CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. SCS-C01

Free SCS-C01 Exam Braindumps (page: 8)

Page 8 of 134
PDF with 532 Questions

A company is setting up products to deploy in IAM Service Catalog. Management is concerned that when users launch products, elevated IAM privileges will be required to create resources. How should the company mitigate this concern?

  1. Add a template constraint to each product in the portfolio.
  2. Add a launch constraint to each product in the portfolio.
  3. Define resource update constraints for each product in the portfolio.
  4. Update the IAM CloudFormalion template backing the product to include a service role configuration.

Answer(s): B

Explanation:

Launch constraints apply to products in the portfolio (product-portfolio association). Launch constraints do not apply at the portfolio level or to a product across all portfolios. To associate a launch constraint with all products in a portfolio, you must apply the launch constraint to each product individually.


Reference:

https://docs.IAM.amazon.com/servicecatalog/latest/adminguide/constraints- launch.html



A security engineer is designing an incident response plan to address the risk of a compromised Amazon EC2 instance. The plan must recommend a solution to meet the following requirements:

· A trusted forensic environment must be provisioned

· Automated response processes must be orchestrated

Which IAM services should be included in the plan? {Select TWO)

  1. IAM CloudFormation
  2. Amazon GuardDuty
  3. Amazon Inspector
  4. Amazon Macie
  5. IAM Step Functions

Answer(s): A,E



A company had one of its Amazon EC2 key pairs compromised. A Security Engineer must identify which current Linux EC2 instances were deployed and used the compromised key pair.

How can this task be accomplished?

  1. Obtain the list of instances by directly querying Amazon EC2 using: IAM ec2 describe- instances --fi1ters "Name=key-name,Values=KEYNAMEHERE".
  2. Obtain the fingerprint for the key pair from the IAM Management Console, then search for the fingerprint in the Amazon Inspector logs.
  3. Obtain the output from the EC2 instance metadata using: curl http:
    //169.254.169.254/latest/meta-data/public- keys/0/.
  4. Obtain the fingerprint for the key pair from the IAM Management Console, then search for the fingerprint in Amazon CloudWatch Logs using: IAM logs filter-log-events.

Answer(s): A



A Developer signed in to a new account within an IAM Organizations organizations unit (OU) containing multiple accounts. Access to the Amazon S3 service is restricted with the following SCP:




How can the Security Engineer provide the Developer with Amazon S3 access without affecting other accounts?

  1. Move the SCP to the root OU of Organizations to remove the restriction to access Amazon S3.
  2. Add an IAM policy for the Developer, which grants S3 access.
  3. Create a new OU without applying the SCP restricting S3 access. Move the Developer account to this new OU.
  4. Add an allow list for the Developer account for the S3 service.

Answer(s): C






Post your Comments and Discuss Amazon SCS-C01 exam with other Community members:

SCS-C01 Exam Discussions & Posts