Pre-Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65pass65

AWS-Security-Specialty AWS Certified Security Specialty (SCS-C03) is now Stable and With Pass Result | Test Your Knowledge for Free

  1. Home
  2. Amazon
  3. AWS Certified Security Specialty
  4. AWS-Security-Specialty
  5. AWS Certified Security Specialty (SCS-C03)
Exams4sure Dumps

AWS-Security-Specialty Practice Questions

AWS Certified Security Specialty (SCS-C03)

Last Update 3 days ago
Total Questions : 179

Dive into our fully updated and stable AWS-Security-Specialty practice test platform, featuring all the latest AWS Certified Security Specialty exam questions added this week. Our preparation tool is more than just a Amazon study aid; it's a strategic advantage.

Our free AWS Certified Security Specialty practice questions crafted to reflect the domains and difficulty of the actual exam. The detailed rationales explain the 'why' behind each answer, reinforcing key concepts about AWS-Security-Specialty. Use this test to pinpoint which areas you need to focus your study on.

AWS-Security-Specialty PDF

AWS-Security-Specialty PDF (Printable)
$52.5
$150
 Add to Cart

AWS-Security-Specialty Testing Engine

AWS-Security-Specialty PDF (Printable)
$70
$200
 Add to Cart

AWS-Security-Specialty PDF + Testing Engine

AWS-Security-Specialty PDF (Printable)
$104.65
$299
 Add to Cart
Question # 21

AWS Config cannot deliver configuration snapshots to Amazon S3.

Which TWO actions will remediate this issue?

Options:

A.  

Verify the S3 bucket policy allows config.amazonaws.com.

B.  

Verify the IAM role has s3:GetBucketAcl and s3:PutObject permissions.

C.  

Verify the S3 bucket can assume the IAM role.

D.  

Verify IAM policy allows AWS Config to write logs.

E.  

Modify AWS Config API permissions.

Discussion 0
Question # 22

A company needs to build a code-signing solution using an AWS KMS asymmetric key and must store immutable evidence of key creation and usage for compliance and audit purposes.

Which solution meets these requirements?

Options:

A.  

Create an Amazon S3 bucket with S3 Object Lock enabled. Create an AWS CloudTrail trail with log file validation enabled for KMS events. Store logs in the bucket and grant auditors access.

B.  

Log application events to Amazon CloudWatch Logs and export them.

C.  

Capture KMS API calls using EventBridge and store them in DynamoD

B.  

D.  

Track KMS usage with CloudWatch metrics and dashboards.

Discussion 0
Question # 23

A company uses an organization in AWS Organizations to manage its 250 member accounts. The company also uses AWS IAM Identity Center with a SAML external identity provider (IdP). IAM Identity Center has been delegated to a member account. The company ' s security team has access to the delegated account.

The security team has been investigating a malicious internal user who might be accessing sensitive accounts. The security team needs to know when the user logged into the organization during the last 7 days.

Which solution will quickly identify the access attempts?

Options:

A.  

In the delegated account, use Amazon CloudWatch Logs to search for events that match the user details for all successful attempts.

B.  

In each member account, use the IAM Identity Center console to search for events that match the user details for all attempts.

C.  

In the external IdP, use Amazon EventBridge to search for events that match the user details for all attempts.

D.  

In the organization ' s management account, use AWS CloudTrail to search for events that match the user details for all successful attempts.

Discussion 0
Question # 24

A company uses AWS Config rules to identify Amazon S3 buckets that are not compliant with the company’s data protection policy. The S3 buckets are hosted in several AWS Regions and several AWS accounts. The accounts are in an organization in AWS Organizations. The company needs a solution to remediate the organization ' s existing noncompliant S3 buckets and any noncompliant S3 buckets that are created in the future.

Which solution will meet these requirements?

Options:

A.  

Deploy an AWS Config aggregator with organization-wide resource data aggregation. Create an AWS Lambda function that responds to AWS Config findings of noncompliant S3 buckets by deleting or reconfiguring the S3 buckets.

