Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. SCS-C01

Free Amazon SCS-C01 Exam Braindumps (page: 62)

Page 20 of 134
PDF with 532 Questions

An IAM account administrator created an IAM group and applied the following managed policy to require that each individual user authenticate using multi-factor authentication:



After implementing the policy, the administrator receives reports that users are unable to perform Amazon EC2 commands using the IAM CLI. What should the administrator do to resolve this problem while still enforcing multi-factor authentication?

  1. Change the value of IAM MultiFactorAuthPresent to true.
  2. Instruct users to run the IAM sts get-session-token CLI command and pass the multi- factor authentication --serial-number and --token-code parameters. Use these resulting values to make API/CLI calls
  3. Implement federated API/CLI access using SAML 2.0, then configure the identityprovider to enforce multi-factor authentication.
  4. Create a role and enforce multi-factor authentication in the role trust policy Instruct users to run the sts assume-role CLI command and pass --serial-number and --token-code parameters Store the resulting values in environment variables. Add sts:AssumeRole to NotAction in the policy.

Answer(s): B



Users report intermittent availability of a web application hosted on IAM. Monitoring systems report an excess of abnormal network traffic followed by high CPU utilization on the application web tier. Which of the following techniques will improve the availability of the application? (Select TWO.)

  1. Deploy IAM WAF to block all unsecured web applications from accessing the internet.
  2. Deploy an Intrusion Detection/Prevention System (IDS/IPS) to monitor or block unusual incoming network traffic.
  3. Configure security groups to allow outgoing network traffic only from hosts that are protected with up-to-date antivirus software.
  4. Create Amazon CloudFront distribution and configure IAM WAF rules to protect the web applications from malicious traffic.
  5. Use the default Amazon VPC for externakfacing systems to allow IAM to actively block malicious network traffic affecting Amazon EC2 instances.

Answer(s): B,D



A security engineer is asked to update an AW3 CoudTrail log file prefix for an existing trail. When attempting to save the change in the CloudTrail console, the security engineer receives the following error message. "There is a problem with the bucket policy''

What will enable the security engineer to saw the change?

  1. Create a new trail with the updated log file prefix, and then delete the original nail Update the existing bucket policy in the Amazon S3 console with the new log the prefix, and then update the log file prefix in the CloudTrail console
  2. Update the existing bucket policy in the Amazon S3 console to allow the security engineers principal to perform PutBucketPolicy. and then update the log file prefix in the CloudTrail console
  3. Update the existing bucket policy in the Amazon S3 console with the new log file prefix,and then update the log file prefix in the CloudTrail console.
  4. Update the existing bucket policy in the Amazon S3 console to allow the security engineers principal to perform GetBucketPolicy, and then update the log file prefix in the CloudTrail console

Answer(s): C


Reference:

https://docs.IAM.amazon.com/IAMcloudtrail/latest/userguide/create-s3- bucket-policy-for-cloudtrail.html#cloudtrail-add-change-or-remove-a-bucket-prefix



An application is currently secured using network access control lists and security groups. Web servers are located in public subnets behind an Application Load Balancer (ALB); application servers are located in private subnets.

How can edge security be enhanced to safeguard the Amazon EC2 instances against attack? (Choose two.)

  1. Configure the application's EC2 instances to use NAT gateways for all inbound traffic.
  2. Move the web servers to private subnets without public IP addresses.
  3. Configure IAM WAF to provide DDoS attack protection for the ALB.
  4. Require all inbound network traffic to route through a bastion host in the private subnet.
  5. Require all inbound and outbound network traffic to route through an IAM Direct Connect connection.

Answer(s): B,C






Post your Comments and Discuss Amazon SCS-C01 exam prep with other Community members:

SCS-C01 Exam Discussions & Posts