CertsTopics Logo

New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

AWS Certified Specialty SCS-C01 Updated Exam

Page: 43 / 44
Total 589 questions
Get SCS-C01 Full Access Download SCS-C01 PDF

AWS Certified Security - Specialty Questions and Answers

Question 169

An IAM account includes two S3 buckets: bucket1 and bucket2. The bucket2 does not have a policy defined, but bucket1 has the following bucket policy:

In addition, the same account has an IAM User named “alice”, with the following IAM policy.

Which buckets can user “alice” access?

Options:

A.

Bucket1 only

B.

Bucket2 only

C.

Both bucket1 and bucket2

D.

Neither bucket1 nor bucket2

Question 170

An IAM Lambda function was misused to alter data, and a Security Engineer must identify who invoked the function and what output was produced. The Engineer cannot find any logs created by the Lambda function in Amazon CloudWatch Logs.

Which of the following explains why the logs are not available?

Options:

A.

The execution role for the Lambda function did not grant permissions to write log data to CloudWatch Logs.

B.

The Lambda function was executed by using Amazon API Gateway, so the logs are not stored in CloudWatch Logs.

C.

The execution role for the Lambda function did not grant permissions to write to the Amazon S3 bucket where CloudWatch Logs stores the logs.

D.

The version of the Lambda function that was executed was not current.

Question 171

A Security Engineer received an IAM Abuse Notice listing EC2 instance IDs that are reportedly abusing other hosts.

Which action should the Engineer take based on this situation? (Choose three.)

Options:

A.

Use IAM Artifact to capture an exact image of the state of each instance.

B.

Create EBS Snapshots of each of the volumes attached to the compromised instances.

C.

Capture a memory dump.

D.

Log in to each instance with administrative credentials to restart the instance.

E.

Revoke all network ingress and egress except for to/from a forensics workstation.

F.

Run Auto Recovery for Amazon EC2.

Question 172

A Security Administrator is performing a log analysis as a result of a suspected IAM account compromise. The Administrator wants to analyze suspicious IAM CloudTrail log files but is overwhelmed by the volume of audit logs being generated.

What approach enables the Administrator to search through the logs MOST efficiently?

Options:

A.

Implement a “write-only” CloudTrail event filter to detect any modifications to the IAM account resources.

B.

Configure Amazon Macie to classify and discover sensitive data in the Amazon S3 bucket that contains the CloudTrail audit logs.

C.

Configure Amazon Athena to read from the CloudTrail S3 bucket and query the logs to examine account activities.

D.

Enable Amazon S3 event notifications to trigger an IAM Lambda function that sends an email alarm when there are new CloudTrail API entries.

Page: 43 / 44
Total 589 questions
Get SCS-C01 Full Access Download SCS-C01 PDF