CertsTopics Logo

New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

AWS Certified Specialty SCS-C01 Reddit Questions

Page: 29 / 44
Total 589 questions
Get SCS-C01 Full Access Download SCS-C01 PDF

AWS Certified Security - Specialty Questions and Answers

Question 113

DDoS attacks that happen at the application layer commonly target web applications with lower volumes of traffic compared to infrastructure attacks. To mitigate these types of attacks, you should probably want to include a WAF (Web Application Firewall) as part of your infrastructure. To inspect all HTTP requests, WAFs sit in-line with your application traffic. Unfortunately, this creates a scenario where WAFs can become a point of failure or bottleneck. To mitigate this problem, you need the ability to run multiple WAFs on demand during traffic spikes. This type of scaling for WAF is done via a "WAF sandwich." Which of the following statements best describes what a "WAF sandwich" is? Choose the correct answer from the options below

Please select:

Options:

A.

The EC2 instance running your WAF software is placed between your private subnets and any NATed connections to the internet.

B.

The EC2 instance running your WAF software is placed between your public subnets and your Internet Gateway.

C.

The EC2 instance running your WAF software is placed between your public subnets and your private subnets.

D.

The EC2 instance running your WAF software is included in an Auto Scaling group and placed in between two Elastic load balancers.

Question 114

You need to ensure that the cloudtrail logs which are being delivered in your IAM account is encrypted. How can this be achieved in the easiest way possible?

Please select:

Options:

A.

Don't do anything since CloudTrail logs are automatically encrypted.

B.

Enable S3-SSE for the underlying bucket which receives the log files

C.

Enable S3-KMS for the underlying bucket which receives the log files

D.

Enable KMS encryption for the logs which are sent to Cloudwatch

Question 115

Your company has a set of EC2 Instances that are placed behind an ELB. Some of the applications hosted on these instances communicate via a legacy protocol. There is a security mandate that all traffic between the client and the EC2 Instances need to be secure. How would you accomplish this?

Please select:

Options:

A.

Use an Application Load balancer and terminate the SSL connection at the ELB

B.

Use a Classic Load balancer and terminate the SSL connection at the ELB

C.

Use an Application Load balancer and terminate the SSL connection at the EC2 Instances

D.

Use a Classic Load balancer and terminate the SSL connection at the EC2 Instances

Question 116

A company is planning on using IAM EC2 and IAM Cloudfrontfor their web application. For which one of the below attacks is usage of Cloudfront most suited for?

Please select:

Options:

A.

Cross side scripting

B.

SQL injection

C.

DDoS attacks

D.

Malware attacks

Page: 29 / 44
Total 589 questions
Get SCS-C01 Full Access Download SCS-C01 PDF