Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65pass65

SCS-C03 AWS Certified Security – Specialty is now Stable and With Pass Result | Test Your Knowledge for Free

  1. Home
  2. Amazon Web Services
  3. AWS Certified Specialty
  4. SCS-C03
  5. AWS Certified Security – Specialty
Exams4sure Dumps

SCS-C03 Practice Questions

AWS Certified Security – Specialty

Last Update 4 days ago
Total Questions : 231

Dive into our fully updated and stable SCS-C03 practice test platform, featuring all the latest AWS Certified Specialty exam questions added this week. Our preparation tool is more than just a Amazon Web Services study aid; it's a strategic advantage.

Our free AWS Certified Specialty practice questions crafted to reflect the domains and difficulty of the actual exam. The detailed rationales explain the 'why' behind each answer, reinforcing key concepts about SCS-C03. Use this test to pinpoint which areas you need to focus your study on.

SCS-C03 PDF

SCS-C03 PDF (Printable)
$54.25
$154.99
 Add to Cart

SCS-C03 Testing Engine

SCS-C03 PDF (Printable)
$59.5
$169.99
 Add to Cart

SCS-C03 PDF + Testing Engine

SCS-C03 PDF (Printable)
$74.55
$212.99
 Add to Cart
Question # 11

CloudFormation stack deployments fail for some users due to permission inconsistencies.

Which combination of steps will ensure consistent deployments MOST securely? (Select THRE

E.  

)

Options:

A.  

Create a composite principal service role.

B.  

Create a service role with cloudformation.amazonaws.com as the principal.

C.  

Attach scoped policies to the service role.

D.  

Attach service ARNs in policy resources.

E.  

Update each stack to use the service role.

F.  

Allow iam:PassRole to the service role.

Discussion 0
Question # 12

A company ' s web application is hosted on Amazon EC2 instances running behind an Application Load Balancer (ALB) in an Auto Scaling group. An AWS WAF web ACL is associated with the AL

B.  

AWS CloudTrail is enabled and stores logs in Amazon S3 and Amazon CloudWatch Logs.

The operations team has observed some EC2 instances reboot at random. After rebooting, all access logs on the instances have been deleted. During an investigation, the operations team found that each reboot happened just after a PHP error occurred on the new-user-creation.php file. The operations team needs to view log information to determine if the company is being attacked.

Which set of actions will identify the suspect attacker ' s IP address for future occurrences?

Options:

A.  

Configure VPC Flow Logs on the subnet where the ALB is located and stream the data to CloudWatch. Search for the new-user-creation.php occurrences in CloudWatch.

B.  

Configure the CloudWatch agent on the ALB and send application logs to CloudWatch Logs.

C.  

Configure the ALB to export access logs to an Amazon OpenSearch Service cluster and search for the new-user-creation.php occurrences.

D.  

Configure the web ACL to send logs to Amazon Data Firehose, which delivers the logs to an S3 bucket. Use Amazon Athena to query the logs and find the new-user-creation.php occurrences.

Discussion 0
Question # 13

A company sends Apache logs from EC2 Auto Scaling instances to a CloudWatch Logs log group with 1-year retention. A suspicious IP address appears in logs. A security engineer needs to analyze the past week of logs to count requests from that IP and list requested URLs.

What should the engineer do with the LEAST effort?

Options:

A.  

Export to S3 and use Macie.

B.  

Stream to OpenSearch and analyze.

C.  

Use CloudWatch Logs Insights with queries.

D.  

Export to S3 and use AWS Glue.

Discussion 0
Question # 14

A company’s web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) in an Auto Scaling group. An AWS WAF web ACL is associated with the AL

B.  

Instance logs are lost after reboots. The operations team suspects malicious activity targeting a specific PHP file.

Which set of actions will identify the suspect attacker’s IP address for future occurrences?

Options:

A.  

Configure VPC Flow Logs and search for PHP file activity.

B.  

Install the CloudWatch agent on the ALB and export application logs.

C.  

Export ALB access logs to Amazon OpenSearch Service and search them.

D.  

Configure the web ACL to send logs to Amazon Kinesis Data Firehose. Deliver logs to Amazon S3 and query them with Amazon Athena.

Discussion 0
Question # 15

A company experienced a security incident caused by a vulnerable container image that was pushed from an external CI/CD pipeline into Amazon ECR.

Which solution will prevent vulnerable images from being pushed?

Options:

A.  

Enable ECR enhanced scanning with Lambda blocking.

B.  

Use Amazon Inspector with EventBridge and Lambda.

C.  

Integrate Amazon Inspector into the CI/CD pipeline using SBOM generation and fail the pipeline on critical findings.

D.  

Enable basic continuous ECR scanning.

Discussion 0
Question # 16

A company operates an Amazon EC2 instance that is registered as a target of a Network Load Balancer (NLB). The NLB is associated with a security group. The security group allows inbound TCP traffic on port 22 from 10.0.0.0/23.

The company maps the NLB to two subnets that share the same network ACL and route table. The route table has a route for 0.0.0.0/0 to an internet gateway. The network ACL has one inbound rule that has a priority of 20 and that allows TCP traffic on port 22 from 10.0.0.0/16.

A security engineer receives an alert that there is an unauthorized SSH session on the EC2 instance. The unauthorized session originates from 10.0.1.5. The company ' s incident response procedure requires unauthorized SSH sessions to beimmediately interrupted. The instance must remain running, and its memory must remain intact.

