Amazon Web Services Updated SCS-C01 Exam Questions and Answers by elara

Option A is invalid because keys cannot be exported and imported across regions.

Option B is invalid because key rotation cannot be used to export keys

Option C is invalid because the backing key cannot be used to export keys

This is mentioned in the IAM documentation

What geographic region are my keys stored in?

Keys are only stored and used in the region in which they are created. They cannot be transferred to another region. For example; keys created in the EU-Central (Frankfurt) region are only stored and used within the EU-Central (Frankfurt) region

For more information on KMS please visit the following URL:

https://IAM.amazon.com/kms/faqs/

The correct answer is: This is not possible since keys from KMS are region specific Submit your Feedback/Queries to our Experts

When you go to the security dashboard, the security status will show the best practices for initiating the first level of security.

C:\Users\wk\Desktop\mudassar\Untitled.jpg

Option D is invalid because as per the dashboard, this is not part of the security recommendation For more information on best security practices please visit the URL:

https://IAM.amazon.com/whitepapers/IAM-security-best-practices;

The correct answers are: Create individual IAM users, Configure MFA on the root account and for privileged IAM users. Assign IAM users and groups configured with policies granting least privilege access

Submit your Feedback/Queries to our Experts

Option B is partially correct but a big maintenance over head to create and maintain a script when the functionality is already available in S3

Option C is invalid because snapshots are not available in S3

Option D is invalid because versioning will not replicate objects

The IAM Documentation mentions the following

Cross-region replication is a bucket-level configuration that enables automatic, asynchronous copying of objects across buck in different IAM Regions.

For more information on Cross region replication in the Simple Storage Service, please visit the below URL:

https://docs.IAM.amazon.com/AmazonS3/latest/dev/crr.html

The correct answer is: Enable cross region replication for the bucket Submit your Feedback/Queries to our Experts

You can use a pre-approved solution from the IAM Marketplace. But till date the IAM Documentation still mentions that you have to get prior approval before conducting a test on the IAM Cloud for EC2 Instances.

Option C and D are invalid because you have to get prior approval first.

IAM Docs Provides following details:

"For performing a penetration test on IAM resources first of all we need to take permission from IAM and complete a requisition form and submit it for approval. The form should contain information about the instances you wish to test identify the expected start and end dates/times of your test and requires you to read and agree to Terms and Conditions specific to penetration testing and to the use of appropriate tools for testing. Note that the end date may not be more than 90 days from the start date."

(

At this time, our policy does not permit testing small or micro RDS instance types. Testing of ml .small, t1 .micro or t2.nano EC2 instance types is not permitted.

For more information on penetration testing please visit the following URL:

https://IAM.amazon.eom/security/penetration-testine/l

The correct answers are: Get prior approval from IAM for conducting the test Use a pre-approved penetration testing tool. Submit your Feedback/Queries to our Experts