AWS Certified Security Specialty SCS-C01 Part 2 Quiz Format
iam.awslagi2020-09-07T13:24:45+07:00Notes: Hi all, AWS Certified Security Specialty Practice Exam will familiarize you with types of questions you may encounter on the certification exam and help you determine your readiness or if you need more preparation and/or experience. Successful completion of the practice exam does not guarantee you will pass the certification exam as the actual exam is longer and covers a wider range of topics.
We highly recommend you should take AWS Certified Security Specialty Guarantee Part because it include real questions and highlighted answers are collected in our exam. It will help you pass exam in easier way.
For PDF Version:
For Audio Version: https://www.youtube.com/playlist?list=PLRfkgcv2GPKOe327kAiJOGC-3CAFp1T8F
Part 1: https://www.awslagi.com/aws-certified-security-specialty-scs-c01-part-1-quiz
Part 2: https://www.awslagi.com/aws-certified-security-specialty-scs-c01-part-2-quiz
Quiz-summary
0 of 20 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
Information
SCS-C01-21-40
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 20 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- Answered
- Review
- Question 1 of 20
1. Question
An organization has a system in AWS that allows a large number of remote workers to submit data files. File sizes vary from a few kilobytes to several megabytes. A recent audit highlighted a concern that data files are not encrypted while in transit over untrusted networks. Which solution would remediate the audit finding while minimizing the effort required?
CorrectIncorrectHint
Hint Answer: C
- Question 2 of 20
2. Question
Which option for the use of the AWS Key Management Service (KMS) supports key management best practices that focus on minimizing the potential scope of data exposed by a possible future key compromise?
CorrectIncorrectHint
Hint Answer: A
- Question 3 of 20
3. Question
A Software Engineer is trying to figure out why network connectivity to an Amazon EC2 instance does not appear to be working correctly. Its security group allows inbound HTTP traffic from 0.0.0.0/0, and the outbound rules have not been modified from the default. A custom network ACL associated with its subnet allows inbound HTTP traffic from 0.0.0.0/0 and has no outbound rules. What would resolve the connectivity issue?
CorrectIncorrectHint
Hint Answer: C
- Question 4 of 20
4. Question
A company’s database developer has just migrated an Amazon RDS database credential to be stored and managed by AWS Secrets Manager. The developer has also enabled rotation of the credential within the Secrets Manager console and set the rotation to change every 30 days. After a short period of time, a number of existing applications have failed with authentication errors. What is the MOST likely cause of the authentication errors?
CorrectIncorrectHint
Hint Answer: B
- Question 5 of 20
5. Question
A Security Engineer launches two Amazon EC2 instances in the same Amazon VPC but in separate Availability Zones. Each instance has a public IP address and is able to connect to external hosts on the internet. The two instances are able to communicate with each other by using their private IP addresses, but they are not able to communicate with each other when using their public IP addresses. Which action should the Security Engineer take to allow communication over the public IP addresses?
CorrectIncorrectHint
Hint Answer: D
- Question 6 of 20
6. Question
The Security Engineer is managing a web application that processes highly sensitive personal information. The application runs on Amazon EC2. The application has strict compliance requirements, which instruct that all incoming traffic to the application is protected from common web exploits and that all outgoing traffic from the EC2 instances is restricted to specific whitelisted URLs.
Which architecture should the Security Engineer use to meet these requirements?CorrectIncorrectHint
Hint Answer: D
- Question 7 of 20
7. Question
A Security Engineer has been asked to create an automated process to disable IAM user access keys that are more than three months old. Which of the following options should the Security Engineer use?
CorrectIncorrectHint
Hint Answer: C
- Question 8 of 20
8. Question
The Information Technology department has stopped using Classic Load Balancers and switched to Application Load Balancers to save costs. After the switch, some users on older devices are no longer able to connect to the website. What is causing this situation?
CorrectIncorrectHint
Hint Answer: D
- Question 9 of 20
9. Question
A security team is responsible for reviewing AWS API call activity in the cloud environment for security violations. These events must be recorded and retained in a centralized location for both current and future AWS regions. What is the SIMPLEST way to meet these requirements?
CorrectIncorrectHint
Hint Answer: C
- Question 10 of 20
10. Question
A Security Administrator is performing a log analysis as a result of a suspected AWS account compromise. The Administrator wants to analyze suspicious AWS CloudTrail log files but is overwhelmed by the volume of audit logs being generated. What approach enables the Administrator to search through the logs MOST efficiently?
CorrectIncorrectHint
Hint Answer: C
- Question 11 of 20
11. Question
During a recent security audit, it was discovered that multiple teams in a large organization have placed restricted data in multiple Amazon S3 buckets, and the data may have been exposed. The auditor has requested that the organization identify all possible objects that contain personally identifiable information (PII) and then determine whether this information has been accessed. What solution will allow the Security team to complete this request?
CorrectIncorrectHint
Hint Answer: B
- Question 12 of 20
12. Question
During a recent internal investigation, it was discovered that all API logging was disabled in a production account, and the root user had created new API keys that appear to have been used several times. What could have been done to detect and automatically remediate the incident?
CorrectIncorrect - Question 13 of 20
13. Question
An application has a requirement to be resilient across not only Availability Zones within the application’s primary region but also be available within another region altogether. Which of the following supports this requirement for AWS resources that are encrypted by AWS KMS?
CorrectIncorrectHint
Hint Answer: C
- Question 14 of 20
14. Question
An organization policy states that all encryption keys must be automatically rotated every 12 months. Which AWS Key Management Service (KMS) key type should be used to meet this requirement?
CorrectIncorrectHint
Hint Answer: B
- Question 15 of 20
15. Question
A Security Engineer received an AWS Abuse Notice listing EC2 instance IDs that are reportedly abusing other hosts. Which action should the Engineer take based on this situation? (Choose three.)
CorrectIncorrectHint
Hint Answer: B C E
- Question 16 of 20
16. Question
A Security Administrator is configuring an Amazon S3 bucket and must meet the following security requirements:
Encryption in transit
Encryption at rest
Logging of all object retrievals in AWS CloudTrail
Which of the following meet these security requirements? (Choose three.)CorrectIncorrectHint
Hint Answer: A C E
- Question 17 of 20
17. Question
The InfoSec team has mandated that in the future only approved Amazon Machine Images (AMIs) can be used. How can the InfoSec team ensure compliance with this mandate?
CorrectIncorrectHint
Hint Answer: C
- Question 18 of 20
18. Question
A company uses AWS Organization to manage 50 AWS accounts. The finance staff members log in as AWS IAM users in the FinanceDept AWS account. The staff members need to read the consolidated billing information in the MasterPayer AWS account. They should not be able to view any other resources in the MasterPayer AWS account. IAM access to billing has been enabled in the MasterPayer account.
Which of the following approaches grants the finance staff the permissions they require without granting any unnecessary permissions?CorrectIncorrect - Question 19 of 20
19. Question
A Software Engineer wrote a customized reporting service that will run on a fleet of Amazon EC2 instances. The company security policy states that application logs for the reporting service must be centrally collected. What is the MOST efficient way to meet these requirements?
CorrectIncorrect - Question 20 of 20
20. Question
A Security Engineer is trying to determine whether the encryption keys used in an AWS service are in compliance with certain regulatory standards. Which of the following actions should the Engineer perform to get further guidance?
CorrectIncorrectHint
Hint Answer: B
Leave a Reply