SCS-C01 (Page 12)

A company has implemented AWS WAF and Amazon CloudFront for an application.The application runs on Amazon EC2 instances that are part of an AutoScaling group.The Auto Scaling group is behind an Application Load Balancer (ALB).The AWS WAF web ACL uses an AWS Managed Rules rule group and is associated with the CloudFront distribution.CloudFront receives the request from AWSWAF and the uses the ALB as the distribution’s origin.During a security review, a security engineer discovers that the infrastructure is susceptible to a large, layer 7 DDoS attack.How can the security engineer improve the security at the edge of the solution to defend against this type of attack?Read More →

The security engineer implemented a new vault stock policy for 10TB of data and called initiate-vault-lock 12 hours ago.The audit team identified a typo that is allowing incorrect access to the vault.What is the MOST cost-effective way to correct this?Read More →

A company’s on-premises networks are connected to VPCs using an AWS Direct Connect gateway.The company’s on-premises application needs to stream data using an existing Amazon Kinesis Data Firehose delivery stream.The company’s security policy requires that data be encrypted in transit using a private network.How should the company meet these requirements?Read More →

Authorized Administrators are unable to connect to an Amazon EC2 Linux bastion host using SSH over the Internet.The connection either fails to respond or generates the following error message:Network error: Connection timed out.What could be responsible for the connection failure? (Choose three.)Read More →

A Security Engineer has launched multiple Amazon EC2 instances from a private AMI using an AWS CloudFormation template.The Engineer notices instances terminating right after they are launched.What could be causing these terminations?Read More →

A company’s architecture requires that its three Amazon EC2 instances run behind an Application Load Balancer (ALB).The EC2 instances transmit sensitive data between each other.Developers use SSL certificates to encrypt the traffic between the public users and the ALB.However, the Developers are unsure of how to encrypt the data in transit between the ALB and the EC2 instances and the traffic between the EC2 instances.Which combination of activities must the company implement to meet its encryption requirements? (Choose two.)Read More →

A company needs a forensic-logging solution for hundreds of applications running in Docker on Amazon EC2.The solution must perform real-time analytics on the logs, must support the replay of messages, and must persist the logs.Which AWS services should be used to meet these requirements? (Choose two.)Read More →

A Security Engineer is asked to update an AWS CloudTrail log file prefix for an existing trail.When attempting to save the change in the CloudTrail console, theSecurity Engineer receives the following error message: `There is a problem with the bucket policy.`What will enable the Security Engineer to save the change?Read More →

A company recently performed an annual security assessment of its AWS environment.The assessment showed the audit logs are not available beyond 90 days and that unauthorized changes to IAM policies are made without detection.How should a Security Engineer resolve these issues?Read More →

A company uses Microsoft Active Directory for access management for on-premises resources, and wants to use the same mechanism for accessing its AWS accounts.Additionally, the Development team plans to launch a public-facing application for which they need a separate authentication solution.Which combination of the following would satisfy these requirements? (Choose two.)Read More →