Special Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

Amazon Web Services Updated SCS-C01 Exam Questions and Answers by ameera

Page: 9 / 43

Amazon Web Services SCS-C01 Exam Overview :

Exam Name: AWS Certified Security - Specialty
Exam Code: SCS-C01 Dumps
Vendor: Amazon Web Services Certification: AWS Certified Specialty
Questions: 589 Q&A's Shared By: ameera
Question 36

A company has a website with an Amazon CloudFront HTTPS distribution, an Application Load Balancer (ALB) with multiple web instances for dynamic website content, and an Amazon S3 bucket for static website content. The company's security engineer recently updated the website security requirements:

• HTTPS needs to be enforced for all data in transit with specific ciphers.

• The CloudFront distribution needs to be accessible from the internet only.

Which solution will meet these requirements?

Options:

A.

Set up an S3 bucket policy with the IAMsecuretransport key Configure the CloudFront origin access identity (OAI) with the S3 bucket Configure CloudFront to use specific ciphers. Enforce the ALB with an HTTPS listener only and select the appropriate security policy for the ciphers Link the ALB with IAM WAF to allow access from the CloudFront IP ranges.

B.

Set up an S3 bucket policy with the IAM:securetransport key. Configure the CloudFront origin access identity (OAI) with the S3 bucket. Enforce the ALB with an HTTPS listener only and select the appropriate security policy for the ciphers.

C.

Modify the CloudFront distribution to use IAM WAF. Force HTTPS on the S3 bucket with specific ciphers in the bucket policy. Configure an HTTPS listener only for the ALB. Set up a security group to limit access to the ALB from the CloudFront IP ranges

D.

Modify the CloudFront distribution to use the ALB as the origin. Enforce an HTTPS listener on the ALB. Create a path-based routing rule on the ALB with proxies that connect lo Amazon S3. Create a bucket policy to allow access from these proxies only.

Discussion
Question 37

A company has an encrypted Amazon S3 bucket. An Application Developer has an IAM policy that allows access to the S3 bucket, but the Application Developer is unable to access objects within the bucket.

What is a possible cause of the issue?

Options:

A.

The S3 ACL for the S3 bucket fails to explicitly grant access to the Application Developer

B.

The IAM KMS key for the S3 bucket fails to list the Application Developer as an administrator

C.

The S3 bucket policy fails to explicitly grant access to the Application Developer

D.

The S3 bucket policy explicitly denies access to the Application Developer

Discussion
Question 38

A company has decided to use encryption in its IAM account to secure the objects in Amazon S3 using server-side encryption. Object sizes range from 16.000 B to 5 MB. The requirements are as follows:

• The key material must be generated and stored in a certified Federal Information Processing Standard (FIPS) 140-2 Level 3 machine.

• The key material must be available in multiple Regions.

Which option meets these requirements?

Options:

A.

Use an IAM KMS customer managed key and store the key material in IAM with replication across Regions

B.

Use an IAM customer managed key, import the key material into IAM KMS using in-house IAM CloudHSM. and store the key material securely in Amazon S3.

C.

Use an IAM KMS custom key store backed by IAM CloudHSM clusters, and copy backups across Regions

D.

Use IAM CloudHSM to generate the key material and backup keys across Regions Use the Java Cryptography Extension (JCE) and Public Key Cryptography Standards #11 (PKCS #11) encryption libraries to encrypt and decrypt the data.

Discussion
Rosalie
I passed. I would like to tell all students that they should definitely give Cramkey Dumps a try.
Maja Aug 30, 2024
That sounds great. I'll definitely check them out. Thanks for the suggestion!
Marley
Hey, I heard the good news. I passed the certification exam!
Jaxson Oct 5, 2024
Yes, I passed too! And I have to say, I couldn't have done it without Cramkey Dumps.
Sarah
Yeah, I was so relieved when I saw that the question appeared in the exam were similar to their exam dumps. It made the exam a lot easier and I felt confident going into it.
Aaliyah Aug 27, 2024
Same here. I've heard mixed reviews about using exam dumps, but for us, it definitely paid off.
Fatima
Hey I passed my exam. The world needs to know about it. I have never seen real exam questions on any other exam preparation resource like I saw on Cramkey Dumps.
Niamh Oct 15, 2024
That's true. Cramkey Dumps are simply the best when it comes to preparing for the certification exam. They have all the key information you need and the questions are very similar to what you'll see on the actual exam.
Sam
Can I get help from these dumps and their support team for preparing my exam?
Audrey Aug 29, 2024
Definitely, you won't regret it. They've helped so many people pass their exams and I'm sure they'll help you too. Good luck with your studies!
Question 39

A security engineer has created an Amazon Cognito user pool. The engineer needs to manually verify the ID and access token sent by the application for troubleshooting purposes

What is the MOST secure way to accomplish this?

Options:

A.

Extract the subject (sub), audience (aud), and cognito:username from the ID token payload Manually check the subject and audience for the user name In the user pool

B.

Search for the public key with a key ID that matches the key ID In the header of the token. Then use a JSON Web Token (JWT) library to validate the signature of the token and extract values, such as the expiry date

C.

Verify that the token is not expired. Then use the token_use claim function In Amazon Cognito to validate the key IDs

D.

Copy the JSON Web Token (JWT) as a JSON document Obtain the public JSON Web Key (JWK) and convert It to a pem file. Then use the file to validate the original JWT.

Discussion
Page: 9 / 43
Title
Questions
Posted

SCS-C01
PDF

$36.75  $104.99

SCS-C01 Testing Engine

$43.75  $124.99

SCS-C01 PDF + Testing Engine

$57.75  $164.99