New Year Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

Page: 1 / 44

AWS Certified Specialty AWS Certified Security - Specialty

AWS Certified Security - Specialty

Last Update Dec 24, 2024
Total Questions : 589

To help you prepare for the SCS-C01 Amazon Web Services exam, we are offering free SCS-C01 Amazon Web Services exam questions. All you need to do is sign up, provide your details, and prepare with the free SCS-C01 practice questions. Once you have done that, you will have access to the entire pool of AWS Certified Security - Specialty SCS-C01 test questions which will help you better prepare for the exam. Additionally, you can also find a range of AWS Certified Security - Specialty resources online to help you better understand the topics covered on the exam, such as AWS Certified Security - Specialty SCS-C01 video tutorials, blogs, study guides, and more. Additionally, you can also practice with realistic Amazon Web Services SCS-C01 exam simulations and get feedback on your progress. Finally, you can also share your progress with friends and family and get encouragement and support from them.

Questions 2

A company uses an external identity provider to allow federation into different IAM accounts. A security engineer for the company needs to identify the federated user that terminated a production Amazon EC2 instance a week ago.

What is the FASTEST way for the security engineer to identify the federated user?

Options:

A.  

Review the IAM CloudTrail event history logs in an Amazon S3 bucket and look for the Terminatelnstances event to identify the federated user from the role session name.

B.  

Filter the IAM CloudTrail event history for the Terminatelnstances event and identify the assumed IAM role. Review the AssumeRoleWithSAML event call in CloudTrail to identify the corresponding username.

C.  

Search the IAM CloudTrail logs for the Terminatelnstances event and note the event time. Review the IAM Access Advisor tab for all federated roles. The last accessed time should match the time when the instance was terminated.

D.  

Use Amazon Athena to run a SQL query on the IAM CloudTrail logs stored in an Amazon S3 bucket and filter on the Terminatelnstances event. Identify the corresponding role and run another query to filter the AssumeRoleWithWebldentity event for the user name.

Discussion 0
Questions 3

A company in France uses Amazon Cognito with the Cognito Hosted Ul as an identity broker for sign-in and sign-up processes. The company is marketing an application and expects that all the application's users will come from France.

When the company launches the application the company's security team observes fraudulent sign-ups for the application. Most of the fraudulent registrations are from users outside of France.

The security team needs a solution to perform custom validation at sign-up Based on the results of the validation the solution must accept or deny the registration request.

Which combination of steps will meet these requirements? (Select TWO.)

Options:

A.  

Create a pre sign-up AWS Lambda trigger. Associate the Amazon Cognito function with the Amazon Cognito user pool.

B.  

Use a geographic match rule statement to configure an AWS WAF web ACL. Associate the web ACL with the Amazon Cognito user pool.

C.  

Configure an app client for the application's Amazon Cognito user pool. Use the app client ID to validate the requests in the hosted Ul.

D.  

Update the application's Amazon Cognito user pool to configure a geographic restriction setting.

E.  

Use Amazon Cognito to configure a social identity provider (IdP) to validate the requests on the hosted Ul.

Discussion 0
Questions 4

An organization must establish the ability to delete an IAM KMS Customer Master Key (CMK) within a 24-hour timeframe to keep it from being used for encrypt or decrypt operations Which of tne following actions will address this requirement?

Options:

A.  

Manually rotate a key within KMS to create a new CMK immediately

B.  

Use the KMS import key functionality to execute a delete key operation

C.  

Use the schedule key deletion function within KMS to specify the minimum wait period for deletion

D.  

Change the KMS CMK alias to immediately prevent any services from using the CMK.

Discussion 0
Mariam
Do anyone think Cramkey questions can help improve exam scores?
Katie Nov 2, 2024
Absolutely! Many people have reported improved scores after using Cramkey Dumps, and there are also success stories of people passing exams on the first try. I already passed this exam. I confirmed above questions were in exam.
Melody
My experience with Cramkey was great! I was surprised to see that many of the questions in my exam appeared in the Cramkey dumps.
Colby Aug 17, 2024
Yes, In fact, I got a score of above 85%. And I attribute a lot of my success to Cramkey's dumps.
Ayra
How these dumps are necessary for passing the certification exam?
Damian Oct 22, 2024
They give you a competitive edge and help you prepare better.
Ivan
I tried these dumps for my recent certification exam and I found it pretty helpful.
Elis Sep 17, 2024
Agree!!! The questions in the dumps were quite similar to what came up in the actual exam. It gave me a good idea of the types of questions to expect and helped me revise efficiently.
Syeda
I passed, Thank you Cramkey for your precious Dumps.
Stella Aug 25, 2024
That's great. I think I'll give Cramkey Dumps a try.
Questions 5

A Security Engineer must design a solution that enables the Incident Response team to audit for changes to a user’s IAM permissions in the case of a security incident.

How can this be accomplished?

Options:

A.  

Use IAM Config to review the IAM policy assigned to users before and after the incident.

B.  

Run the GenerateCredentialReport via the IAM CLI, and copy the output to Amazon S3 daily for auditing purposes.

C.  

Copy IAM CloudFormation templates to S3, and audit for changes from the template.

D.  

Use Amazon EC2 Systems Manager to deploy images, and review IAM CloudTrail logs for changes.

Discussion 0
Title
Questions
Posted

SCS-C01
PDF

$36.75  $104.99

SCS-C01 Testing Engine

$43.75  $124.99

SCS-C01 PDF + Testing Engine

$57.75  $164.99