AWS Certified Specialty SCS-C01 Full Course Free

AWS Certified Security - Specialty Questions and Answers

Question 89

You have just developed a new mobile application that handles analytics workloads on large scale datasets that are stored on Amazon Redshift. Consequently, the application needs to access Amazon Redshift tables. Which of the belov methods would be the best both practically and security-wise, to access the tables? Choose the correct answer from the options below

Please select:

Options:

Create an IAM user and generate encryption keys for that user. Create a policy for Redshift read-only access. Embed th keys in the application.

Create an HSM client certificate in Redshift and authenticate using this certificate.

Create a Redshift read-only access policy in IAM and embed those credentials in the application.

Use roles that allow a web identity federated user to assume a role that allows access to the Redshift table by providing temporary credentials.

Question 90

A company has external vendors that must deliver files to the company. These vendors have cross-account that gives them permission to upload objects to one of the company's S3 buckets.

What combination of steps must the vendor follow to successfully deliver a file to the company? Select 2 answers from the options given below

Please select:

Options:

Attach an IAM role to the bucket that grants the bucket owner full permissions to the object

Add a grant to the objects ACL giving full permissions to bucket owner.

Encrypt the object with a KMS key controlled by the company.

Add a bucket policy to the bucket that grants the bucket owner full permissions to the object

Upload the file to the company's S3 bucket

Question 91

The CFO of a company wants to allow one of his employees to view only the IAM usage report page. Which of the below mentioned IAM policy statements allows the user to have access to the IAM usage report page?

Please select:

Options:

"Effect": "Allow". "Action": ["Describe"], "Resource": "Billing"

"Effect": "Allow", "Action": ["AccountUsage], "Resource": "*"

"Effect': "Allow", "Action": ["IAM-portal:ViewUsage"," IAM-portal:ViewBilling"], "Resource": "*"

"Effect": "Allow", "Action": ["IAM-portal: ViewBilling"], "Resource": "*"

Question 92

Company policy requires that all insecure server protocols, such as FTP, Telnet, HTTP, etc be disabled on all servers. The security team would like to regularly check all servers to ensure compliance with this requirement by using a scheduled CloudWatch event to trigger a review of the current infrastructure. What process will check compliance of the company's EC2 instances?

Please select:

Options:

Trigger an IAM Config Rules evaluation of the restricted-common-ports rule against every EC2 instance.

Query the Trusted Advisor API for all best practice security checks and check for "action recommened" status.

Enable a GuardDuty threat detection analysis targeting the port configuration on every EC2 instance.

Run an Amazon inspector assessment using the Runtime Behavior Analysis rules package against every EC2 instance.

New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

AWS Certified Specialty SCS-C01 Full Course Free

AWS Certified Security - Specialty Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

CompTIA

Fortinet

Microsoft

Salesforce