Last Update 21 hours ago Total Questions : 231
The AWS Certified Security – Specialty content is now fully updated, with all current exam questions added 21 hours ago. Deciding to include SCS-C03 practice exam questions in your study plan goes far beyond basic test preparation.
You'll find that our SCS-C03 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these SCS-C03 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any AWS Certified Security – Specialty practice test comfortably within the allotted time.
A company is running a new workload across accounts that are in an organization in AWS Organizations. All running resources must have a tag ofCostCenter, and the tag must have one of three approved values. The company must enforce this policy and must prevent any changes of the CostCenter tag to a non-approved value.
Which solution will meet these requirements?
A company ' s security team wants to receive email notification from AWS about any abuse reports regarding DoS attacks. A security engineer needs to implement a solution that will provide a near-real-time alert for any abuse reports that AWS sends for the account. The security engineer already has created an Amazon Simple Notification Service (Amazon SNS) topic and has subscribed the security team ' s email address to the topic.
What should the security engineer do next to meet these requirements?
A company is developing an application that runs across a combination of Amazon EC2 On-Demand Instances and Spot Instances. A security engineer needs to provide a logging solution that makes logs for all instances available from a single location. The solution must allow only a specific set of users to analyze the logs for event patterns. The users must be able to use SQL queries on the logs to perform root cause analysis.
Which solution will meet these requirements?
A security engineer needs to prepare Amazon EC2 instances for quarantine during a security incident. AWS Systems Manager Agent (SSM Agent) is installed, and a script exists to install and update forensic tools.
Which solution will quarantine EC2 instances during a security incident?
A company uses an incident response team to troubleshoot incidents. The incident response team must use temporary credentials from AWS STS for cross-account IAM role access when troubleshooting. Occasionally, each team member will need to respond to multiple different types of incidents simultaneously. Based on the type of incident, the company wants to dynamically assign minimal permissions to whichever team member responds.
Which solution will meet these requirements?
A company recently experienced a malicious attack on its cloud-based environment. The company successfully contained and eradicated the attack. A security engineer is performing incident response work. The security engineer needs to recover an Amazon RDS database cluster to the last known good version. The database cluster is configured to generate automated backups with a retention period of 14 days. The initial attack occurred 5 days ago at exactly 3:15 PM.
Which solution will meet this requirement?
A security engineer needs to implement a logging solution that captures detailed information about objects in an Amazon S3 bucket. The solution must include details such as the IAM identity that makes the request and the time the object was accessed. The data must be structured and available in near real time.
Which solution meets these requirements?
A security engineer is asked to update an AWS CloudTrail log file prefix for an existing trail. When attempting to save the change in the CloudTrail console, the security engineer receives the following error message: “There is a problem with the bucket policy.”
What will enable the security engineer to save the change?
A company has a web application that reads from and writes to an Amazon S3 bucket. The company needs to authenticate all S3 API calls with AWS credentials.
Which solution will provide the application with AWS credentials?
A company needs to develop a code-signing application that will use a certificate authority (CA) to sign a code-signing certificate. The solution must use an AWS KMS asymmetric key. The solution needs to collect and store immutable evidence about the creation, origin, and use of the KMS key for compliance purposes. This information must be made available to internal auditors.
Which solution meets these requirements?
