← Back to exam page

AWS-Certified-Security-Specialty-SCS-C01 AWS Certified Security - Specialty (SCS-C01)

Loading demo links...

Showing 16–18 of 20 questions

Question 16

A Security Engineer must enforce the use of only Amazon EC2, Amazon S3, Amazon RDS, Amazon DynamoDB, and IAM STS in specific accounts.

What is a scalable and efficient approach to meet this requirement?

Select an option, then click Submit answer.

  • Option A

  • Option B

  • Option C

  • Option D
Question 17

There is a requirement for a company to transfer large amounts of data between IAM and an on-premise location. There is an additional requirement for low latency and high consistency traffic to IAM. Given these requirements how would you design a hybrid architecture? Choose the correct answer from the options below

Please select:

Select an option, then click Submit answer.

  • Provision a Direct Connect connection to an IAM region using a Direct Connect partner.

  • Create a VPN tunnel for private connectivity, which increases network consistency and reduces latency.

  • Create an iPSec tunnel for private connectivity, which increases network consistency and reduces latency.

  • Create a VPC peering connection between IAM and the Customer gateway.
Question 18

An application uses Amazon Cognito to manage end users’ permissions when directly accessing IAM resources, including Amazon DynamoDB. A new feature request reads as follows:

Provide a mechanism to mark customers as suspended pending investigation or suspended permanently. Customers should still be able to log in when suspended, but should not be able to make changes.

The priorities are to reduce complexity and avoid potential for future security issues.

Which approach will meet these requirements and priorities?

Select an option, then click Submit answer.

  • Create a new database field “suspended_status” and modify the application logic to validate that field when processing requests.

  • Add suspended customers to second Cognito user pool and update the application login flow to check both user pools.

  • Use Amazon Cognito Sync to push out a “suspension_status” parameter and split the lAM policy into normal users and suspended users.

  • Move suspended customers to a second Cognito group and define an appropriate IAM access policy for the group.