B.  

Deploy an AWS Config aggregator with organization-wide resource data aggregation. Create an SCP that contains a Deny statement that prevents the creation of new noncompliant S3 buckets. Apply the SCP to all OUs in the organization.

C.  

Deploy an AWS Config aggregator that scopes only the accounts and Regions that the company currently uses. Create an AWS Lambda function that responds to AWS Config findings of noncompliant S3 buckets by deleting or reconfiguring the S3 buckets.

D.  

Deploy an AWS Config aggregator that scopes only the accounts and Regions that the company currently uses. Create an SCP that contains a Deny statement that prevents the creation of new noncompliant S3 buckets. Apply the SCP to all OUs in the organization.

Discussion 0
Question # 25

A company has a web application that reads from and writes to an Amazon S3 bucket. The company needs to use AWS credentials to authenticate all S3 API calls to the S3 bucket.

Which solution will provide the application with AWS credentials to make S3 API calls?

Options:

A.  

Integrate with Cognito identity pools and use GetId to obtain AWS credentials.

B.  

Integrate with Cognito identity pools and use AssumeRoleWithWebIdentity to obtain AWS credentials.

C.  

Integrate with Cognito user pools and use the ID token to obtain AWS credentials.

D.  

Integrate with Cognito user pools and use the access token to obtain AWS credentials.

Discussion 0
Question # 26

A company begins to use AWS WAF after experiencing an increase in traffic to the company ' s public web applications. A security engineer needs to determine if the increase in traffic is because of application-layer attacks. The security engineer needs a solution to analyze AWS WAF traffic.

Which solution will meet this requirement?

Options:

A.  

Configure AWS WAF to send logs to a trail in AWS CloudTrail. Create an Amazon Data Firehose delivery stream to send the logs to Amazon OpenSearch Service. Use OpenSearch Dashboards and an Amazon Athena connector to query the logs.

B.  

Configure AWS WAF to send logs to an Amazon S3 bucket. Configure an OpenSearch table with a partition projection of the S3 bucket. Use OpenSearch to query the data in the S3 bucket.

C.  

Configure AWS WAF to send logs to an Amazon S3 bucket. Configure an Amazon Athena table with a partition projection of the S3 bucket. Use Athena to query the data in the S3 bucket.

D.  

Configure AWS WAF to send logs to a trail in AWS CloudTrail. Create an Amazon Data Firehose delivery stream to send the logs to an Amazon S3 bucket. Use Amazon Athena to query the data in the S3 bucket.

Discussion 0
Question # 27

A security engineer uses Amazon Macie to scan a company ' s Amazon S3 buckets for sensitive data. The company has many S3 buckets and many objects stored in the S3 buckets. The security engineer must identify S3 buckets that contain sensitive data and must perform additional scanning on those S3 buckets.

Which solution will meet these requirements with the LEAST administrative overhead?

Options:

A.  

Configure S3 Cross-Region Replication (CRR) on the S3 buckets to replicate the objects to a second AWS Region. Configure Macie in the second Region to scan the replicated objects daily.

B.  

Create an AWS Lambda function as an S3 event destination for the S3 buckets. Configure the Lambda function to start a Macie scan of an object when the object is uploaded to an S3 bucket.

C.  

Configure Macie automated discovery to continuously sample data from the S3 buckets. Perform full scans of the S3 buckets where Macie discovers sensitive data.

D.  

Configure Macie scans to run on the S3 buckets. Aggregate the results of the scans in an Amazon DynamoDB table. Use the DynamoDB table for queries.

Discussion 0
Question # 28

A company is planning to migrate its applications to AWS in a single AWS Region. The company’s applications will use a combination of Amazon EC2 instances, Elastic Load Balancing (ELB) load balancers, and Amazon S3 buckets. The company wants to complete the migration as quickly as possible. All the applications must meet the following requirements:

• Data must be encrypted at rest.

• Data must be encrypted in transit.

• Endpoints must be monitored for anomalous network traffic.

