Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. SCS-C01

Free Amazon SCS-C01 Exam Braindumps (page: 64)

Page 26 of 134
PDF with 532 Questions

A security engineer must develop an encryption tool for a company. The company requires a cryptographic solution that supports the ability to perform cryptographic erasure on all resources protected by the key material in 15 minutes or less

Which IAM Key Management Service (IAM KMS) key solution will allow the security engineer to meet these requirements?

  1. Use Imported key material with CMK
  2. Use an IAM KMS CMK
  3. Use an IAM managed CMK.
  4. Use an IAM KMS customer managed CMK

Answer(s): C



A company is running an application on Amazon EC2 instances in an Auto Scaling group. The application stores logs locally A security engineer noticed that logs were lost after ascale-in event. The security engineer needs to recommend a solution to ensure the durability and availability of log data All logs must be kept for a minimum of 1 year for auditing purposes

What should the security engineer recommend?

  1. Within the Auto Scaling lifecycle, add a hook to create and attach an Amazon Elastic Block Store (Amazon EBS) log volume each time an EC2 instance is created. When the instance is terminated, the EBS volume can be reattached to another instance for log review.
  2. Create an Amazon Elastic File System (Amazon EFS) file system and add a command in the user data section of the Auto Scaling launch template to mount the EFS file system during EC2 instance creation Configure a process on the instance to copy the logs once a day from an instance Amazon Elastic Block Store (Amazon EBS) volume to a directory in the EFS file system.
  3. Build the Amazon CloudWatch agent into the AMI used in the Auto Scaling group. Configure the CloudWatch agent to send the logs to Amazon CloudWatch Logs for review.
  4. Within the Auto Scaling lifecycle, add a lifecycle hook at the terminating state transition and alert the engineering team by using a lifecycle notification to Amazon Simple Notification Service (Amazon SNS). Configure the hook to remain in the Terminating:Wait state for 1 hour to allow manual review of the security logs prior to instance termination.

Answer(s): B



Unapproved changes were previously made to a company's Amazon S3 bucket. A security engineer configured IAM Config to record configuration changes made to the company's S3 buckets. The engineer discovers there are S3 configuration changes being made, but no Amazon SNS notifications are being sent. The engineer has already checked the configuration of the SNS topic and has confirmed the configuration is valid.

Which combination of steps should the security engineer take to resolve the issue? (Select TWO.)

  1. Configure the S3 bucket ACLs to allow IAM Config to record changes to the buckets.
  2. Configure policies attached to S3 buckets to allow IAM Config to record changes to the buckets.
  3. Attach the AmazonS3ReadOnryAccess managed policy to the IAM user.
  4. Verify the security engineer's IAM user has an attached policy that allows all IAM Config actions.
  5. Assign the IAMConfigRole managed policy to the IAM Config role

Answer(s): B,E



A company's architecture requires that its three Amazon EC2 instances run behind an Application Load Balancer (ALB). The EC2 instances transmit sensitive data between each other Developers use SSL certificates to encrypt the traffic between the public users and the ALB However the Developers are unsure of how to encrypt the data in transit between the ALB and the EC2 instances and the traffic between the EC2 instances

Which combination of activities must the company implement to meet its encryption requirements'? (Select TWO )

  1. Configure SSLTLS on the EC2 instances and configure the ALB target group to use HTTPS
  2. Ensure that all resources are in the same VPC so the default encryption provided by the VPC is used to encrypt the traffic between the EC2 instances.
  3. In the ALB. select the default encryption to encrypt the traffic between the ALB and the EC2 instances
  4. In the code for the application, include a cryptography library and encrypt the data before sending it between the EC2 instances
  5. Configure IAM Direct Connect to provide an encrypted tunnel between the EC2 instances

Answer(s): B,C






Post your Comments and Discuss Amazon SCS-C01 exam prep with other Community members:

SCS-C01 Exam Discussions & Posts