Amazon Web Services testinside download Latest Scs-c01 Questions by Belle q532 vce pdf

Page: 13 / 43

Exam Name:	AWS Certified Security - Specialty
Exam Code:	SCS-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	589 Q&A's	Shared By:	belle

Question 52

Example.com hosts its internal document repository on Amazon EC2 instances. The application runs on EC2 instances and previously stored the documents on encrypted Amazon EBS volumes. To optimize the application for scale, example.com has moved the files to Amazon S3. The security team has mandated that all the files are securely deleted from the EBS volume, and it must certify that the data is unreadable before releasing the underlying disks.

Which of the following methods will ensure that the data is unreadable by anyone else?

Options:

Change the volume encryption on the EBS volume to use a different encryption mechanism. Then, release the EBS volumes back to IAM.

Release the volumes back to IAM. IAM immediately wipes the disk after it is deprovisioned.

Delete the encryption key used to encrypt the EBS volume. Then, release the EBS volumes back to IAM.

Delete the data by using the operating system delete commands. Run Quick Format on the drive and then release the EBS volumes back to IAM.

Discussion

Question 53

You have just recently set up a web and database tier in a VPC and hosted the application. When testing the app , you are not able to reach the home page for the app. You have verified the security groups. What can help you diagnose the issue.

Please select:

Options:

Use the IAM Trusted Advisor to see what can be done.

Use VPC Flow logs to diagnose the traffic

Use IAM WAF to analyze the traffic

Use IAM Guard Duty to analyze the traffic

Discussion

Question 54

A company has enabled Amazon GuardDuty in all Regions as part of its security monitoring strategy. In one of the VPCs, the company hosts an Amazon EC2 instance working as an FTP server that is contacted by a high number of clients from multiple locations. This is identified by GuardDuty as a brute force attack due to the high number of connections that happen every hour.

The finding has been flagged as a false positive. However, GuardDuty keeps raising the issue. A Security Engineer has been asked to improve the signal-to-noise ratio. The Engineer needs to ensure that changes do not compromise the visibility of potential anomalous behavior.

How can the Security Engineer address the issue?

Options:

Disable the FTP rule in GuardDuty in the Region where the FTP server is deployed

Add the FTP server to a trusted IP list and deploy it to GuardDuty to stop receiving the notifications

Use GuardDuty filters with auto archiving enabled to close the findings

Create an IAM Lambda function that closes the finding whenever a new occurrence is reported

Discussion

Fatima

Hey I passed my exam. The world needs to know about it. I have never seen real exam questions on any other exam preparation resource like I saw on Cramkey Dumps.

Niamh Oct 15, 2024

That's true. Cramkey Dumps are simply the best when it comes to preparing for the certification exam. They have all the key information you need and the questions are very similar to what you'll see on the actual exam.

Billy

It was like deja vu! I was confident going into the exam because I had already seen those questions before.

Vincent Aug 15, 2024

Definitely. And the best part is, I passed! I feel like all that hard work and preparation paid off. Cramkey is the best resource for all students!!!

Honey

I highly recommend it. They made a big difference for me and I'm sure they'll help you too. Just make sure to use them wisely and not solely rely on them. They should be used as a supplement to your regular studies.

Antoni Oct 25, 2024

Good point. Thanks for the advice. I'll definitely keep that in mind.

Pippa

I was so happy to see that almost all the questions on the exam were exactly what I found in their Dumps.

Anastasia Sep 21, 2024

You are right…It was amazing! The Cramkey Dumps were so comprehensive and well-organized, it made studying for the exam a breeze.

Mariam

Do anyone think Cramkey questions can help improve exam scores?

Katie Nov 2, 2024

Absolutely! Many people have reported improved scores after using Cramkey Dumps, and there are also success stories of people passing exams on the first try. I already passed this exam. I confirmed above questions were in exam.

Question 55

A Security Architect is evaluating managed solutions for storage of encryption keys. The requirements are:

-Storage is accessible by using only VPCs.

-Service has tamper-evident controls.

-Access logging is enabled.

-Storage has high availability.

Which of the following services meets these requirements?

Options:

Amazon S3 with default encryption

IAM CloudHSM

Amazon DynamoDB with server-side encryption

IAM Systems Manager Parameter Store