Description

SCS-C02

Exam SCS-C02: AWS Certified Security - Specialty

Unlock the Shortcut to Quick Exam Success with SCS-C02 Mock Tests!

Tried and tested by countless students, our SCS-C02 Tests are your express ticket to acing the SCS-C02 exam. Packed with the latest exam questions and answers, these study materials are designed to save you precious time and energy. Say goodbye to the stress of exam preparation and hello to your coveted certification.

Our study materials come in PDF format, featuring a comprehensive collection of exam questions. AWS Certified Security - Specialty. Master these questions, and you're well on your way to passing the exam with flying colors.

DEMO

Question #1

A company has an AWS Lambda function that creates image thumbnails from larger images. The Lambda function needs read and write access to an Amazon S3 bucket in the same AWS account.
Which solutions will provide the Lambda function this access? (Choose two.)

  • A. Create an IAM user that has only programmatic access. Create a new access key pair. Add environmental variables to the Lambda function with the access key ID and secret access key. Modify the Lambda function to use the environmental variables at run time during communication with Amazon S3.
  • B. Generate an Amazon EC2 key pair. Store the private key in AWS Secrets Manager. Modify the Lambda function to retrieve the private key from Secrets Manager and to use the private key during communication with Amazon S3.
  • C. Create an IAM role for the Lambda function. Attach an IAM policy that allows access to the S3 bucket.
  • D. Create an IAM role for the Lambda function. Attach a bucket policy to the S3 bucket to allow access. Specify the function's IAM role as the principal.
  • E. Create a security group. Attach the security group to the Lambda function. Attach a bucket policy that allows access to the S3 bucket through the security group ID.

Answer: CD

Question #2

A security engineer is configuring a new website that is named example.com. The security engineer wants to secure communications with the website by requiring users to connect to example.com through HTTPS.
Which of the following is a valid option for storing SSL/TLS certificates?

  • A. Custom SSL certificate that is stored in AWS Key Management Service (AWS KMS)
  • B. Default SSL certificate that is stored in Amazon CloudFront
  • C. Custom SSL certificate that is stored in AWS Certificate Manager (ACM)
  • D. Default SSL certificate that is stored in Amazon S3

Answer: C

Question #3

A security engineer needs to develop a process to investigate and respond to potential security events on a company's Amazon EC2 instances. All the EC2 instances are backed by Amazon Elastic Block Store (Amazon EBS). The company uses AWS Systems Manager to manage all the EC2 instances and has installed Systems Manager Agent (SSM Agent) on all the EC2 instances.
The process that the security engineer is developing must comply with AWS security best practices and must meet the following requirements:
A compromised EC2 instance's volatile memory and non-volatile memory must be preserved for forensic purposes.
A compromised EC2 instance's metadata must be updated with corresponding incident ticket information.
A compromised EC2 instance must remain online during the investigation but must be isolated to prevent the spread of malware.
Any investigative activity during the collection of volatile data must be captured as part of the process.
Which combination of steps should the security engineer take to meet these requirements with the LEAST operational overhead? (Choose three.)

  • A. Gather any relevant metadata for the compromised EC2 instance. Enable termination protection. Isolate the instance by updating the instance's security groups to restrict access. Detach the instance from any Auto Scaling groups that the instance is a member of. Deregister the instance from any Elastic Load Balancing (ELB) resources.
  • B. Gather any relevant metadata for the compromised EC2 instance. Enable termination protection. Move the instance to an isolation subnet that denies all source and destination traffic. Associate the instance with the subnet to restrict access. Detach the instance from any Auto Scaling groups that the instance is a member of. Deregister the instance from any Elastic Load Balancing (ELB) resources.
  • C. Use Systems Manager Run Command to invoke scripts that collect volatile data.
  • D. Establish a Linux SSH or Windows Remote Desktop Protocol (RDP) session to the compromised EC2 instance to invoke scripts that collect volatile data.
  • E. Create a snapshot of the compromised EC2 instance's EBS volume for follow-up investigations. Tag the instance with any relevant metadata and incident ticket information.

Answer: ACE

Question #4 ... 120

AWS Certified Security - Specialty

Note: The SCS-C02 DEMO includes only a small portion of the actual product content. To access the complete material, please consider purchasing the product. Upon purchase, you'll receive a PDF file containing the entire content.

Additionally, our SCS-C02 brain dumps has been curated to exclude outdated, invalid, and erroneous information, ensuring a more effective learning experience for you.

Feature

Precision

Our main goal is to ensure the accuracy of questions and answers.

Security

Keep your information confidential and never share it with third parties.

Timely

Feel free to contact us via email. Typically, we respond within 2 hours.

For us, the primary focus is on maintaining a very high standard of exam content to ensure that you are optimally prepared on the day of the Amazon SCS-C02 exam. We ensure a thorough review of all exam objectives, so you are prepared for every question in the exam(AWS Certified Security - Specialty). Our practice tests are authored by industry experts in the field who collaborate closely with certification providers to understand exam objectives, participate in beta testing, and personally take the exam before creating new practice tests.