Available Number of Questions: Maximum of
179 Questions
Exam Name: AWS Certified Security - Specialty
Related Certification(s):
Amazon Specialty Certification
Amazon SCS-C03 Exam Topics - You’ll Be Tested in Actual Exam
The Amazon SCS-C03 exam is a crucial assessment for individuals aiming to demonstrate their expertise in AWS (Amazon Web Services) architecture. It covers a range of essential topics that are vital for designing and deploying scalable and reliable applications on the AWS platform. These topics encompass various aspects of AWS architecture, including its core services, security measures, and strategies for ensuring high availability and fault tolerance. Additionally, the exam delves into the efficient management of AWS resources, with a focus on cost optimization and utilization. Furthermore, it explores the integration of AWS services with third-party solutions, emphasizing the importance of seamless interoperability. The SCS-C03 exam also assesses candidates' understanding of AWS monitoring and logging practices, as well as their ability to implement effective disaster recovery plans. By covering these diverse topics, the exam ensures that certified professionals possess a well-rounded knowledge of AWS architecture, enabling them to design and manage robust cloud solutions.
Amazon SCS-C03 Exam Short Quiz
Attempt this Amazon SCS-C03 exam quiz to self-assess your preparation for the actual Amazon AWS Certified Security - Specialty exam. CertBoosters also provides premium Amazon SCS-C03 exam questions to pass the Amazon AWS Certified Security - Specialty exam in the shortest possible time. Be sure to try our free practice exam software for the Amazon SCS-C03 exam.
1of 0 questions |
Amazon SCS-C03 Exam Quiz
✓ 0 answered
🔖 0 bookmarked
AmazonSCS-C03
Q1:
A company uses AWS Organizations and has an SCP at the root that prevents sharing resources with external accounts. The company now needs to allow only the marketing account to share resources externally while preventing all other accounts from doing so. All accounts are in the same OU.
Which solution will meet these requirements?
○
ACreate a new SCP in the marketing account to explicitly allow sharing.
○
BEdit the existing SCP to add a condition that excludes the marketing account.
○
CEdit the SCP to include an Allow statement for the marketing account.
○
DUse a permissions boundary in the marketing account.
AmazonSCS-C03
Q2:
A company has decided to move its fleet of Linux-based web server instances to an Amazon EC2 Auto Scaling group. Currently, the instances are static and are launched manually. When an administrator needs to view log files, the administrator uses SSH to establish a connection to the instances and retrieves the logs manually.
The company often needs to query the logs to produce results about application sessions and user issues. The company does not want its new automatically scaling architecture to result in the loss of any log files when instances are scaled in.
Which combination of steps should a security engineer take to meet these requirements MOST cost-effectively? (Select TWO.)
☐
AConfigure a cron job on the instances to forward the log files to Amazon S3 periodically.
☐
BConfigure AWS Glue and Amazon Athena to query the log files.
☐
CConfigure the Amazon CloudWatch agent on the instances to forward the logs to Amazon CloudWatch Logs.
☐
DConfigure Amazon CloudWatch Logs Insights to query the log files.
☐
EConfigure the instances to write the logs to an Amazon Elastic File System (Amazon EFS) volume.
AmazonSCS-C03
Q3:
A security engineer discovers that a company's user passwords have no required minimum length. The company uses the following identity providers (IdPs):
* AWS Identity and Access Management (IAM) federated with on-premises Active Directory
* Amazon Cognito user pools that contain the user database for an AWS Cloud application
Which combination of actions should the security engineer take to implement a required minimum password length? (Select TWO.)
☐
AUpdate the password length policy in the IAM configuration.
☐
BUpdate the password length policy in the Amazon Cognito configuration.
☐
CUpdate the password length policy in the on-premises Active Directory configuration.
☐
DCreate an SCP in AWS Organizations to enforce minimum password length.
☐
ECreate an IAM policy with a minimum password length condition.
AmazonSCS-C03
Q4:
A company's web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) in an Auto Scaling group. An AWS WAF web ACL is associated with the ALB. Instance logs are lost after reboots. The operations team suspects malicious activity targeting a specific PHP file.
Which set of actions will identify the suspect attacker's IP address for future occurrences?
○
AConfigure VPC Flow Logs and search for PHP file activity.
○
BInstall the CloudWatch agent on the ALB and export application logs.
○
CExport ALB access logs to Amazon OpenSearch Service and search them.
○
DConfigure the web ACL to send logs to Amazon Kinesis Data Firehose. Deliver logs to Amazon S3 and query them with Amazon Athena.
AmazonSCS-C03
Q5:
A company runs a web application on a fleet of Amazon EC2 instances in an Auto Scaling group. Amazon GuardDuty and AWS Security Hub are enabled. The security engineer needs an automated response to anomalous traffic that follows AWS best practices and minimizes application disruption.
Which solution will meet these requirements?
○
AUse EventBridge to disable the instance profile access keys.
○
BUse EventBridge to invoke a Lambda function that removes the affected instance from the Auto Scaling group and isolates it with a restricted security group.
○
CUse Security Hub to update the subnet network ACL to block traffic.
○
DSend GuardDuty findings to Amazon SNS for email notification.
