CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. SCS-C01

Free SCS-C01 Exam Braindumps (page: 4)

Page 4 of 134
PDF with 532 Questions

A company is outsourcing its operational support 1o an external company. The company's security officer must implement an access solution fen delegating operational support that minimizes overhead.

Which approach should the security officer take to meet these requirements?

  1. implement Amazon Cognito identity pools with a role that uses a policy that denies the actions related to Amazon Cognito API management Allow the external company to federate through its identity provider
  2. Federate IAM identity and Access Management (IAM) with the external company's identity provider Create an IAM role and attach a policy with the necessary permissions
  3. Create an IAM group for me external company Add a policy to the group that denies IAM modifications Securely provide the credentials to the eternal company.
  4. Use IAM SSO with the external company's identity provider. Create an IAM group to map to the identity provider user group, and attach a policy with the necessary permissions.

Answer(s): B



A Security Engineer accidentally deleted the imported key material in an IAM KMS CMK. What should the Security Engineer do to restore the deleted key material?

  1. Create a new CMK. Download a new wrapping key and a new import token to import the original key material
  2. Create a new CMK Use the original wrapping key and import token to import the original key material.
  3. Download a new wrapping key and a new import token Import the original key material into the existing CMK.
  4. Use the original wrapping key and import token Import the original key material into the existing CMK

Answer(s): C



A company has decided to use encryption in its IAM account to secure the objects in Amazon S3 using server-side encryption. Object sizes range from 16.000 B to 5 MB. The requirements are as follows:

· The key material must be generated and stored in a certified Federal Information Processing Standard (FIPS) 140-2 Level 3 machine.

· The key material must be available in multiple Regions.

Which option meets these requirements?

  1. Use an IAM KMS customer managed key and store the key material in IAM with replication across Regions
  2. Use an IAM customer managed key, import the key material into IAM KMS using in- house IAM CloudHSM. and store the key material securely in Amazon S3.
  3. Use an IAM KMS custom key store backed by IAM CloudHSM clusters, and copy backups across Regions
  4. Use IAM CloudHSM to generate the key material and backup keys across Regions Use the Java Cryptography Extension (JCE) and Public Key Cryptography Standards #11 (PKCS #11) encryption libraries to encrypt and decrypt the data.

Answer(s): D



A company's Security Officer is concerned about the risk of IAM account root user logins and has assigned a Security Engineer to implement a notification solution for near-real-time alerts upon account root user logins.

How should the Security Engineer meet these requirements?

  1. Create a cron job that runs a script lo download the IAM IAM security credentials We. parse the file for account root user logins and email the Security team's distribution 1st
  2. Run IAM CloudTrail logs through Amazon CloudWatch Events to detect account roo4 user logins and trigger an IAM Lambda function to send an Amazon SNS notification to the Security team's distribution list.
  3. Save IAM CloudTrail logs to an Amazon S3 bucket in the Security team's account Process the CloudTrail logs with the Security Engineer's logging solution for account root user logins Send an Amazon SNS notification to the Security team upon encountering the account root user login events
  4. Save VPC Plow Logs to an Amazon S3 bucket in the Security team's account and process the VPC Flow Logs with their logging solutions for account root user logins Send an Amazon SNS notification to the Security team upon encountering the account root user login events

Answer(s): B






Post your Comments and Discuss Amazon SCS-C01 exam with other Community members:

SCS-C01 Exam Discussions & Posts