SCS-C01 (Page 16)

A company recently began using Amazon Route 53 as its DNS provider.The company must log public DNS queries that Route 53 receives.The company has activated Route 53 public DNS query logging.The queries must be stored in a highly durable storage solution that deletes logs that are older than 1 year.Which solution will meet these requirements MOST cost-effectively?Read More →

A company is migrating its Amazon EC2 based applications to use Instance Metadata Service Version 2 (IMDSv2).A security engineer needs to determine whether any of the EC2 instances are still using Instance Metadata Service Version 1 (IMDSv1).What should the security engineer do to confirm that the IMDSv1 endpoint is no longer being used?Read More →

A company is using an AWS owned CMK in its application to encrypt files in an AWS account.The company’s security team wants to have the ability to change to new key material for new files whenever there is a potential key breach.A security engineer must implement a solution that gives the security team the ability to change the key whenever the team wants to do so.Which solution will meet these requirements?Read More →

A company has several workloads running on AWS.Employees are required to authenticate using on-premises ADFS and SSO to access the AWS ManagementConsole.Developers migrated an existing legacy web application to an Amazon EC2 instance.Employees need to access this application from anywhere on the internet, but currently, there is no authentication system built into the application.How should the Security Engineer implement employee-only access to this system without changing the application?Read More →

A company is hosting a set of application, database, and web server instances in the AWS Cloud.Each set of instances has separate security groups.The company has properly defined the network ACLs.The company discovers an issue with the communication between the application and database instances.Which set of steps should a security engineer take to troubleshoot the issue?Read More →

A Web Administrator for the website example.com has created an Amazon CloudFront distribution for dev.example.com, with a requirement to configure HTTPS using a custom TLS certificate imported to AWS Certificate Manager.Which combination of steps is required to ensure availability of the certificate in the CloudFront console? (Choose two.)Read More →

A company has an encrypted Amazon S3 bucket.An Application Developer has an IAM policy that allows access to the S3 bucket, but the Application Developer is unable to access objects within the bucket.What is a possible cause of the issue?Read More →

A company has an AWS WAF web ACL.According to a new compliance requirement, the company must configure comprehensive logging of all web ACL requests.The company has created an Amazon S3 bucket to store the logs.Which combination of steps should the company take next to meet this requirement? (Choose two.)Read More →

A company in France uses Amazon Cognito with the Cognito Hosted UI as an identity broker for sign-in and sign-up processes.The company is marketing an application and expects that all the application’s users will come from France.When the company launches the application, the company’s security team observes fraudulent sign-ups for the application.Most of the fraudulent registrations are from users outside of France.The security team needs a solution to perform custom validation at sign-up.Based on the results of the validation, the solution must accept or deny the registration request.Which combination of steps will meet these requirements? (Choose two.)Read More →

A company’s policies require that code be validated to ensure that the code has not been altered before invocation.A security engineer needs to update code in an AWS Lambda function.The developer has finalized the code and has stored the code in an Amazon S3 bucket.Which combination of steps should the security engineer take to meet these requirements? (Choose two.)Read More →