By:
On:
In: SCS-C01
With: 0 Comments

A company manages three separate AWS accounts for its production, development, and test environments.Each Developer is assigned a unique IAM user under the development account.A new application hosted on an Amazon EC2 instance in the development account requires read access to the archived documents stored in an Amazon S3 bucket in the production account.How should access be granted?Read More →

By:
On:
In: SCS-C01
With: 0 Comments

A security engineer has noticed an unusually high amount of traffic coming from a single IP address.This was discovered by analyzing the Application LoadBalancer’s access logs.How can the security engineer limit the number of requests from a specific IP address without blocking the IP address?Read More →

By:
On:
In: SCS-C01
With: 0 Comments

A company has a new AWS account that does not have AWS CloudTrail configured.The account has an IAM access key that was issued by AWS Security TokenService (AWS STS).A security engineer discovers that the IAM access key has been compromised within the last 24 hours.The security engineer must stop the compromised IAM access key from being used.The security engineer also must determine which activities the key has been used for so far.What should the security engineer do to meet these requirements?Read More →

By:
On:
In: SCS-C01
With: 0 Comments

A company is using Amazon Route 53 Resolver for its hybrid DNS infrastructure.The company has set up Route 53 Resolver forwarding rules for authoritative domains that are hosted on on-premises DNS servers.A new security mandate requires the company to implement a solution to log and query DNS traffic that goes to the on-premises DNS servers.The logs must show details of the source IP address of the instance from which the query originated.The logs also must show the DNS name that was requested in Route 53 Resolver.Which solution will meet these requirements?Read More →

By:
On:
In: SCS-C01
With: 0 Comments

A company released a new software-as-a-service (SaaS) application that is receiving significant adoption by end users.The rds-storage-encrypted AWS Config managed rule generates an alert that notifies the company’s security team about a resource that is not compliant.The noncompliant resource is an Amazon RDS for MySQL database that was deployed as part of the newly released application.How can the security team resolve the noncompliance with the LEAST disruption of application availability for the end users?Read More →

By:
On:
In: SCS-C01
With: 0 Comments

A company has thousands of AWS Lambda functions.While reviewing the Lambda functions, a security engineer discovers that sensitive information is being stored in environment variables and is viewable as plaintext in the Lambda console.The values of the sensitive information are only a few characters long.What is the MOST cost-effective way to address this security issue?Read More →

By:
On:
In: SCS-C01
With: 0 Comments

A company has an application that uses an Amazon RDS PostgreSQL database.The company is developing an application feature that will store sensitive information for an individual in the database.During a security review of the environment, the company discovers that the RDS DB instance is not encrypting data at rest.The company needs a solution that will provide encryption at rest for all the existing data and for any new data that is entered for an individual.Which combination of options can the company use to meet these requirements? (Choose two.)Read More →