SCS-C01 (Page 30)

A Security Analyst attempted to troubleshoot the monitoring of suspicious security group changes.The Analyst was told that there is an Amazon CloudWatch alarm in place for these AWS CloudTrail log events.The Analyst tested the monitoring setup by making a configuration change to the security group but did not receive any alerts.Which of the following troubleshooting steps should the Analyst perform?Read More →

An application has been built with Amazon EC2 instances that retrieve messages from Amazon SQS.Recently, IAM changes were made and the instances can no longer retrieve messages.What actions should be taken to troubleshoot the issue while maintaining least privilege? (Choose two.)Read More →

A security alert has been raised for an Amazon EC2 instance in a customer account that is exhibiting strange behavior.The Security Engineer must first isolate theEC2 instance and then use tools for further investigation.What should the Security Engineer use to isolate and research this event? (Choose three.)Read More →

A company recently set up Amazon GuardDuty and is receiving a high number of findings from IP addresses within the company.A security engineer has verified that these IP addresses are trusted and allowed.Which combination of steps should the security engineer take to configure GuardDuty so that it does not produce findings for these IP addresses? (Choose two.)Read More →

A company is running batch workloads that use containers on Amazon Elastic Container Service (Amazon ECS).The company needs a secure solution for storing API keys that are required for integration with external services.The company’s security policy states that API keys must not be stored or transmitted in plaintext.The company’s IT team currently rotates the API keys manually.A security engineer must recommend a solution that meets the security requirements and automates the rotation of the API keysWhich solution should the security engineer recommend?Read More →

A security team is working on a solution that will use Amazon EventBridge (Amazon CloudWatch Events) to monitor new Amazon S3 objects.The solution will monitor for public access and for changes to any S3 bucket policy or setting that result in public access.The security team configures EventBridge to watch for specific API calls that are logged from AWS CloudTrail.EventBridge has an action to send an email notification through Amazon Simple Notification Service (Amazon SNS) to the security team immediately with details of the API call.Specifically, the security team wants EventBridge to watch for the s3:PutObjectAcl, s3:DeleteBucketPolicy, and s3:PutBucketPolicy API invocation logs from CloudTrail.While developing the solution in a single account, the security team discovers that the s3:PutObjectAcl API call does not invoke an EventBridge event.However, the s3:DeleteBucketPolicy API call and the s3:PutBucketPolicy API call do invoke an event.The security team has enabled CloudTrail for AWS management events with a basic configuration in the AWS Region in which EventBridge is being tested.Verification of the EventBridge event pattern indicates that the pattern is set up correctly.The security team must implement a solution so that the s3:PutObjectAcl API call will invoke an EventBridge event.The solution must not generate false notifications.Which solution will meet these requirements?Read More →

A company uses Amazon GuardDuty to detect threats and malicious activities in AWS accounts.The company has subscribed to a third-party threat intelligence list uploaded to an Amazon S3 bucket.How should the security engineer efficiently use the threat list across all company AWS accounts?Read More →

A company’s engineering team is developing a new application that creates AWS Key Management Service (AWS KMS) CMK grants for users.Immediately after a grant is created, users must be able to use the CMK to encrypt a 512-byte payload.During load testing, a bug appears intermittently whereAccessDeniedExceptions are occasionally triggered when a user first attempts to encrypt using the CMK.Which solution should the company’s security specialist recommend?Read More →

A company uses AWS Organizations to manage a small number of AWS accounts.However, the company plans to add 1,000 more accounts soon.The company allows only a centralized security team to create IAM roles for all AWS accounts and teams.Application teams submit requests for IAM roles to the security team.The security team has a backlog of IAM role requests and cannot review and provision the IAM roles quickly.The security team must create a process that will allow application teams to provision their own IAM roles.The process must also limit the scope of IAM roles and prevent privilege escalation.Which solution will meet these requirements with the LEAST operational overhead?Read More →

A company wants to gain better control of its large number of AWS accounts by establishing a centralized location where the accounts can be managed.The company also wants to prevent any users outside the company-owned AWS accounts from accessing a company Amazon S3 bucket.Which solution meets these requirements with the LEAST amount of operational overhead?Read More →