ExamGecko
Home / Amazon / SCS-C01 / List of questions
Ask Question

Amazon SCS-C01 Practice Test - Questions Answers, Page 46

List of questions

Question 451

Report
Export
Collapse

A company wants to deploy a distributed web application on a fleet of EC2 instances. The fleet will be fronted by a Classic Load Balancer that will be configured to terminate the TLS connection The company wants to make sure that all past and current TLS traffic to the Classic Load Balancer stays secure even if the certificate private key is leaked. To ensure the company meets these requirements, a Security Engineer can configure a Classic Load Balancer with:

Become a Premium Member for full access
  Unlock Premium Member

Question 452

Report
Export
Collapse

A company has two AW5 accounts within AWS Organizations. In Account-1. Amazon EC2 Auto Scaling is launched using a service-linked role. In Account-2. Amazon EBS volumes are encrypted with an AWS KMS key A Security Engineer needs to ensure that the service-linked role can launch instances with these encrypted volumes Which combination of steps should the Security Engineer take in both accounts? (Select TWO.)

Become a Premium Member for full access
  Unlock Premium Member

Question 453

Report
Export
Collapse

During a manual review of system logs from an Amazon Linux EC2 instance, a Security Engineer noticed that there are sudo commands that were never properly alerted or reported on the Amazon CloudWatch Logs agent Why were there no alerts on the sudo commands?

Become a Premium Member for full access
  Unlock Premium Member

Question 454

Report
Export
Collapse

A large corporation is creating a multi-account strategy and needs to determine how its employees should access the AWS infrastructure. Which of the following solutions would provide the MOST scalable solution?

Become a Premium Member for full access
  Unlock Premium Member

Question 455

Report
Export
Collapse

An Incident Response team is investigating an AWS access key leak that resulted in Amazon EC2 instances being launched. The company did not discover the incident until many months later The Director of Information Security wants to implement new controls that will alert when similar incidents happen in the future Which controls should the company implement to achieve this? {Select TWO.)

Become a Premium Member for full access
  Unlock Premium Member

Question 456

Report
Export
Collapse

A company's Security Engineer is copying all application logs to centralized Amazon S3 buckets.

Currently, each of the company's applications is in its own AWS account, and logs are pushed into S3 buckets associated with each account. The Engineer will deploy an AWS Lambda function into each account that copies the relevant log files to the centralized S3 bucket.

The Security Engineer is unable to access the log files in the centralized S3 bucket. The Engineer's IAM user policy from the centralized account looks like this:

Amazon SCS-C01 image Question 456 7574 09162024005924000000

The centralized S3 bucket policy looks like this:

Amazon SCS-C01 image Question 456 7574 09162024005924000000

Why is the Security Engineer unable to access the log files?

Become a Premium Member for full access
  Unlock Premium Member

Question 457

Report
Export
Collapse

Example.com is hosted on Amazon EC2 instances behind an Application Load Balancer (ALB). Thirdparty host intrusion detection system (HIDS) agents that capture the traffic of the EC2 instance are running on each host. The company must ensure they are using privacy enhancing technologies for users, without losing the assurance the third-party solution offers. What is the MOST secure way to meet these requirements?

Become a Premium Member for full access
  Unlock Premium Member

Question 458

Report
Export
Collapse

A company's Chief Security Officer has requested that a Security Analyst review and improve the security posture of each company AWS account The Security Analyst decides to do this by Improving AWS account root user security. Which actions should the Security Analyst take to meet these requirements? (Select THREE.)

Become a Premium Member for full access
  Unlock Premium Member

Question 459

Report
Export
Collapse

A Security Architect has been asked to review an existing security architecture and identify why the application servers cannot successfully initiate a connection to the database servers. The following summary describes the architecture:

1 An Application Load Balancer, an internet gateway, and a NAT gateway are configured in the public subnet 2. Database, application, and web servers are configured on three different private subnets. 3 The VPC has two route tables: one for the public subnet and one for all other subnets The route table for the public subnet has a 0 0 0 0/0 route to the internet gateway The route table for all other subnets has a 0 0.0.0/0 route to the NAT gateway. All private subnets can route to each other 4 Each subnet has a network ACL implemented that limits all inbound and outbound connectivity to only the required ports and protocols 5 There are 3 Security Groups (SGs) database application and web Each group limits all inbound and outbound connectivity to the minimum required Which of the following accurately reflects the access control mechanisms the Architect should verify1?

Become a Premium Member for full access
  Unlock Premium Member

Question 460

Report
Export
Collapse

A Security Engineer receives alerts that an Amazon EC2 instance on a public subnet is under an SFTP brute force attack from a specific IP address, which is a known malicious bot. What should the Security Engineer do to block the malicious bot?

Become a Premium Member for full access
  Unlock Premium Member
Total 590 questions
Go to page: of 59
Search

Related questions