SCS-C03 Practice Questions
AWS Certified Security – Specialty
Last Update 4 days ago
Total Questions : 231
Dive into our fully updated and stable SCS-C03 practice test platform, featuring all the latest AWS Certified Specialty exam questions added this week. Our preparation tool is more than just a Amazon Web Services study aid; it's a strategic advantage.
Our free AWS Certified Specialty practice questions crafted to reflect the domains and difficulty of the actual exam. The detailed rationales explain the 'why' behind each answer, reinforcing key concepts about SCS-C03. Use this test to pinpoint which areas you need to focus your study on.
A company requires a specific software application to be installed on all new and existing Amazon EC2 instances across an AWS Organization. SSM Agent is installed and active.
How can the company continuously monitor deployment status of the software application?
A company is undergoing a security audit. The company issues IAM user credentials for an auditor. Because of third-party integration requirements, the auditor is unable to assume an IAM role. The auditor attempts to log in to AWS for the first time to reset the account password and to configure multi-factor authentication (MFA). However, the auditor receives an “Access Denied” error during the attempt to reset the password.
The auditor’s account has the following IAM permissions:
securityhub:Get*
securityhub:List*
securityhub:BatchGet*
securityhub:Describe*
iam:ChangePassword on arn:aws:iam::*:user/${aws:username}
Which action will resolve this error?
A company has a web application that reads from and writes to an Amazon S3 bucket. The company needs to use AWS credentials to authenticate all S3 API calls to the S3 bucket.
Which solution will provide the application with AWS credentials to make S3 API calls?
A company is using an organization in AWS Organizations that contains 100 accounts. The company has configured trusted access for Amazon GuardDuty to AWS Organizations within the management account. The company has designated a member account to be the GuardDuty administrator for the organization.
GuardDuty is working properly and reports findings for the organization in the GuardDuty console. The company wants a SecOps team to receive real-time email alerts from any GuardDuty finding within the organization that is high severity according to GuardDuty severity levels.
Which solution will meet these requirements?
A company’s platform has grown rapidly over the past 6 months. The company’s platform architecture evolved quickly to accommodate the growth. The company’s development team has been deploying features quickly by using different AWS services. The development team has not performed formal architecture reviews.
The company needs to evaluate its security posture against AWS security best practices.
Which solution will meet these requirements?
A company in France uses Amazon Cognito with the Cognito Hosted UI as an identity broker for sign-in and sign-up processes. The company is marketing an application and expects that all the application ' s users will come from France. When the company launches the application, the company ' s security team observes fraudulent sign-ups for the application. Most of the fraudulent registrations are from users outside of France. The security team needs a solution to perform custom validation at sign-up. Based on the results of the validation, the solution must accept or deny the registration request.
Which combination of steps will meet these requirements? (Select TWO.)
A security engineer has designed a VPC to segment private traffic from public traffic. The VPC includes two Availability Zones. The security engineer has provisioned each Availability Zone with one private subnet and one public subnet. The security engineer has created three route tables for use with the environment. One route table is for the public subnets, and two route tables are for the private subnets (one route table for the private subnet in each Availability Zone).
The security engineer discovers that all four subnets are attempting to route traffic out through the internet gateway that is attached to the VP
C.
Which combination of steps should the security engineer take to remediate this scenario? (Select TWO.)
A company uses an organization in AWS Organizations to manage multiple AWS accounts. The company wants to centrally give users the ability to access Amazon Q Developer.
Which solution will meet this requirement?
A company runs ECS services behind an internet-facing ALB that is the origin for CloudFront. An AWS WAF web ACL is associated with CloudFront, but clients can bypass it by accessing the ALB directly.
Which solution will prevent direct access to the ALB?
A company ' s security engineer receives an abuse notification from AWS indicating that malware is being hosted from the company’s AWS account. The security engineer discovers that an IAM user created a new Amazon S3 bucket without authorization.
Which combination of steps should the security engineer take to MINIMIZE the consequences of this compromise? (Select THRE
E.
)
