Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65pass65

SCS-C03 AWS Certified Security – Specialty is now Stable and With Pass Result | Test Your Knowledge for Free

  1. Home
  2. Amazon Web Services
  3. AWS Certified Specialty
  4. SCS-C03
  5. AWS Certified Security – Specialty
Exams4sure Dumps

SCS-C03 Practice Questions

AWS Certified Security – Specialty

Last Update 4 days ago
Total Questions : 231

Dive into our fully updated and stable SCS-C03 practice test platform, featuring all the latest AWS Certified Specialty exam questions added this week. Our preparation tool is more than just a Amazon Web Services study aid; it's a strategic advantage.

Our free AWS Certified Specialty practice questions crafted to reflect the domains and difficulty of the actual exam. The detailed rationales explain the 'why' behind each answer, reinforcing key concepts about SCS-C03. Use this test to pinpoint which areas you need to focus your study on.

SCS-C03 PDF

SCS-C03 PDF (Printable)
$54.25
$154.99
 Add to Cart

SCS-C03 Testing Engine

SCS-C03 PDF (Printable)
$59.5
$169.99
 Add to Cart

SCS-C03 PDF + Testing Engine

SCS-C03 PDF (Printable)
$74.55
$212.99
 Add to Cart
Question # 41

A security engineer for a company wants to maintain all IAM users and roles according to the principle of least privilege. The security engineer plans to audit the IAM permissions once every 365 days. The security engineer must view the permissions that each IAM identity used in the last 365 days and must remove any unused permissions.

Which solution will meet these requirements?

Options:

A.  

Use AWS CloudTrail logs to review IAM identity actions and to remove unused permissions.

B.  

Use AWS Config to review configuration changes by each IAM identity and to remove unused permissions.

C.  

Use AWS Identity and Access Management Access Analyzer to review last accessed information and to remove unused permissions.

D.  

Use AWS Trusted Advisor to check the IAM identities that have elevated permissions and to remove unused permissions.

Discussion 0
Question # 42

A company needs centralized log monitoring with automatic detection across hundreds of AWS accounts.

Which solution meets these requirements with the LEAST operational effort?

Options:

A.  

Designate a GuardDuty administrator account and enable protections.

B.  

Centralize CloudWatch logs and use Inspector.

C.  

Centralize CloudTrail logs and query with Athena.

D.  

Stream logs to Kinesis and process with Lambda.

Discussion 0
Question # 43

A company stores sensitive data in an Amazon S3 bucket. The company encrypts the data at rest by using server-side encryption with Amazon S3 managed keys (SSE-S3). A security engineer must prevent any modifications to the data in the S3 bucket.

Which solution will meet this requirement?

Options:

A.  

Configure S3 bucket policies to deny DELETE and PUT object permissions.

B.  

Configure S3 Object Lock in compliance mode with S3 bucket versioning enabled.

C.  

Change the encryption on the S3 bucket to use AWS Key Management Service (AWS KMS) customer managed keys.

D.  

Configure the S3 bucket with multi-factor authentication (MFA) delete protection.

Discussion 0
Question # 44

A development team is creating an open source toolset to manage a company’s software as a service (SaaS) application. The company stores the code in a public repository so that anyone can view and download the toolset’s code. The company discovers that the code contains an IAM access key and secret key that provide access to internal resources in the company ' s AWS environment. A security engineer must implement a solution to identify whether unauthorized usage of the exposed credentials has occurred. The solution also must prevent any additional usage of the exposed credentials.

Which combination of steps will meet these requirements? (Select TWO.)

Options:

A.  

Use AWS Identity and Access Management Access Analyzer to determine which resources the exposed credentials accessed and who used them.

B.  

Deactivate the exposed IAM access key from the user ' s IAM account.

C.  

Create a rule in Amazon GuardDuty to block the access key in the source code from being used.

D.  

Create a new IAM access key and secret key for the user whose credentials were exposed.

E.  

Generate an IAM credential report. Check the report to determine when the user that owns the access key last logged in.

Discussion 0
Question # 45

A company needs to scan all AWS Lambda functions for code vulnerabilities.

Options:

A.  

Use Amazon Macie.

B.  

Enable Amazon Inspector Lambda scanning.

C.  

Use GuardDuty and Security Hub.

D.  

Use GuardDuty Lambda Protection.

Discussion 0
Question # 46

A company has enabled AWS Config for its organization in AWS Organizations. The company has deployed hundreds of Amazon S3 buckets across the organization. A security engineer needs to identify any S3 buckets that are not encrypted with AWS Key Management Service (AWS KMS). The security engineer also must prevent objects that are not encrypted with AWS KMS from being uploaded to the S3 buckets.

Which solution will meet these requirements?

Options:

A.  

Use thes3-default-encryption-kmsAWS Config managed rule to identify unencrypted S3 buckets. Create an SCP to allow thes3:PutObjectaction only when the object is encrypted with AWS KMS.

B.  

Use thes3-default-encryption-kmsAWS Config managed rule to identify unencrypted S3 buckets. Create bucket policies for each S3 bucket to deny thes3:PutObjectaction only when the object has server-side encryption with S3 managed keys (SSE-S3).

C.  

Use thes3-bucket-ssl-requests-onlyAWS Config managed rule to identify unencrypted S3 buckets. Create an SCP to allow thes3:PutObjectaction only when the object is encrypted with AWS KMS.

D.  

Use thes3-bucket-ssl-requests-onlyAWS Config managed rule to identify unencrypted S3 buckets. Create bucket policies for each S3 bucket to allow thes3:PutObjectaction only when the object is encrypted with AWS KMS.

