New Year Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

Amazon Web Services Updated SCS-C01 Exam Questions and Answers by belle

Page: 13 / 43

Amazon Web Services SCS-C01 Exam Overview :

Exam Name: AWS Certified Security - Specialty
Exam Code: SCS-C01 Dumps
Vendor: Amazon Web Services Certification: AWS Certified Specialty
Questions: 589 Q&A's Shared By: belle
Question 52

Example.com hosts its internal document repository on Amazon EC2 instances. The application runs on EC2 instances and previously stored the documents on encrypted Amazon EBS volumes. To optimize the application for scale, example.com has moved the files to Amazon S3. The security team has mandated that all the files are securely deleted from the EBS volume, and it must certify that the data is unreadable before releasing the underlying disks.

Which of the following methods will ensure that the data is unreadable by anyone else?

Options:

A.

Change the volume encryption on the EBS volume to use a different encryption mechanism. Then, release the EBS volumes back to IAM.

B.

Release the volumes back to IAM. IAM immediately wipes the disk after it is deprovisioned.

C.

Delete the encryption key used to encrypt the EBS volume. Then, release the EBS volumes back to IAM.

D.

Delete the data by using the operating system delete commands. Run Quick Format on the drive and then release the EBS volumes back to IAM.

Discussion
Question 53

You have just recently set up a web and database tier in a VPC and hosted the application. When testing the app , you are not able to reach the home page for the app. You have verified the security groups. What can help you diagnose the issue.

Please select:

Options:

A.

Use the IAM Trusted Advisor to see what can be done.

B.

Use VPC Flow logs to diagnose the traffic

C.

Use IAM WAF to analyze the traffic

D.

Use IAM Guard Duty to analyze the traffic

Discussion
Question 54

A company has enabled Amazon GuardDuty in all Regions as part of its security monitoring strategy. In one of the VPCs, the company hosts an Amazon EC2 instance working as an FTP server that is contacted by a high number of clients from multiple locations. This is identified by GuardDuty as a brute force attack due to the high number of connections that happen every hour.

The finding has been flagged as a false positive. However, GuardDuty keeps raising the issue. A Security Engineer has been asked to improve the signal-to-noise ratio. The Engineer needs to ensure that changes do not compromise the visibility of potential anomalous behavior.

How can the Security Engineer address the issue?

Options:

A.

Disable the FTP rule in GuardDuty in the Region where the FTP server is deployed

B.

Add the FTP server to a trusted IP list and deploy it to GuardDuty to stop receiving the notifications

C.

Use GuardDuty filters with auto archiving enabled to close the findings

D.

Create an IAM Lambda function that closes the finding whenever a new occurrence is reported

Discussion
Question 55

A Security Architect is evaluating managed solutions for storage of encryption keys. The requirements are:

-Storage is accessible by using only VPCs.

-Service has tamper-evident controls.

-Access logging is enabled.

-Storage has high availability.

Which of the following services meets these requirements?

Options:

A.

Amazon S3 with default encryption

B.

IAM CloudHSM

C.

Amazon DynamoDB with server-side encryption

D.

IAM Systems Manager Parameter Store

Discussion
Ari
Can anyone explain what are these exam dumps and how are they?
Ocean Oct 16, 2024
They're exam preparation materials that are designed to help you prepare for various certification exams. They provide you with up-to-date and accurate information to help you pass your exams.
Nia
Why are these Dumps so important for students these days?
Mary Oct 9, 2024
With the constantly changing technology and advancements in the industry, it's important for students to have access to accurate and valid study material. Cramkey Dumps provide just that. They are constantly updated to reflect the latest changes and ensure that the information is up-to-date.
Ava-Rose
Yes! Cramkey Dumps are amazing I passed my exam…Same these questions were in exam asked.
Ismail Sep 18, 2024
Wow, that sounds really helpful. Thanks, I would definitely consider these dumps for my certification exam.
Mylo
Excellent dumps with authentic information… I passed my exam with brilliant score.
Dominik Aug 29, 2024
That's amazing! I've been looking for good study material that will help me prepare for my upcoming certification exam. Now, I will try it.
Page: 13 / 43
Title
Questions
Posted

SCS-C01
PDF

$36.75  $104.99

SCS-C01 Testing Engine

$43.75  $124.99

SCS-C01 PDF + Testing Engine

$57.75  $164.99