CertsTopics Logo

New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

AWS Certified Specialty SCS-C01 Syllabus Exam Questions Answers

Page: 21 / 44
Total 589 questions
Get SCS-C01 Full Access Download SCS-C01 PDF

AWS Certified Security - Specialty Questions and Answers

Question 81

A company has an IAM account and allows a third-party contractor who uses another IAM account, to assume certain IAM roles. The company wants to ensure that IAM roles can be assumed by the contractor only if the contractor has multi-factor authentication enabled on their IAM user accounts

What should the company do to accomplish this?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 82

A company is setting up products to deploy in IAM Service Catalog. Management is concerned that when users launch products, elevated IAM privileges will be required to create resources. How should the company mitigate this concern?

Options:

A.

Add a template constraint to each product in the portfolio.

B.

Add a launch constraint to each product in the portfolio.

C.

Define resource update constraints for each product in the portfolio.

D.

Update the IAM CloudFormalion template backing the product to include a service role configuration.

Question 83

A company's Security Engineer has been asked to monitor and report all IAM account root user activities.

Which of the following would enable the Security Engineer to monitor and report all root user activities? (Select TWO)

Options:

A.

Configuring IAM Organizations to monitor root user API calls on the paying account

B.

Creating an Amazon CloudWatch Events rule that will trigger when any API call from the root user is reported

C.

Configuring Amazon Inspector to scan the IAM account for any root user activity

D.

Configuring IAM Trusted Advisor to send an email to the Security team when the root user logs in to the console

E.

Using Amazon SNS to notify the target group

Question 84

An external Auditor finds that a company's user passwords have no minimum length. The company is currently using two identity providers:

• IAM IAM federated with on-premises Active Directory

• Amazon Cognito user pools to accessing an IAM Cloud application developed by the company

Which combination o1 actions should the Security Engineer take to solve this issue? (Select TWO.)

Options:

A.

Update the password length policy In the on-premises Active Directory configuration.

B.

Update the password length policy In the IAM configuration.

C.

Enforce an IAM policy In Amazon Cognito and IAM IAM with a minimum password length condition.

D.

Update the password length policy in the Amazon Cognito configuration.

E.

Create an SCP with IAM Organizations that enforces a minimum password length for IAM IAM and Amazon Cognito.

Page: 21 / 44
Total 589 questions
Get SCS-C01 Full Access Download SCS-C01 PDF