Which solution will meet these requirements?

Options:

A.  

Restart the EC2 instance from either the AWS Management Console or the AWS CLI.

B.  

Add a new inbound rule that has a priority of 10 to the network ACL to deny TCP traffic on port 22 from 10.0.1.5.

C.  

Remove the security group rule that allows inbound TCP traffic on port 22 from 10.0.0.0/16.

D.  

Update the route table to remove the route to the internet gateway.

Discussion 0
Question # 17

A company hosts its public website on Amazon EC2 instances behind an Application Load Balancer (ALB). The website is experiencing a global DDoS attack from a specific IoT device brand that uses a unique user agent. A security engineer is creating an AWS WAF web ACL and will associate it with the AL

B.  

Which rule statement will mitigate the current attack and future attacks from these IoT devices without blocking legitimate customers?

Options:

A.  

Use an IP set match rule statement.

B.  

Use a geographic match rule statement.

C.  

Use a rate-based rule statement.

D.  

Use a string match rule statement on the user agent.

Discussion 0
Question # 18

A company wants to implement a content delivery network (CDN) for an upcoming product launch. The origin for distribution is a web server outside the AWS Cloud. The origin requires an authorization header from each request.

Which solution will meet these requirements?

Options:

A.  

Use AWS Global Accelerator to create a custom routing accelerator. Configure the accelerator to use TCP. Specify the web server’s IP address. Include the required authorization header in the request. Configure the web server to respond to requests from authorized users by using a signed cookie in the response header.

B.  

Create an Amazon CloudFront distribution. Configure CloudFront to use an origin access control (OAC). Specify the web server as the origin. Include the required authorization header in the OAC request. Configure the web server to respond to requests from authorized users by using a signed URL.

C.  

Create an Amazon CloudFront distribution. Configure CloudFront to forward a custom header to the origin. Specify trusted key groups for the distribution. Configure the web server to respond to requests from authorized users by using a signed URL.

D.  

Use AWS Global Accelerator to create an origin access control (OAC). Specify the web server as the origin. Include a custom header in the request. Configure the web server to respond to requests from authorized users by using a signed cookie in the response header.

Discussion 0
Question # 19

A company uses an organization in AWS Organizations and AWS IAM Identity Center to manage its AWS environment. The company configures IAM Identity Center to access the company’s on-premises Active Directory through a properly configured AD Connector. All the company’s employees are in an Active Directory group namedCloud.

The employees can view and access nearly all the AWS accounts in the organization, and the employees have the permissions that they require. However, the employees cannot access an account namedAccount

A.  

The company verifies that Account A exists in the organization.

What is the likely reason that the employees are unable to access Account A?

Options:

A.  

The company did not add Account A to an organizational unit (OU) within the organization.

B.  

The company has not synchronized the Cloud Active Directory group with the on-premises Active Directory.

C.  

The company did not assign the Cloud Active Directory group to Account A in IAM Identity Center with a valid permission set.

D.  

The company applied an IAM permissions boundary to Account A that is denying access to the account.

Discussion 0
Question # 20

A security engineer recently rotated the host keys for an Amazon EC2 instance. The security engineer is trying to access the EC2 instance by using the EC2 Instance Connect feature. However, the security engineer receives an error for failed host key validation. Before the rotation of the host keys, EC2 Instance Connect worked correctly with this EC2 instance.

What should the security engineer do to resolve this error?

Options:

A.  

Import the key material into AWS Key Management Service (AWS KMS).

B.  

Manually upload the new host key to the AWS trusted host keys database.

C.  

Ensure that the AmazonSSMManagedInstanceCore policy is attached to the EC2 instance profile.

D.  

Create a new SSH key pair for the EC2 instance.

Discussion 0
Get SCS-C03 dumps and pass your exam in 24 hours!

Free Exams Sample Questions

Free SY0-701 Questions
Free Rev-Con-201 Questions
Free 2V0-13.25 Questions
Free ZDTE Questions
Free N10-009 Questions
Free 200-301 Questions
Free AZ-104 Questions
Free 350-401 Questions
Free 2V0-17.25 Questions
Free CMMC-CCP Questions
Free AIF-C01 Questions
Free CMMC-CCA Questions
Free AI-102 Questions
Free 312-50v13 Questions
Free ICWIM Questions
Free CKA Questions
Free SC-200 Questions
Free SC-300 Questions
Free OGEA-102 Questions
NGFW-Engineer Questions
ISA-IEC-62443 Questions
Free Agentforce Specialist Questions
Free Generative-AI-Leader Questions
Free FCSS_EFW_AD-7.6 Questions
Free Secure-Software-Design Questions
Free Data-Cloud-Consultant Questions
Free Workday-Pro-Integrations Questions
Free UAE-Financial-Rules-and-Regulations Questions
AWS-Solution-Architect-Associate Dumps
Professional-Cloud-Architect Dumps
Service-Cloud-Consultant Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
Associate-Cloud-Engineer Dumps
350-701 Dumps
ISO-IEC-27001-Lead-Implementer Dumps
Integration-Architect Dumps
CLF-C02 Dumps
JN0-105 Dumps
CDCP Dumps
CTA Dumps
NCP-MCI-6.10 Dumps
NCA-AIIO Dumps