Which combination of steps should a security engineer take to meet these requirements with the LEAST effort? (Select THRE

E.  

)

Options:

A.  

Install the Amazon Inspector agent on EC2 instances by using AWS Systems Manager Automation.

B.  

Enable Amazon GuardDuty in all AWS accounts.

C.  

Create VPC endpoints for Amazon EC2 and Amazon S3. Update VPC route tables to use only the secure VPC endpoints.

D.  

Configure AWS Certificate Manager (ACM). Configure the load balancers to use certificates from ACM.

E.  

Use AWS Key Management Service (AWS KMS) for key management. Create an S3 bucket policy to deny any PutObject command with a condition for x-amz-meta-side-encryption.

F.  

Use AWS Key Management Service (AWS KMS) for key management. Create an S3 bucket policy to deny any PutObject command with a condition for x-amz-server-side-encryption.

Discussion 0
Question # 29

A company detects bot activity targeting Amazon Cognito user pool endpoints. The solution must block malicious requests while maintaining access for legitimate users.

Which solution meets these requirements?

Options:

A.  

Enable Amazon Cognito threat protection.

B.  

Restrict access to authenticated users only.

C.  

Associate AWS WAF with the Cognito user pool.

D.  

Monitor requests with CloudWatch.

Discussion 0
Question # 30

A company is developing an application that runs across a combination of Amazon EC2 On-Demand Instances and Spot Instances. A security engineer needs to provide a logging solution that makes logs for all instances available from a single location. The solution must allow only a specific set of users to analyze the logs for events patterns. The users must be able to use SQL queries on the logs to perform root cause analysis.

Which solution will meet these requirements?

Options:

A.  

Configure the EC2 instances to send application logs to a single Amazon CloudWatch Logs log group. Allow only specific users to access the log group. Use CloudWatch Logs Insights to query the log group.

B.  

Configure the EC2 instances to send application logs to a single Amazon S3 bucket. Allow only specific users to access the S3 bucket. Use Amazon CloudWatch Logs Insights to query the log files in the S3 bucket.

C.  

Configure each EC2 instance to send its application logs to its own specific Amazon CloudWatch Logs log group. Allow only specific users to access the log groups. Use Amazon Athena to query all the log groups.

D.  

Configure the EC2 instances to send application logs to a single Amazon CloudWatch Logs log group. Grant Amazon Detective access to the log group. Allow only specific users to use Detective to query the log group.

Discussion 0
Get AWS-Security-Specialty dumps and pass your exam in 24 hours!

Free Exams Sample Questions

Free SY0-701 Questions
Free Rev-Con-201 Questions
Free 2V0-13.25 Questions
Free ZDTE Questions
Free N10-009 Questions
Free 200-301 Questions
Free AZ-104 Questions
Free 350-401 Questions
Free 2V0-17.25 Questions
Free CMMC-CCP Questions
Free AIF-C01 Questions
Free CMMC-CCA Questions
Free AI-102 Questions
Free 312-50v13 Questions
Free ICWIM Questions
Free CKA Questions
Free SC-200 Questions
Free SC-300 Questions
Free OGEA-102 Questions
NGFW-Engineer Questions
ISA-IEC-62443 Questions
Free Agentforce Specialist Questions
Free Generative-AI-Leader Questions
Free FCSS_EFW_AD-7.6 Questions
Free Secure-Software-Design Questions
Free Data-Cloud-Consultant Questions
Free Workday-Pro-Integrations Questions
Free UAE-Financial-Rules-and-Regulations Questions
AWS-Solution-Architect-Associate Dumps
Professional-Cloud-Architect Dumps
Service-Cloud-Consultant Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
Associate-Cloud-Engineer Dumps
350-701 Dumps
ISO-IEC-27001-Lead-Implementer Dumps
Integration-Architect Dumps
CLF-C02 Dumps
JN0-105 Dumps
CDCP Dumps
CTA Dumps
NCP-MCI-6.10 Dumps
NCA-AIIO Dumps