Special Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

Amazon Web Services Updated SCS-C01 Exam Questions and Answers by rufus

Page: 12 / 43

Amazon Web Services SCS-C01 Exam Overview :

Exam Name: AWS Certified Security - Specialty
Exam Code: SCS-C01 Dumps
Vendor: Amazon Web Services Certification: AWS Certified Specialty
Questions: 589 Q&A's Shared By: rufus
Question 48

The Security team believes that a former employee may have gained unauthorized access to IAM resources sometime in the past 3 months by using an identified access key.

What approach would enable the Security team to find out what the former employee may have done within IAM?

Options:

A.

Use the IAM CloudTrail console to search for user activity.

B.

Use the Amazon CloudWatch Logs console to filter CloudTrail data by user.

C.

Use IAM Config to see what actions were taken by the user.

D.

Use Amazon Athena to query CloudTrail logs stored in Amazon S3.

Discussion
Stefan
Thank you so much Cramkey I passed my exam today due to your highly up to date dumps.
Ocean Aug 31, 2024
Agree….Cramkey Dumps are constantly updated based on changes in the exams. They also have a team of experts who regularly review the materials to ensure their accuracy and relevance. This way, you can be sure you're studying the most up-to-date information available.
Georgina
I used Cramkey Dumps to prepare for my recent exam and I have to say, they were a huge help.
Corey Oct 2, 2024
Really? How did they help you? I know these are the same questions appears in exam. I will give my try. But tell me if they also help in some training?
Kingsley
Do anyone guide my how these dumps would be helpful for new students like me?
Haris Sep 11, 2024
Absolutely! They are highly recommended for anyone looking to pass their certification exam. The dumps are easy to understand and follow, making it easier for you to study and retain the information.
Hassan
Highly Recommended Dumps… today I passed my exam! Same questions appear. I bought Full Access.
Kasper Oct 20, 2024
Hey wonderful….so same questions , sounds good. Planning to write this week, I will go for full access today.
Anaya
I found so many of the same questions on the real exam that I had already seen in the Cramkey Dumps. Thank you so much for making exam so easy for me. I passed it successfully!!!
Nina Oct 14, 2024
It's true! I felt so much more confident going into the exam because I had already seen and understood the questions.
Question 49

A Systems Engineer is troubleshooting the connectivity of a test environment that includes a virtual security appliance deployed inline. In addition to using the virtual security appliance, the Development team wants to use security groups and network ACLs to accomplish various security requirements in the environment.

What configuration is necessary to allow the virtual security appliance to route the traffic?

Options:

A.

Disable network ACLs.

B.

Configure the security appliance's elastic network interface for promiscuous mode.

C.

Disable the Network Source/Destination check on the security appliance's elastic network interface

D.

Place the security appliance in the public subnet with the internet gateway

Discussion
Question 50

An IAM account includes two S3 buckets: bucket1 and bucket2. The bucket2 does not have a policy defined, but bucket1 has the following bucket policy:

Questions 50

In addition, the same account has an IAM User named “alice”, with the following IAM policy.

Questions 50

Which buckets can user “alice” access?

Options:

A.

Bucket1 only

B.

Bucket2 only

C.

Both bucket1 and bucket2

D.

Neither bucket1 nor bucket2

Discussion
Question 51

A company has deployed a custom DNS server in IAM. The Security Engineer wants to ensure that Amazon EC2 instances cannot use the Amazon-provided DNS.

How can the Security Engineer block access to the Amazon-provided DNS in the VPC?

Options:

A.

Deny access to the Amazon DNS IP within all security groups.

B.

Add a rule to all network access control lists that deny access to the Amazon DNS IP.

C.

Add a route to all route tables that black holes traffic to the Amazon DNS IP.

D.

Disable DNS resolution within the VPC configuration.

Discussion
Page: 12 / 43
Title
Questions
Posted

SCS-C01
PDF

$36.75  $104.99

SCS-C01 Testing Engine

$43.75  $124.99

SCS-C01 PDF + Testing Engine

$57.75  $164.99