Related Certification(s):
Amazon Specialty Certification
Amazon SCS-C02 Exam Topics - You’ll Be Tested in Actual Exam
The Amazon SCS-C02 exam is a comprehensive assessment designed to evaluate your knowledge and skills in managing and optimizing Amazon Web Services (AWS). This exam covers a wide range of topics, including the fundamental concepts and services of AWS, such as its core infrastructure, computing, storage, and networking services. You'll delve into the architecture of AWS, learning about its global infrastructure, availability zones, and edge locations. Security is a key focus, with topics like identity and access management (IAM), encryption, and security best practices. The exam also tests your ability to design cost-effective solutions, select appropriate services, and optimize resource utilization. Additionally, you'll explore the various tools and services AWS offers for monitoring, logging, and troubleshooting, ensuring you can effectively manage and maintain your AWS environment. Finally, the exam assesses your understanding of AWS best practices, including strategies for high availability, disaster recovery, and business continuity. By mastering these topics, you'll be well-prepared to design, deploy, and manage robust and secure AWS solutions.
Amazon SCS-C02 Exam Short Quiz
Attempt this Amazon SCS-C02 exam quiz to self-assess your preparation for the actual Amazon AWS Certified Security - Specialty (old) exam. CertBoosters also provides premium Amazon SCS-C02 exam questions to pass the Amazon AWS Certified Security - Specialty (old) exam in the shortest possible time. Be sure to try our free practice exam software for the Amazon SCS-C02 exam.
1of 0 questions |
Amazon SCS-C02 Exam Quiz
✓ 0 answered
🔖 0 bookmarked
AmazonSCS-C02
Q1:
A company runs workloads in the us-east-1 Region. The company has never deployed resources to other AWS Regions and does not have any multi-Region resources.
The company needs to replicate its workloads and infrastructure to the us-west-1 Region.
A security engineer must implement a solution that uses AWS Secrets Manager to store secrets in both Regions. The solution must use AWS Key Management Service (AWS KMS) to encrypt the secrets. The solution must minimize latency and must be able to work if only one Region is available.
The security engineer uses Secrets Manager to create the secrets in us-east-1.
What should the security engineer do next to meet the requirements?
○
AEncrypt the secrets in us-east-1 by using an AWS managed KMS key. Replicate the secrets to us-west-1. Encrypt the secrets in us-west-1 by using a new AWS managed KMS key in us-west-1.
○
BEncrypt the secrets in us-east-1 by using an AWS managed KMS key. Configure resources in us-west-1 to call the Secrets Manager endpoint in us-east-1.
○
CEncrypt the secrets in us-east-1 by using a customer managed KMS key. Configure resources in us-west-1 to call the Secrets Manager endpoint in us-east-1.
○
DEncrypt the secrets in us-east-1 by using a customer managed KMS key. Replicate the secrets to us-west-1. Encrypt the secrets in us-west-1 by using the customer managed KMS key from us-east-1.
AmazonSCS-C02
Q2:
A company hosts an application on Amazon EC2 instances. The application also uses Amazon S3 and Amazon Simple Queue Service (Amazon SQS). The application is behind an Application Load Balancer (ALB) and scales with AWS Auto Scaling.
The company's security policy requires the use of least privilege access, which has been applied to all existing AWS resources. A security engineer needs to implement private connectivity to AWS services.
Which combination of steps should the security engineer take to meet this requirement? (Select THREE.)
☐
AUse an interface VPC endpoint for Amazon SQS
☐
BConfigure a connection to Amazon S3 through AWS Transit Gateway.
☐
CUse a gateway VPC endpoint for Amazon S3.
☐
DModify the 1AM role applied to the EC2 instances in the Auto Scaling group to allow outbound traffic to the interface endpoints.
☐
EModify the endpoint policies on all VPC endpoints. Specify the SQS and S3 resources that the application uses
☐
FConfigure a connection to Amazon S3 through AWS Firewall Manager
AmazonSCS-C02
Q3:
An AWS Lambda function was misused to alter data, and a security engineer must identify who invoked the function and what output was produced. The engineer cannot find any logs create^ by the Lambda function in Amazon CloudWatch Logs.
Which of the following explains why the logs are not available?
○
AThe execution role for the Lambda function did not grant permissions to write log data to CloudWatch Logs.
○
BThe Lambda function was invoked by using Amazon API Gateway, so the logs are not stored in CloudWatch Logs.
○
CThe execution role for the Lambda function did not grant permissions to write to the Amazon S3 bucket where CloudWatch Logs stores the logs.
○
DThe version of the Lambda function that was invoked was not current.
AmazonSCS-C02
Q4:
A company has an application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Amazon EC2 Auto Scaling group and are attached to Amazon Elastic Blodfc Store (Amazon EBS) volumes.
A security engineer needs to preserve all forensic evidence from one of the instances.
Which order of steps should the security engineer use to meet this requirement?
○
ATake an EBS volume snapshot of the instance and store the snapshot in an Amazon S3 bucket. Take a memory snapshot of the instance and store the snapshot in an S3 bucket. Detach the instance from the Auto Scaling group. Deregister the instance from the ALB. Stop the instance.
○
BTake a memory snapshot of the instance and store the snapshot in an Amazon S3 bucket. Stop the instance. Take an EBS volume snapshot of the instance
and store the snapshot in an S3 bucket. Detach the instance from the Auto Scaling group. Deregister the instance from the ALB.
○
CDetach the instance from the Auto Scaling group. Deregister the instance from the ALB. Take an EBS volume snapshot of the instance and store the snapshot
in an Amazon S3 bucket. Take a memory snapshot of the instance and store the snapshot in an S3 bucket. Stop the instance
○
DDetach the instance from the Auto Scaling group Deregister the instance from the ALB. Stop the instance. Take a memory snapshot of the instance and store the snapshot in an Amazon S3 bucket. Take an EBS volume snapshot of the instance and store the snapshot in an S3 bucket.
AmazonSCS-C02
Q5:
A company uses Amazon EC2 instances to host frontend services behind an Application Load Balancer. Amazon Elastic Block Store (Amazon EBS) volumes are attached to the EC2 instances. The company uses Amazon S3 buckets to store large files for images and music.
The company has implemented a security architecture oit>AWS to prevent, identify, and isolate potential ransomware attacks. The company now wants to further reduce risk.
A security engineer must develop a disaster recovery solution that can recover to normal operations if an attacker bypasses preventive and detective controls. The solution must meet an RPO of 1 hour.
Which solution will meet these requirements?
○
AUse AWS Backup to create backups of the EC2 instances and S3 buckets every hour. Create AWS CloudFormation templates that replicate existing architecture components. Use AWS CodeCommit to store the CloudFormation templates alongside application configuration code.
○
BUse AWS Backup to create backups of the EBS volumes and S3 objects every day. Use Amazon Security Lake to create a centralized data lake for AWS CloudTrail logs and VPC flow logs. Use the logs for automated response.
○
CUse Amazon Security Lake to create a centralized data lake for AWS CloudTrail logs and VPC flow logs. Use the logs for automated response Enable AWS Security Hub to establish a single location for recovery procedures. Create AWS CloudFormation templates that replicate existing architecture components. Use AWS CodeCommit to store the CloudFormation templates alongside application configuration code.
○
DCreate EBS snapshots every 4 hours Enable Amazon GuardDuty Malware Protection. Create automation to immediately restore the most recent snapshot for any EC2 instances that produce an Execution:EC2/MaliciousFile finding in GuardDuty.
