AWS-Certified-Security-Specialty-SCS-C01 – AWS Certified Security - Specialty (SCS-C01)

Loading demo links...

Showing 4–6 of 20 questions

Question 4

A company is building a data lake on Amazon S3. The data consists of millions of small files containing sensitive information. The Security team has the following requirements for the architecture:

• Data must be encrypted in transit.

• Data must be encrypted at rest.

• The bucket must be private, but if the bucket is accidentally made public, the data must remain confidential.

Which combination of steps would meet the requirements? (Choose two.)

Select all that apply, then click Submit answer.

○
Enable AES-256 encryption using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) on the S3 bucket.
○
Enable default encryption with server-side encryption with AWS KMS-managed keys (SSE-KMS) on the S3 bucket.
○
Add a bucket policy that includes a deny if a PutObject request does not include aws:SecureTransport.
○
Add a bucket policy with aws:SourceIp to Allow uploads and downloads from the corporate intranet only.
○
Add a bucket policy that includes a deny if a PutObject request does not include s3:x-amz-server-side-encryption: "aws:kms".
○
Enable Amazon Macie to monitor and act on changes to the data lake's S3 bucket.

Question 5

Authorized Administrators are unable to connect to an Amazon EC2 Linux bastion host using SSH over the Internet. The connection either fails to respond or generates the following error message:

Network error: Connection timed out.

What could be responsible for the connection failure? (Choose three.)

Select all that apply, then click Submit answer.

○
The NAT gateway in the subnet where the EC2 instance is deployed has been misconfigured.
○
The internet gateway of the VPC has been misconfigured.
○
The security group denies outbound traffic on ephemeral ports.
○
The route table is missing a route to the internet gateway.
○
The NACL denies outbound traffic on ephemeral ports.
○
The host-based firewall is denying SSH traffic.

Question 6

Your company manages thousands of EC2 Instances. There is a mandate to ensure that all servers don't have any critical security flIAM. Which of the following can be done to ensure this? Choose 2 answers from the options given below.

Please select:

Select all that apply, then click Submit answer.

○
Use IAM Config to ensure that the servers have no critical flIAM.
○
Use IAM inspector to ensure that the servers have no critical flIAM.
○
Use IAM inspector to patch the servers
○
Use IAM SSM to patch the servers

Reference / correct answer:

Use IAM inspector to ensure that the servers have no critical flIAM.

Use IAM SSM to patch the servers

The IAM Documentation mentions the following on IAM Inspector

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on IAM. Amazon Inspector automatically assesses applications for vulnerabilities or deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API.

Option A is invalid because the IAM Config service is not used to check the vulnerabilities on servers

Option C is invalid because the IAM Inspector service is not used to patch servers

For more information on IAM Inspector, please visit the following URL:

https://IAM.amazon.com/inspector>

Once you understand the list of servers which require critical updates, you can rectify them by installing the required patches via the SSM tool.

For more information on the Systems Manager, please visit the following URL:

https://docs.IAM.amazon.com/systems-manager/latest/APIReference/Welcome.html

The correct answers are: Use IAM Inspector to ensure that the servers have no critical flIAM.. Use IAM SSM to patch the servers

(

← Prev 1 2 3 4 5 6 7 Next →

Page 2 of 7

Sale Ends In

2h 0m 0s