Which combination of steps should the security engineer take to meet these requirements?

2025-10-02
By:
In: SCS-C01
With: 1 Comment

A security engineer needs to implement an intrusion detection system (IDS) for a shipping company.The findings from the system must generate alerts that can be sent to an email distribution group that the company’s operations team uses.The security engineer must maximize the coverage that the IDS provides.Which combination of steps should the security engineer take to meet these requirements? (Choose two.)Read More →

Which solution will meet these requirements?

2025-10-02
By:
In: SCS-C01
With: 1 Comment

A security engineer is evaluating a company’s use of AWS Key Management Service (AWS KMS).The security engineer must implement a hybrid solution with two sets of keys to meet the following requirements:• Set 1: The company needs granular control over the keys so that the company can maintain a copy of the keys in the key management infrastructure and reimport the keys at any time.The company needs the ability to set the expiration period to 3 days for the keys.• Set 2: No restrictions exist regarding immediate key deletion.A waiting period of 14 days is acceptable for keys to be marked deleted.Which solution will meet these requirements?Read More →

Which solutions will resolve this error?

2025-10-02
By:
In: SCS-C01
With: 1 Comment

A security engineer recently enabled the me-south-1 Region.The security engineer is now assuming an IAM role and is making an API call to an endpoint in me-south-1.The API call returns the following error: “AuthFailure: AWS was not able to validate the provided access credentials”.Which solutions will resolve this error? (Choose two.)Read More →

Which combination of steps should the security engineer take to troubleshoot this issue?

2025-10-02
By:
In: SCS-C01
With: 1 Comment

A company has a group of Amazon EC2 instances in a single private subnet of a VPC with no internet gateway attached.A security engineer has installed the Amazon CloudWatch agent on all instances in that subnet to capture logs from a specific application.To ensure that the logs flow securely, the company’s networking team has created VPC endpoints for CloudWatch monitoring and CloudWatch logs.The networking team has attached the endpoints to the VPC.The application is generating logs.However, when the security engineer queries CloudWatch, the logs do not appear.Which combination of steps should the security engineer take to troubleshoot this issue? (Choose three.)Read More →

What solution should the Engineer use to implement the appropriate access restrictions for the application?

2025-10-02
By:
In: SCS-C01
With: 1 Comment

A Security Engineer for a large company is managing a data processing application used by 1,500 subsidiary companies.The parent and subsidiary companies all use AWS.The application uses TCP port 443 and runs on Amazon EC2 behind a Network Load Balancer (NLB).For compliance reasons, the application should only be accessible to the subsidiaries and should not be available on the public internet.To meet the compliance requirements for restricted access, the Engineer has received the public and private CIDR block ranges for each subsidiary.What solution should the Engineer use to implement the appropriate access restrictions for the application?Read More →

While the code of the containers is being patched, how can Engineers quickly identify all compromised hosts and stop the egress of data on port 5353?

2025-10-02
By:
In: SCS-C01
With: 1 Comment

A Security Engineer discovered a vulnerability in an application running on Amazon ECS.The vulnerability allowed attackers to install malicious code.Analysis of the code shows it exfiltrates data on port 5353 in batches at random time intervals.While the code of the containers is being patched, how can Engineers quickly identify all compromised hosts and stop the egress of data on port 5353?Read More →