Discussion 0
Question # 47

A company is developing an application that runs across a combination of Amazon EC2 On-Demand Instances and Spot Instances. A security engineer needs to provide a logging solution that makes logs for all instances available from a single location. The solution must allow only a specific set of users to analyze the logs for events patterns. The users must be able to use SQL queries on the logs to perform root cause analysis.

Which solution will meet these requirements?

Options:

A.  

Configure the EC2 instances to send application logs to a single Amazon CloudWatch Logs log group. Allow only specific users to access the log group. Use CloudWatch Logs Insights to query the log group.

B.  

Configure the EC2 instances to send application logs to a single Amazon S3 bucket. Allow only specific users to access the S3 bucket. Use Amazon CloudWatch Logs Insights to query the log files in the S3 bucket.

C.  

Configure each EC2 instance to send its application logs to its own specific Amazon CloudWatch Logs log group. Allow only specific users to access the log groups. Use Amazon Athena to query all the log groups.

D.  

Configure the EC2 instances to send application logs to a single Amazon CloudWatch Logs log group. Grant Amazon Detective access to the log group. Allow only specific users to use Detective to query the log group.

Discussion 0
Question # 48

A company begins to use AWS WAF after experiencing an increase in traffic to the company ' s public web applications. A security engineer needs to determine if the increase in traffic is because of application-layer attacks. The security engineer needs a solution to analyze AWS WAF traffic.

Which solution will meet this requirement?

Options:

A.  

Configure AWS WAF to send logs to a trail in AWS CloudTrail. Create an Amazon Data Firehose delivery stream to send the logs to Amazon OpenSearch Service. Use OpenSearch Dashboards and an Amazon Athena connector to query the logs.

B.  

Configure AWS WAF to send logs to an Amazon S3 bucket. Configure an OpenSearch table with a partition projection of the S3 bucket. Use OpenSearch to query the data in the S3 bucket.

C.  

Configure AWS WAF to send logs to an Amazon S3 bucket. Configure an Amazon Athena table with a partition projection of the S3 bucket. Use Athena to query the data in the S3 bucket.

D.  

Configure AWS WAF to send logs to a trail in AWS CloudTrail. Create an Amazon Data Firehose delivery stream to send the logs to an Amazon S3 bucket. Use Amazon Athena to query the data in the S3 bucket.

Discussion 0
Question # 49

A company uses AWS Organizations. The company subscribes to AWS Shield Advanced. The company must share third-party firewall logs from all its accounts with the Shield Response Team. The company stores the logs in an Amazon S3 bucket that uses server-side encryption with S3 managed keys (SSE-S3).

Which combination of steps will meet these requirements? (Select TWO.)

Options:

A.  

Use the aws shield associate-drt-log-bucket command to grant the Shield Response Team access to the bucket.

B.  

Configure multi-account support by creating a delegated administrator account for Shield Advanced.

C.  

In the delegated administrator account, configure Shield Advanced to forward events to AWS Security Hub CSPM.

D.  

Create an IAM role and attach the AWSShieldDRTAccessPolicy policy. Create a trust policy with the drt.shield.amazonaws.com service principal.

E.  

Configure auto-enable preferences in Organizations to enable Shield Advanced as the organization adds new member accounts.

Discussion 0
Question # 50

A company that uses AWS Organizations is using AWS IAM Identity Center to administer access to AWS accounts. A security engineer is creating a custom permission set in IAM Identity Center. The company will use the permission set across multiple accounts. An AWS managed policy and a customer managed policy are attached to the permission set. The security engineer has full administrative permissions and is operating in the management account.

When the security engineer attempts to assign the permission set to an IAM Identity Center user who has access to multiple accounts, the assignment fails.

What should the security engineer do to resolve this failure?

Options:

A.  

Create the customer managed policy in every account where the permission set is assigned. Give the customer managed policy the same name and same permissions in each account.

B.  

Remove either the AWS managed policy or the customer managed policy from the permission set. Create a second permission set that includes the removed policy. Apply the permission sets separately to the user.

C.  

Evaluate the logic of the AWS managed policy and the customer managed policy. Resolve any policy conflicts in the permission set before deployment.

D.  

Do not add the new permission set to the user. Instead, edit the user ' s existing permission set to include the AWS managed policy and the customer managed policy.

Discussion 0
Get SCS-C03 dumps and pass your exam in 24 hours!

Free Exams Sample Questions

Free SY0-701 Questions
Free Rev-Con-201 Questions
Free 2V0-13.25 Questions
Free ZDTE Questions
Free N10-009 Questions
Free 200-301 Questions
Free AZ-104 Questions
Free 350-401 Questions
Free 2V0-17.25 Questions
Free CMMC-CCP Questions
Free AIF-C01 Questions
Free CMMC-CCA Questions
Free AI-102 Questions
Free 312-50v13 Questions
Free ICWIM Questions
Free CKA Questions
Free SC-200 Questions
Free SC-300 Questions
Free OGEA-102 Questions
NGFW-Engineer Questions
ISA-IEC-62443 Questions
Free Agentforce Specialist Questions
Free Generative-AI-Leader Questions
Free FCSS_EFW_AD-7.6 Questions
Free Secure-Software-Design Questions
Free Data-Cloud-Consultant Questions
Free Workday-Pro-Integrations Questions
Free UAE-Financial-Rules-and-Regulations Questions
AWS-Solution-Architect-Associate Dumps
Professional-Cloud-Architect Dumps
Service-Cloud-Consultant Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
Associate-Cloud-Engineer Dumps
350-701 Dumps
ISO-IEC-27001-Lead-Implementer Dumps
Integration-Architect Dumps
CLF-C02 Dumps
JN0-105 Dumps
CDCP Dumps
CTA Dumps
NCP-MCI-6.10 Dumps
NCA-AIIO Dumps