ExamGecko
Home / Amazon / SCS-C02 / List of questions
Ask Question

Amazon SCS-C02 Practice Test - Questions Answers, Page 9

Add to Whishlist

List of questions

Question 81

Report Export Collapse

A developer at a company uses an SSH key to access multiple Amazon EC2 instances. The company discovers that the SSH key has been posted on a public GitHub repository. A security engineer verifies that the key has not been used recently.

How should the security engineer prevent unauthorized access to the EC2 instances?

Become a Premium Member for full access
  Unlock Premium Member

Question 82

Report Export Collapse

A company uses an external identity provider to allow federation into different IAM accounts. A security engineer for the company needs to identify the federated user that terminated a production Amazon EC2 instance a week ago.

What is the FASTEST way for the security engineer to identify the federated user?

Become a Premium Member for full access
  Unlock Premium Member

Question 83

Report Export Collapse

An audit determined that a company's Amazon EC2 instance security group violated company policy by allowing unrestricted incoming SSH traffic. A security engineer must implement a near-real-time monitoring and alerting solution that will notify administrators of such violations.

Which solution meets these requirements with the MOST operational efficiency?

Become a Premium Member for full access
  Unlock Premium Member

Question 84

Report Export Collapse

A company manages multiple IAM accounts using IAM Organizations. The company's security team notices that some member accounts are not sending IAM CloudTrail logs to a centralized Amazon S3 logging bucket. The security team wants to ensure there is at least one trail configured (or all existing accounts and for any account that is created in the future.

Which set of actions should the security team implement to accomplish this?

Become a Premium Member for full access
  Unlock Premium Member

Question 85

Report Export Collapse

A company's cloud operations team is responsible for building effective security for IAM cross-account access. The team asks a security engineer to help troubleshoot why some developers in the developer account (123456789012) in the developers group are not able to assume a cross-account role (ReadS3) into a production account (999999999999) to read the contents of an Amazon S3 bucket (productionapp). The two account policies are as follows:

Amazon SCS-C02 image Question 85 7793 09162024005941000000

Which recommendations should the security engineer make to resolve this issue? (Select TWO.)

Become a Premium Member for full access
  Unlock Premium Member

Question 86

Report Export Collapse

A company is using IAM Organizations to develop a multi-account secure networking strategy. The company plans to use separate centrally managed accounts for shared services, auditing, and security inspection. The company plans to provide dozens of additional accounts to application owners for production and development environments.

Company security policy requires that all internet traffic be routed through a centrally managed security inspection layer in the security inspection account. A security engineer must recommend a solution that minimizes administrative overhead and complexity.

Which solution meets these requirements?

Become a Premium Member for full access
  Unlock Premium Member

Question 87

Report Export Collapse

A company plans to create individual child accounts within an existing organization in IAM Organizations for each of its DevOps teams. IAM CloudTrail has been enabled and configured on all accounts to write audit logs to an Amazon S3 bucket in a centralized IAM account. A security engineer needs to ensure that DevOps team members are unable to modify or disable this configuration.

How can the security engineer meet these requirements?

Become a Premium Member for full access
  Unlock Premium Member

Question 88

Report Export Collapse

A company uses Amazon RDS for MySQL as a database engine for its applications. A recent security audit revealed an RDS instance that is not compliant with company policy for encrypting data at rest. A security engineer at the company needs to ensure that all existing RDS databases are encrypted using server-side encryption and that any future deviations from the policy are detected.

Which combination of steps should the security engineer take to accomplish this? (Select TWO.)

Become a Premium Member for full access
  Unlock Premium Member

Question 89

Report Export Collapse

A company is running an application in The eu-west-1 Region. The application uses an IAM Key Management Service (IAM KMS) CMK to encrypt sensitive dat

a. The company plans to deploy the application in the eu-north-1 Region.

A security engineer needs to implement a key management solution for the application deployment in the new Region. The security engineer must minimize changes to the application code.

Which change should the security engineer make to the IAM KMS configuration to meet these requirements?

Become a Premium Member for full access
  Unlock Premium Member

Question 90

Report Export Collapse

A development team is using an IAM Key Management Service (IAM KMS) CMK to try to encrypt and decrypt a secure string parameter from IAM Systems Manager Parameter Store. However, the development team receives an error message on each attempt.

Which issues that are related to the CMK could be reasons for the error? (Select TWO.)

Become a Premium Member for full access
  Unlock Premium Member
Total 372 questions
Go to page: of 38
Search

Related questions