New Year Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

Amazon Web Services Updated SCS-C01 Exam Questions and Answers by mabli

Page: 17 / 43

Amazon Web Services SCS-C01 Exam Overview :

Exam Name: AWS Certified Security - Specialty
Exam Code: SCS-C01 Dumps
Vendor: Amazon Web Services Certification: AWS Certified Specialty
Questions: 589 Q&A's Shared By: mabli
Question 68

A company uses user data scripts that contain sensitive information to bootstrap Amazon EC2 instances. A Security Engineer discovers that this sensitive information is viewable by people who should not have access to it.

What is the MOST secure way to protect the sensitive information used to bootstrap the instances?

Options:

A.

Store the scripts in the AMI and encrypt the sensitive data using IAM KMS Use the instance role profile to control access to the KMS keys needed to decrypt the data.

B.

Store the sensitive data in IAM Systems Manager Parameter Store using the encrypted string parameter and assign the GetParameters permission to the EC2 instance role.

C.

Externalize the bootstrap scripts in Amazon S3 and encrypt them using IAM KMS. Remove the scripts from the instance and clear the logs after the instance is configured.

D.

Block user access of the EC2 instance's metadata service using IAM policies. Remove all scripts and clear the logs after execution.

Discussion
Question 69

An application uses Amazon Cognito to manage end users’ permissions when directly accessing IAM resources, including Amazon DynamoDB. A new feature request reads as follows:

Provide a mechanism to mark customers as suspended pending investigation or suspended permanently. Customers should still be able to log in when suspended, but should not be able to make changes.

The priorities are to reduce complexity and avoid potential for future security issues.

Which approach will meet these requirements and priorities?

Options:

A.

Create a new database field “suspended_status” and modify the application logic to validate that field when processing requests.

B.

Add suspended customers to second Cognito user pool and update the application login flow to check both user pools.

C.

Use Amazon Cognito Sync to push out a “suspension_status” parameter and split the lAM policy into normal users and suspended users.

D.

Move suspended customers to a second Cognito group and define an appropriate IAM access policy for the group.

Discussion
Peyton
Hey guys. Guess what? I passed my exam. Thanks a lot Cramkey, your provided information was relevant and reliable.
Coby Sep 6, 2024
Thanks for sharing your experience. I think I'll give Cramkey a try for my next exam.
Nell
Are these dumps reliable?
Ernie Oct 10, 2024
Yes, very much so. Cramkey Dumps are created by experienced and certified professionals who have gone through the exams themselves. They understand the importance of providing accurate and relevant information to help you succeed.
Carson
Yeah, definitely. I would definitely recommend Cramkey Dumps to anyone who is preparing for an exam.
Rufus Aug 20, 2024
Me too. They're a lifesaver!
Norah
Cramkey is highly recommended.
Zayan Oct 17, 2024
Definitely. If you're looking for a reliable and effective study resource, look no further than Cramkey Dumps. They're simply wonderful!
Annabel
I recently used them for my exam and I passed it with excellent score. I am impressed.
Amirah Oct 28, 2024
I passed too. The questions I saw in the actual exam were exactly the same as the ones in the Cramkey Dumps. I was able to answer the questions confidently because I had already seen and studied them.
Question 70

A Security Engineer is building a Java application that is running on Amazon EC2. The application communicates with an Amazon RDS instance and authenticates with a user name and password.

Which combination of steps can the Engineer take to protect the credentials and minimize downtime when the credentials are rotated? (Choose two.)

Options:

A.

Have a Database Administrator encrypt the credentials and store the ciphertext in Amazon S3. Grant permission to the instance role associated with the EC2 instance to read the object and decrypt the ciphertext.

B.

Configure a scheduled job that updates the credential in IAM Systems Manager Parameter Store and notifies the Engineer that the application needs to be restarted.

C.

Configure automatic rotation of credentials in IAM Secrets Manager.

D.

Store the credential in an encrypted string parameter in IAM Systems Manager Parameter Store. Grant permission to the instance role associated with the EC2 instance to access the parameter and the IAM KMS key that is used to encrypt it.

E.

Configure the Java application to catch a connection failure and make a call to IAM Secrets Manager to retrieve updated credentials when the password is rotated. Grant permission to the instance role associated with the EC2 instance to access Secrets Manager.

Discussion
Question 71

A company runs an application on IAM that needs to be accessed only by employees. Most employees work from the office, but others work remotely or travel.

How can the Security Engineer protect this workload so that only employees can access it?

Options:

A.

Add each employee’s home IP address to the security group for the application so that only those users can access the workload.

B.

Create a virtual gateway for VPN connectivity for each employee, and restrict access to the workload from within the VPC.

C.

Use a VPN appliance from the IAM Marketplace for users to connect to, and restrict workload access to traffic from that appliance.

D.

Route all traffic to the workload through IAM WAF. Add each employee’s home IP address into an IAM WAF rule, and block all other traffic.

Discussion
Page: 17 / 43
Title
Questions
Posted

SCS-C01
PDF

$36.75  $104.99

SCS-C01 Testing Engine

$43.75  $124.99

SCS-C01 PDF + Testing Engine

$57.75  $164.99