SCS-C01 (Page 19)

A company is using an organization in AWS Organizations that contains 100 accounts.The company has configured trusted access for Amazon GuardDuty to AWS Organizations within the management account.The company has designated a member account to be the GuardDuty administrator for the organization.GuardDuty is working properly and reports findings for the organization in the GaurdDuty console.The company wants a SecOps team to receive real-time email alerts from any GuardDuty finding within the organization that is high severity according the GuardDuty severity levels.Which solution will meet these requirements?Read More →

A security engineer has been tasked with implementing a solution that allows the company’s development team to have interactive command line access toAmazon EC2 Linux instances using the AWS Management Console.Which steps should the security engineer take to satisfy this requirement maintaining least privilege?Read More →

A company needs its Amazon Elastic Block Store (Amazon EBS) volumes to be encrypted at all times.During a security incident, EBS snapshots of suspicious instances are shared to a forensics account for analysis.A security engineer attempting to share a suspicious EBS snapshot to the forensics account receives the following error:`Unable to share snapshot.An error occurred (OperationNotPermitted) when calling the ModifySnapshotAttribute operation: Encrypted snapshots with EBS default key cannot be shared`Which combination of steps should the security engineer take in the incident account to complete the sharing operation? (Choose three.)Read More →

A company needs its Amazon Elastic Block Store (Amazon EBS) volumes to be encrypted at all times.During a security incident, a security engineer attempts to share a snapshot of a suspicious EBS volume to the company’s forensics account for analysis.The security engineer receives the following error:”Unable to share snapshot: An error occurred (OperationNotPermitted) when calling the ModifySnapshotAttribute operation: Encrypted snapshots with EBS default key cannot be shared.”Which combination of steps should the security engineer take in the incident account to complete the sharing operation? (Choose three.)Read More →

A company has a large number of Amazon S3 buckets and a large number of objects in each S3 bucket.The company’s security team wants to analyze the access patterns for the objects and buckets.These patterns include the most frequently accessed buckets and objects, the largest 100 objects downloaded, and the objects with the longest download time from public IP addresses.The security team wants to view this information in a dashboard that is based on predetermined simple SQL queries.Which combination of AWS services and features should a security engineer use to provide and display the information to the security team? (Choose three.)Read More →

A Security Engineer is defining the logging solution for a newly developed product.Systems Administrators and Developers need to have appropriate access to event log files in AWS CloudTrail to support and troubleshoot the product.Which combination of controls should be used to protect against tampering with and unauthorized access to log files? (Choose two.)Read More →

A Security Architect is evaluating managed solutions for storage of encryption keys.The requirements are:-Storage is accessible by using only VPCs.-Service has tamper-evident controls.-Access logging is enabled.-Storage has high availability.Which of the following services meets these requirements?Read More →

In response to the past DDoS attack experiences, a Security Engineer has set up an Amazon CloudFront distribution for an Amazon S3 bucket.There is concern that some users may bypass the CloudFront distribution and access the S3 bucket directly.What must be done to prevent users from accessing the S3 objects directly by using URLs?Read More →

A security engineer is attempting to push a Linux-based container image to an Amazon Elastic Container Registry (Amazon ECR) repository that is in the us-east-1 Region.The security engineer has retrieved an authentication token by using the aws ecr get-login-password AWS CLI command within the last 4 hours.The security engineer has confirmed that the correct permissions are in place to push the container image to the repository.When the security engineer tries to push the container image, the security engineer receives the following error: “no basic auth credentials”.What should the security engineer do to resolve this error?Read More →

A pharmaceutical company has digitized versions of historical prescriptions stored on premises.The company would like to move these prescriptions to AWS and perform analytics on the data in them.Any operation with this data requires that the data be encrypted in transit and at rest.Which application flow would meet the data protection requirements on AWS?Read More →