CertsTopics Logo

Winter Sale - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Amazon Web Services SCS-C02 Exam With Confidence Using Practice Dumps

Exam Code:
SCS-C02
Exam Name:
AWS Certified Security - Specialty
Certification:
AWS Certified Specialty
Vendor:
Amazon Web Services
Questions:
467
Last Updated:
Feb 4, 2026
Exam Status:
Stable
Amazon Web Services SCS-C02

SCS-C02: AWS Certified Specialty Exam 2025 Study Guide Pdf and Test Engine

Are you worried about passing the Amazon Web Services SCS-C02 (AWS Certified Security - Specialty) exam? Download the most recent Amazon Web Services SCS-C02 braindumps with answers that are 100% real. After downloading the Amazon Web Services SCS-C02 exam dumps training , you can receive 99 days of free updates, making this website one of the best options to save additional money. In order to help you prepare for the Amazon Web Services SCS-C02 exam questions and verified answers by IT certified experts, CertsTopics has put together a complete collection of dumps questions and answers. To help you prepare and pass the Amazon Web Services SCS-C02 exam on your first attempt, we have compiled actual exam questions and their answers. 

Our (AWS Certified Security - Specialty) Study Materials are designed to meet the needs of thousands of candidates globally. A free sample of the CompTIA SCS-C02 test is available at CertsTopics. Before purchasing it, you can also see the Amazon Web Services SCS-C02 practice exam demo.

Get SCS-C02 Full Access

Related Amazon Web Services Exams

AWS Certified Security - Specialty Questions and Answers

Get Free SCS-C02 Questions and Answers
Question 1

A security engineer is investigating a malware infection that has spread across a set of Amazon EC2 instances. A key indicator of the compromise is outbound traffic on TCP port 2905 to a set of command and control hosts on the internet.

The security engineer creates a network ACL rule that denies the identified outbound traffic. The security engineer applies the network ACL rule to the subnet of the EC2 instances. The security engineer must identify any EC2 instances that are trying to communtcate on TCP port 2905.

Which solution will identify the affected EC2 instances with the LEAST operational effort?

Options:

A.

Create a Network Access Scope in Amazon VPC Network Access Analyzer. Use the Network Access Scope to identify EC2 instances that try to send traffic to TCP port 2905.

B.

Enable VPC flow logs for the VPC where the affected EC2 instances are located Configure the flow logs to capture rejected traffic. In the flow logs, search for REJECT records that have a destination TCP port of 2905.

C.

Enable Amazon GuardDuty Create a custom GuardDuty IP list to create a finding when an EC2 instance tries to communicate with one of the command and control hosts. Use Amazon Detective to identify the EC2 instances that initiate the communication.

D.

Create a firewall in AWS Network Firewall. Attach the firewall to the subnet of the EC2 instances. Create a custom rule to identify and log traffic from the firewall on TCP port 2905. Create an Amazon CloudWatch Logs metric filter to identify firewall logs that reference traffic on TCP port 2905.

Buy Now
Question 2

A company uses AWS Lambda as part of an online game. The company needs to scan all existing and new Lambda functions for code vulnerabilities.

Which solution will meet these requirements?

Options:

A.

Copy all the Lambda code into Amazon S3. Use Amazon Macie to scan the code.

B.

Enable Amazon Inspector. Activate Lambda standard scanning and Lambda code scanning in Amazon Inspector.

C.

Enable Amazon GuardDuty and AWS Security Hub. Review the findings in Security Hub that are labeled as critical.

D.

Enable Amazon GuardDuty. Enable Lambda Protection in GuardDuty.

Question 3

A company has several workloads running on AWS. Employees are required to authenticate using on-premises ADFS and SSO to access the AWS Management

Console. Developers migrated an existing legacy web application to an Amazon EC2 instance. Employees need to access this application from anywhere on the internet, but currently, there is no authentication system built into the application.

How should the Security Engineer implement employee-only access to this system without changing the application?

Options:

A.

Place the application behind an Application Load Balancer (ALB). Use Amazon Cognito as authentication for the ALB. Define a SAML-based Amazon Cognito user pool and connect it to ADFS.

B.

Implement AWS SSO in the master account and link it to ADFS as an identity provider. Define the EC2 instance as a managed resource, then apply an IAM policy on the resource.

C.

Define an Amazon Cognito identity pool, then install the connector on the Active Directory server. Use the Amazon Cognito SDK on the application instance to authenticate the employees using their Active Directory user names and passwords.

D.

Create an AWS Lambda custom authorizer as the authenticator for a reverse proxy on Amazon EC2. Ensure the security group on Amazon EC2 only allows access from the Lambda function.

Get Free SCS-C02 Questions and Answers