CertsTopics Logo

New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Pass SCS-C01 Exam Guide

Page: 13 / 44
Total 589 questions
Get SCS-C01 Full Access Download SCS-C01 PDF

AWS Certified Security - Specialty Questions and Answers

Question 49

Unapproved changes were previously made to a company's Amazon S3 bucket. A security engineer configured IAM Config to record configuration changes made to the company's S3 buckets. The engineer discovers there are S3 configuration changes being made, but no Amazon SNS notifications are being sent. The engineer has already checked the configuration of the SNS topic and has confirmed the configuration is valid.

Which combination of steps should the security engineer take to resolve the issue? (Select TWO.)

Options:

A.

Configure the S3 bucket ACLs to allow IAM Config to record changes to the buckets.

B.

Configure policies attached to S3 buckets to allow IAM Config to record changes to the buckets.

C.

Attach the AmazonS3ReadOnryAccess managed policy to the IAM user.

D.

Verify the security engineer's IAM user has an attached policy that allows all IAM Config actions.

E.

Assign the IAMConfigRole managed policy to the IAM Config role

Question 50

Authorized Administrators are unable to connect to an Amazon EC2 Linux bastion host using SSH over the internet. The connection either fails to respond or generates the following error message:

Network error: Connection timed out.

What could be responsible for the connection failure? (Select THREE )

Options:

A.

The NAT gateway in the subnet where the EC2 instance is deployed has been misconfigured

B.

The internet gateway of the VPC has been reconfigured

C.

The security group denies outbound traffic on ephemeral ports

D.

The route table is missing a route to the internet gateway

E.

The NACL denies outbound traffic on ephemeral ports

F.

The host-based firewall is denying SSH traffic

Question 51

A company has an encrypted Amazon S3 bucket. An Application Developer has an IAM policy that allows access to the S3 bucket, but the Application Developer is unable to access objects within the bucket.

What is a possible cause of the issue?

Options:

A.

The S3 ACL for the S3 bucket fails to explicitly grant access to the Application Developer

B.

The IAM KMS key for the S3 bucket fails to list the Application Developer as an administrator

C.

The S3 bucket policy fails to explicitly grant access to the Application Developer

D.

The S3 bucket policy explicitly denies access to the Application Developer

Question 52

Users report intermittent availability of a web application hosted on IAM. Monitoring systems report an excess of abnormal network traffic followed by high CPU utilization on the application web tier. Which of the following techniques will improve the availability of the application? (Select TWO.)

Options:

A.

Deploy IAM WAF to block all unsecured web applications from accessing the internet.

B.

Deploy an Intrusion Detection/Prevention System (IDS/IPS) to monitor or block unusual incoming network traffic.

C.

Configure security groups to allow outgoing network traffic only from hosts that are protected with up-to-date antivirus software.

D.

Create Amazon CloudFront distribution and configure IAM WAF rules to protect the web applications from malicious traffic.

E.

Use the default Amazon VPC for externakfacing systems to allow IAM to actively block malicious network traffic affecting Amazon EC2 instances.

Page: 13 / 44
Total 589 questions
Get SCS-C01 Full Access Download SCS-C01 PDF