the lAM policy into normal users and suspended users.

Move suspended customers to a second Cognito group and define an appropriate IAM access policy for the group.

Discussion

Question 70

A Security Engineer is building a Java application that is running on Amazon EC2. The application communicates with an Amazon RDS instance and authenticates with a user name and password.

Which combination of steps can the Engineer take to protect the credentials and minimize downtime when the credentials are rotated? (Choose two.)

Options:

Have a Database Administrator encrypt the credentials and store the ciphertext in Amazon S3. Grant permission to the instance role associated with the EC2 instance to read the object and decrypt the ciphertext.

Configure a scheduled job that updates the credential in IAM Systems Manager Parameter Store and notifies the Engineer that the application needs to be restarted.

Configure automatic rotation of credentials in IAM Secrets Manager.

Store the credential in an encrypted string parameter in IAM Systems Manager Parameter Store. Grant permission to the instance role associated with the EC2 instance to access the parameter and the IAM KMS key that is used to encrypt it.

Configure the Java application to catch a connection failure and make a call to IAM Secrets Manager to retrieve updated credentials when the password is rotated. Grant permission to the instance role associated with the EC2 instance to access Secrets Manager.

Discussion

Question 71

A company runs an application on IAM that needs to be accessed only by employees. Most employees work from the office, but others work remotely or travel.

How can the Security Engineer protect this workload so that only employees can access it?

Options:

Add each employee’s home IP address to the security group for the application so that only those users can access the workload.

Create a virtual gateway for VPN connectivity for each employee, and restrict access to the workload from within the VPC.

Use a VPN appliance from the IAM Marketplace for users to connect to, and restrict workload access to traffic from that appliance.

Route all traffic to the workload through IAM WAF. Add each employee’s home IP address into an IAM WAF rule, and block all other traffic.

Discussion

Andrew

Are these dumps helpful?

Jeremiah Oct 27, 2024

Yes, Don’t worry!!! I'm confident you'll find them to be just as helpful as I did. Good luck with your exam!

Everleigh

I must say that they are updated regularly to reflect the latest exam content, so you can be sure that you are getting the most accurate information. Plus, they are easy to use and understand, so even new students can benefit from them.

Huxley Aug 26, 2024

That's great to know. So, you think new students should buy these dumps?

Addison

Want to tell everybody through this platform that I passed my exam with excellent score. All credit goes to Cramkey Exam Dumps.

Libby Aug 9, 2024

That's good to know. I might check it out for my next IT certification exam. Thanks for the info.

Josephine

I want to ask about their study material and Customer support? Can anybody guide me?

Zayd Oct 22, 2024

Yes, the dumps or study material provided by them are authentic and up to date. They have a dedicated team to assist students and make sure they have a positive experience.

Page: 17 / 43

Title

Questions

Posted

amazon web services.actualtests.amazon web services scs-c01 questions answers.by serena.q53.vce.pdf

2025-02-14

amazon web services.passcert.scs-c01 based on real exam environment.by cassius.q372.vce.pdf

372

2025-03-21

amazon web services.passguarantee.aws certified specialty scs-c01 updated exam.by corey.q532.vce.pdf

532

2025-03-31