Amazon Web Services passguide aws Certified Specialty Scs-c01 Passing Score by Bleu q426 vce pdf

Page: 38 / 43

Exam Name:	AWS Certified Security - Specialty
Exam Code:	SCS-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	589 Q&A's	Shared By:	bleu

Question 152

You currently have an S3 bucket hosted in an IAM Account. It holds information that needs be accessed by a partner account. Which is the MOST secure way to allow the partner account to access the S3 bucket in your account? Select 3 options.

Please select:

Options:

Ensure an IAM role is created which can be assumed by the partner account.

Ensure an IAM user is created which can be assumed by the partner account.

Ensure the partner uses an external id when making the request

Provide the ARN for the role to the partner account

Provide the Account Id to the partner account

Provide access keys for your account to the partner account

Discussion

Question 153

One of your company's EC2 Instances have been compromised. The company has strict po thorough investigation on finding the culprit for the security breach. What would you do in from the options given below.

Please select:

Options:

Take a snapshot of the EBS volume

Isolate the machine from the network

Make sure that logs are stored securely for auditing and troubleshooting purpose

Ensure all passwords for all IAM users are changed

Ensure that all access kevs are rotated.

Discussion

Question 154

A company requires that data stored in IAM be encrypted at rest. Which of the following approaches achieve this requirement? Select 2 answers from the options given below.

Please select:

Options:

When storing data in Amazon EBS, use only EBS-optimized Amazon EC2 instances.

When storing data in EBS, encrypt the volume by using IAM KMS.

When storing data in Amazon S3, use object versioning and MFA Delete.

When storing data in Amazon EC2 Instance Store, encrypt the volume by using KMS.

When storing data in S3, enable server-side encryption.

Discussion

Answer:

B, E

Explanation:

Explanation:

The IAM Documentation mentions the following

To create an encrypted Amazon EBS volume, select the appropriate box in the Amazon EBS section of the Amazon EC2 console. You can use a custom customer master key (CMK) by choosing one from the list that appears below the encryption box. If you do not specify a custom CMK, Amazon EBS uses the IAM-managed CMK for Amazon EBS in your account. If there is no IAM-managed CMK for Amazon EBS in your account, Amazon EBS creates one.

Data protection refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers). You can protect data in transit by using SSL or by using client-side encryption. You have the following options of protecting data at rest in Amazon S3.

• Use Server-Side Encryption - You request Amazon S3 to encrypt your object before saving it on disks in its data centers and decrypt it when you download the objects.

• Use Client-Side Encryption - You can encrypt data client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools.

Option A is invalid because using EBS-optimized Amazon EC2 instances alone will not guarantee protection of instances at rest. Option C is invalid because this will not encrypt data at rest for S3 objects. Option D is invalid because you don't store data in Instance store. For more information on EBS encryption, please visit the below URL:

https://docs.IAM.amazon.com/kms/latest/developerguide/services-ebs.html

For more information on S3 encryption, please visit the below URL:

https://docs.IAM.amazon.com/AmazonS3/latest/dev/UsinEEncryption.html

The correct answers are: When storing data in EBS, encrypt the volume by using IAM KMS. When storing data in S3, enable server-side encryption.

Submit your Feedback/Queries to our Experts

Question 155

A new application will be deployed on EC2 instances in private subnets. The application will transfer sensitive data to and from an S3 bucket. Compliance requirements state that the data must not traverse the public internet. Which solution meets the compliance requirement?

Please select:

Options:

Access the S3 bucket through a proxy server

Access the S3 bucket through a NAT gateway.

Access the S3 bucket through a VPC endpoint for S3

Access the S3 bucket through the SSL protected S3 endpoint

Discussion

Sarah

Yeah, I was so relieved when I saw that the question appeared in the exam were similar to their exam dumps. It made the exam a lot easier and I felt confident going into it.

Aaliyah Aug 27, 2024

Same here. I've heard mixed reviews about using exam dumps, but for us, it definitely paid off.

Inaya

Passed the exam. questions are valid. The customer support is top-notch. They were quick to respond to any questions I had and provided me with all the information I needed.

Cillian Oct 20, 2024

That's a big plus. I've used other dump providers in the past and the customer support was often lacking.

Andrew

Are these dumps helpful?

Jeremiah Oct 27, 2024

Yes, Don’t worry!!! I'm confident you'll find them to be just as helpful as I did. Good luck with your exam!

Inaaya

Are these Dumps worth buying?

Fraser Oct 9, 2024

Yes, of course, they are necessary to pass the exam. They give you an insight into the types of questions that could come up and help you prepare effectively.

Zayaan

Successfully aced the exam… Thanks a lot for providing amazing Exam Dumps.

Harmony Sep 10, 2024

That's fantastic! I'm glad to hear that their dumps helped you. I also used them and found it accurate.

Page: 38 / 43

Title

Questions

Posted

amazon web services.actualtests.amazon web services scs-c01 questions answers.by serena.q53.vce.pdf

2025-01-06

amazon web services.passcert.scs-c01 based on real exam environment.by cassius.q372.vce.pdf

372