A company stores sensitive documents in Amazon S3 by using server-side encryption with an IAM Key Management Service (IAM KMS) CMK. A new requirement mandates that the CMK that is used for these documents can be used only for S3 actions.Which statement should the company add to the key policy to meet this requirement?
Answer(s): A
A security engineer is defining the controls required to protect the IAM account root user credentials in an IAM Organizations hierarchy. The controls should also limit the impact in case these credentials have been compromised.Which combination of controls should the security engineer propose? (Select THREE.)
Answer(s): A,C,E
A company is using IAM Organizations. The company wants to restrict IAM usage to the eu-west-1 Region for all accounts under an OU that is named "development." The solution must persist restrictions to existing and new IAM accounts under the development OU.
A company is undergoing a layer 3 and layer 4 DDoS attack on its web servers running on IAM.Which combination of IAM services and features will provide protection in this scenario? (Select THREE).
Answer(s): D,E,F
Post your Comments and Discuss Amazon SCS-C02 exam with other Community members:
Mohammed Haque commented on October 04, 2024 very useful site for exam prep UNITED STATES upvote
Our website is free, but we have to fight against bots and content theft. We're sorry for the inconvenience caused by these security measures. You can access the rest of the SCS-C02 content, but please register or login to continue.