Home
Amazon
SCS-C02 Exam Questions

Home ❯
Amazon ❯
SCS-C02 Exam Questions

Free SCS-C02 Exam Questions - Amazon SCS-C02 Exam

Amazon SCS-C02 Exam

Total Questions: 327

Last Updated : 11-11-2024

Get Premium Files

Amazon SCS-C02 Exam - Prepare from Latest, Not Redundant Questions!

Many candidates desire to prepare their Amazon SCS-C02 exam with the help of only updated and relevant study material. But during their research, they usually waste most of their valuable time with information that is either not relevant or outdated. Study4Exam has a fantastic team of subject-matter experts that make sure you always get the most up-to-date preparatory material. Whenever there is a change in the syllabus of the AWS Certified Security - Specialty exam, our team of experts updates SCS-C02 questions and eliminates outdated questions. In this way, we save you money and time.

Amazon SCS-C02 Exam Sample Questions:

Q1.

A company has enabled Amazon GuardDuty in all AWS Regions as part of its security monitoring strategy. In one of its VPCs, the company hosts an Amazon EC2 instance that works as an FTP server. A high number of clients from multiple locations contact the FTP server. GuardDuty identifies this activity as a brute force attack because of the high number of connections that happen every hour.

The company has flagged the finding as a false positive, but GuardDuty continues to raise the issue. A security engineer must improve the signal-to-noise ratio without compromising the companys visibility of potential anomalous behavior.

Which solution will meet these requirements?

ADisable the FTP rule in GuardDuty in the Region where the FTP server is deployed.

BAdd the FTP server to a trusted IP list. Deploy the list to GuardDuty to stop receiving the notifications.

CCreate a suppression rule in GuardDuty to filter findings by automatically archiving new findings that match the specified criteria.

DCreate an AWS Lambda function that has the appropriate permissions to de-lete the finding whenever a new occurrence is reported.

Q2.

A company's security engineer is developing an incident response plan to detect suspicious activity in an AWS account for VPC hosted resources. The security engineer needs to provide visibility for as many AWS Regions as possible.

Which combination of steps will meet these requirements MOST cost-effectively? (Select TWO.)

ATurn on VPC Flow Logs for all VPCs in the account.

BActivate Amazon GuardDuty across all AWS Regions.

CActivate Amazon Detective across all AWS Regions.

DCreate an Amazon Simple Notification Service (Amazon SNS) topic. Create an Amazon EventBridge rule that responds to findings and publishes the find-ings to the SNS topic.

ECreate an AWS Lambda function. Create an Amazon EventBridge rule that in-vokes the Lambda function to publish findings to Amazon Simple Email Ser-vice (Amazon SES).

Q3.

A company accidentally deleted the private key for an Amazon Elastic Block Store (Amazon EBS)-backed Amazon EC2 instance. A security engineer needs to regain access to the instance.

Which combination of steps will meet this requirement? (Choose two.)

AStop the instance. Detach the root volume. Generate a new key pair.

BKeep the instance running. Detach the root volume. Generate a new key pair.

CWhen the volume is detached from the original instance, attach the volume to another instance as a data volume. Modify the authorized_keys file with a new public key. Move the volume back to the original instance. Start the instance.

DWhen the volume is detached from the original instance, attach the volume to another instance as a data volume. Modify the authorized_keys file with a new private key. Move the volume back to the original instance. Start the instance.

EWhen the volume is detached from the original instance, attach the volume to another instance as a data volume. Modify the authorized_keys file with a new public key. Move the volume back to the original instance that is running.

Q4.

A company has thousands of AWS Lambda functions. While reviewing the Lambda functions, a security engineer discovers that sensitive information is being stored in environment variables and is viewable as plaintext in the Lambda console. The values of the sensitive information are only a few characters long.

What is the MOST cost-effective way to address this security issue?

ASet up IAM policies from the Lambda console to hide access to the environment variables.

BUse AWS Step Functions to store the environment variables. Access the environment variables at runtime. Use IAM permissions to restrict access to the environment variables to only the Lambda functions that require access.

CStore the environment variables in AWS Secrets Manager, and access them at runtime. Use IAM permissions to restrict access to the secrets to only the Lambda functions that require access.

DStore the environment variables in AWS Systems Manager Parameter Store as secure string parameters, and access them at runtime. Use IAM permissions to restrict access to the parameters to only the Lambda functions that require access.

Q5.

A company has several petabytes of dat

a. The company must preserve this data for 7 years to comply with regulatory requirements. The company's compliance team asks a security officer to develop a strategy that will prevent anyone from changing or deleting the data.

Which solution will meet this requirement MOST cost-effectively?

ACreate an Amazon S3 bucket. Configure the bucket to use S3 Object Lock in compliance mode. Upload the data to the bucket. Create a resource-based bucket policy that meets all the regulatory requirements.

BCreate an Amazon S3 bucket. Configure the bucket to use S3 Object Lock in governance mode. Upload the data to the bucket. Create a user-based IAM policy that meets all the regulatory requirements.

CCreate a vault in Amazon S3 Glacier. Create a Vault Lock policy in S3 Glacier that meets all the regulatory requirements. Upload the data to the vault.

DCreate an Amazon S3 bucket. Upload the data to the bucket. Use a lifecycle rule to transition the data to a vault in S3 Glacier. Create a Vault Lock policy that meets all the regulatory requirements.

Solutions:

Question: 1 Answer: C

Question: 2 Answer: B, D

Question: 3 Answer: A, C

Question: 4 Answer: D

Question: 5 Answer: C

Disscuss Amazon SCS-C02 Topics, Questions or Ask Anything Related

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!