By:
On:
In: SCS-C01
With: 0 Comments

A company uses AWS Organizations to manage 20 AWS accounts.The company has a new requirement to enforce IAM access key rotation every 90 days.Currently, the company uses the access keys to connect to Amazon EC2 instances.The company uses the organization’s management account to manage the IAM users of all the accounts.A security administrator needs to develop a solution for the key rotation.Which solution will meet these requirements?Read More →

By:
On:
In: SCS-C01
With: 0 Comments

A company uses Amazon Route 53 to create a public DNS zone for the domain example.com in Account A.The company creates another public DNS zone for the subdomain dev.example.com in Account B.A security engineer creates a wildcard certificate (*.dev.example.com) with DNS validation by using AWS Certificate Manager (ACM).The security engineer validates that the corresponding CNAME records have been created in the zone for dev.example.com in Account B.After all these operations are completed, the certificate status is still pending validation.What should the security engineer do to resolve this issue?Read More →

By:
On:
In: SCS-C01
With: 0 Comments

A company needs to implement DNS Security Extensions (DNSSEC) for a specific subdomain.The subdomain is already registered with Amazon Route 53.A security engineer has enabled DNSSEC signing and has created a key-signing key (KSK).When the security engineer tries to test the configuration, the security engineer receives an error for a broken trust chain.What should the security engineer do to resolve this error?Read More →

By:
On:
In: SCS-C01
With: 0 Comments

A company has decided to use AWS Key Management Service (AWS KMS) for all of its encryption keys.The company plans to create all of its keys as customer managed CMKs and will not import any encryption keys.The company must rotate its encryption keys once every 12 months.Which solution will meet these requirements?Read More →

By:
On:
In: SCS-C01
With: 0 Comments

A company uses SAML federation with AWS Identity and Access Management (IAM) to provide internal users with SSO for their AWS accounts.The company’s identity provider certificate was rotated as part of its normal lifecycle.Shortly after, users started receiving the following error when attempting to log in:”Error: Response Signature Invalid (Service: AWSSecurityTokenService; Status Code: 400; Error Code: InvalidIdentityToken)”A security engineer needs to address the immediate issue and ensure that it will not occur again.Which combination of steps should the security engineer take to accomplish this? (Choose two.)Read More →

By:
On:
In: SCS-C01
With: 0 Comments

A company has hundreds of AWS accounts, and a centralized Amazon S3 bucket used to collect AWS CloudTrail logs for all of these accounts.A SecurityEngineer wants to create a solution that will enable the company to run ad hoc queries against its CloudTrail logs dating back 3 years from when the trails were first enabled in the company’s AWS account.How should the company accomplish this with the least amount of administrative overhead?Read More →

By:
On:
In: SCS-C01
With: 0 Comments

A DevOps team is planning to deploy a containerized application on Amazon Elastic Container Service (Amazon ECS).The team will use an Application Load Balancer (ALB) to distribute the incoming traffic for the ECS application.A security engineer needs to terminate the TLS traffic at the ALB to ensure security of data in transit.Which solutions can the security engineer use to create a certificate and deploy the certificate at the ALB to meet these requirements? (Choose two.)Read More →