SCS-C01 Exam Results

You can actually use a Deny condition which will not allow the person to log in from outside. The below example shows the Deny condition to ensure that any address specified in the source address is not allowed to access the resources in IAM.

Option A is invalid because you don't mention the security group in the IAM policy

Option C is invalid because security groups by default don't allow traffic

Option D is invalid because the IAM policy does not have such an option

For more information on IAM policy conditions, please visit the URL:

pol

examples.htm l#iam-policy-example-ec2-two-condition!

The correct answer is: Create an IAM policy with a condition which denies access when the IP address range is not from the organization

Submit your Feedback/Queries to our Experts

By default, keys created in KMS are created with the default key policy. When features are added to KMS, you need to explii update the default key policy for these keys.

Option B,C and D are invalid because the key policy is the main entity used to provide access to the keys

For more information on upgrading key policies please visit the following URL:

(

The correct answer is: You have not explicitly given access via the key policy Submit your Feedback/Queries to our Experts

Given the current requirements, assume the method of "least privilege" security design and only allow the auditor access to the minimum amount of IAM resources as possibli

IAM CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your IAM account. With CloudTrail, you can log, continuously monitor, and retain events related to API calls across your IAM infrastructure. CloudTrail provides a history of IAM API calls for your account including API calls made through the IAM Management Console, IAM SDKs, command line tools, and other IAM services. This history simplifies security analysis, resource change tracking, and troubleshooting

only be granted access in one location

Option Option A is incorrect since the auditor should B is incorrect since consolidated billing is not a key requirement as part of the question

Option C is incorrect since there is not consolidated logging

For more information on Cloudtrail please refer to the below URL:

(

The correct answer is: Configure the CloudTrail service in each IAM account and have the logs delivered to a single IAM bud in the primary account and grant the auditor access to that single bucket in the primary account.

Submit your Feedback/Queries to our Experts

If you continue to use the root user credentials, we recommend that you follow the security best practice to enable multi-factor authentication (MFA) for your account. Because your root user can perform sensitive operations in your account, adding an additional layer of authentication helps you to better secure your account. Multiple types of MFA are available.