CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. SCS-C01

Free SCS-C01 Exam Braindumps (page: 6)

Page 6 of 134
PDF with 532 Questions

The Security Engineer is managing a traditional three-tier web application that is running on Amazon EC2 instances. The application has become the target of increasing numbers of malicious attacks from the Internet.

What steps should the Security Engineer take to check for known vulnerabilities and limitthe attack surface? (Choose two.)

  1. Use IAM Certificate Manager to encrypt all traffic between the client and application servers.
  2. Review the application security groups to ensure that only the necessary ports are open.
  3. Use Elastic Load Balancing to offload Secure Sockets Layer encryption.
  4. Use Amazon Inspector to periodically scan the backend instances.
  5. Use IAM Key Management Services to encrypt all the traffic between the client and application servers.

Answer(s): B,D



A Security Engineer creates an Amazon S3 bucket policy that denies access to all users. A few days later, the Security Engineer adds an additional statement to the bucket policy to allow read-only access to one other employee Even after updating the policy the employee still receives an access denied message.

What is the likely cause of this access denial?

  1. The ACL in the bucket needs to be updated.
  2. The IAM policy does not allow the user to access the bucket
  3. It takes a few minutes for a bucket policy to take effect
  4. The allow permission is being overridden by the deny.

Answer(s): D



A company has multiple IAM accounts that are part of IAM Organizations. The company's Security team wants to ensure that even those Administrators with full access to the company's IAM accounts are unable to access the company's Amazon S3 buckets

How should this be accomplished?

  1. UseSCPs
  2. Add a permissions boundary to deny access to Amazon S3 and attach it to all roles
  3. Use an S3 bucket policy
  4. Create a VPC endpoint for Amazon S3 and deny statements for access to Amazon S3

Answer(s): A



A company's Director of information Security wants a daily email report from IAM that contains recommendations for each company account to meet IAM Security best practices.

Which solution would meet these requirements?

  1. in every IAM account, configure IAM Lambda to query me IAM Support API tor IAM Trusted Advisor security checks Send the results from Lambda to an Amazon SNS topic to send reports.
  2. Configure Amazon GuardDuty in a master account and invite all other accounts to be managed by the master account Use GuardDuty's integration with Amazon SNS to report on findings
  3. Use Amazon Athena and Amazon QuickSight to build reports off of IAM CloudTrail Create a daily Amazon CloudWatch trigger to run the report dally and email It using Amazon SNS
  4. Use IAM Artifact's prebuilt reports and subscriptions Subscribe the Director of Information Security to the reports by adding the Director as the security alternate contact tor each account

Answer(s): A






Post your Comments and Discuss Amazon SCS-C01 exam with other Community members:

SCS-C01 Exam Discussions & Posts