CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. SCS-C01

Free SCS-C01 Exam Braindumps (page: 5)

Page 5 of 134
PDF with 532 Questions

A company has a serverless application for internal users deployed on IAM. The application uses IAM Lambda for the front end and for business logic. The Lambda function accesses an Amazon RDS database inside a VPC The company uses IAM Systems Manager Parameter Store for storing database credentials. A recent security review highlighted the following issues

The Lambda function has internet access.
The relational database is publicly accessible.
The database credentials are not stored in an encrypted state.

Which combination of steps should the company take to resolve these security issues? (Select THREE)

  1. Disable public access to the RDS database inside the VPC
  2. Move all the Lambda functions inside the VPC.
  3. Edit the IAM role used by Lambda to restrict internet access.
  4. Create a VPC endpoint for Systems Manager. Store the credentials as a string parameter. Change the parameter type to an advanced parameter.
  5. Edit the IAM role used by RDS to restrict internet access.
  6. Create a VPC endpoint for Systems Manager. Store the credentials as a SecureString parameter.

Answer(s): A,B,E



After a recent security audit involving Amazon S3, a company has asked assistance reviewing its S3 buckets to determine whether data is properly secured. The first S3 bucket on the list has the following bucket policy.



Is this bucket policy sufficient to ensure that the data is not publicity accessible?

  1. Yes, the bucket policy makes the whole bucket publicly accessible despite now the S3 bucket ACL or object ACLs are configured.
  2. Yes, none of the data in the bucket is publicity accessible, regardless of how the S3 bucket ACL and object ACLs are configured.
  3. No, the IAM user policy would need to be examined first to determine whether any data is publicly accessible.
  4. No, the S3 bucket ACL and object ACLs need to be examined first to determine whether any data is publicly accessible.

Answer(s): A



A company wants to encrypt data locally while meeting regulatory requirements related to key exhaustion. The encryption key can be no more than 10 days old or encrypt more than 2" 16 objects Any encryption key must be generated on a FlPS-validated hardware security module (HSM). The company is cost-conscious, as plans to upload an average of 100 objects to Amazon S3 each second for sustained operations across 5 data producers

When approach MOST efficiently meets the company's needs?

  1. Use the IAM Encryption SDK and set the maximum age to 10 days and the minimum number of messages encrypted to 3" 16. Use IAM Key Management Service (IAM KMS) to generate the master key and data key Use data key caching with the Encryption SDk during the encryption process.
  2. Use IAM Key Management Service (IAM KMS) to generate an IAM managed CMK. Then use Amazon S3 client-side encryption configured to automatically rotate with every object
  3. Use IAM CloudHSM to generate the master key and data keys. Then use Boto 3 and Python to locally encrypt data before uploading the object Rotate the data key every 10 days or after 2" 16 objects have been Uploaded to Amazon 33
  4. Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) and set the master key to automatically rotate.

Answer(s): A



A Web Administrator for the website example.com has created an Amazon CloudFront distribution for dev.example.com, with a requirement to configure HTTPS using a custom TLS certificate imported to IAM Certificate Manager.

Which combination of steps is required to ensure availability of the certificate in the CloudFront console? (Choose two.)

  1. Call UploadServerCertificate with /cloudfront/dev/ in the path parameter.
  2. Import the certificate with a 4,096-bit RSA public key.
  3. Ensure that the certificate, private key, and certificate chain are PKCS #12-encoded.
  4. Import the certificate in the us-east-1 (N. Virginia) Region.
  5. Ensure that the certificate, private key, and certificate chain are PEM-encoded.

Answer(s): D,E






Post your Comments and Discuss Amazon SCS-C01 exam with other Community members:

SCS-C01 Exam Discussions & Posts