Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Note! Following SCS-C01 Exam is Retired now. Please select the alternative replacement for your Exam Certification. The new exam code is SCS-C02

Verified By IT Certified Experts

CertsTopics.com Certified Safe Files

Up-To-Date Exam Study Material

99.5% High Success Pass Rate

100% Accurate Answers

Instant Downloads

Exam Questions And Answers PDF

Try Demo Before You Buy

Certification Exams with Helpful Questions And Answers

AWS Certified Security - Specialty Questions and Answers

Question 1

A security engineer need to ensure their company’s uses of IAM meets IAM security best practices. As part of this, the IAM account root user must not be used for daily work. The root user must be monitored for use, and the Security team must be alerted as quickly as possible if the root user is used.

Which solution meets these requirements?

Options:

A.

Set up an Amazon CloudWatch Events rule that triggers an Amazon SNS notification.

B.

Set up an Amazon CloudWatch Events rule that triggers an Amazon SNS notification logs from S3 and generate notifications using Amazon SNS.

C.

Set up a rule in IAM config to trigger root user events. Trigger an IAM Lambda function and generate notifications using Amazon SNS.

D.

Use Amazon Inspector to monitor the usage of the root user and generate notifications using Amazon SNS

Buy Now
Question 2

A security engineer recently rotated the host keys for an Amazon EC2 instance. The security engineer is trying to access the EC2 instance by using the EC2 Instance. Connect feature. However, the security engineer receives an error (or failed host key validation. Before the rotation of the host keys EC2 Instance Connect worked correctly with this EC2 instance.

What should the security engineer do to resolve this error?

Options:

A.

Import the key material into AWS Key Management Service (AWS KMS).

B.

Manually upload the new host key to the AWS trusted host keys database.

C.

Ensure that the AmazonSSMManagedInstanceCore policy is attached to the EC2 instance profile.

D.

Create a new SSH key pair for the EC2 instance.

Question 3

A Security Engineer launches two Amazon EC2 instances in the same Amazon VPC but in separate Availability Zones. Each instance has a public IP address and is able to connect to external hosts on the internet. The two instances are able to communicate with each other by using their private IP addresses, but they are not able to communicate with each other when using their public IP addresses.

Which action should the Security Engineer take to allow communication over the public IP addresses?

Options:

A.

Associate the instances to the same security groups.

B.

Add 0.0.0.0/0 to the egress rules of the instance security groups.

C.

Add the instance IDs to the ingress rules of the instance security groups.

D.

Add the public IP addresses to the ingress rules of the instance security groups.