Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Note! Following SCS-C01 Exam is Retired now. Please select the alternative replacement for your Exam Certification. The new exam code is SCS-C02

Verified By IT Certified Experts

CertsTopics.com Certified Safe Files

Up-To-Date Exam Study Material

99.5% High Success Pass Rate

100% Accurate Answers

Instant Downloads

Exam Questions And Answers PDF

Try Demo Before You Buy

Certification Exams with Helpful Questions And Answers

AWS Certified Security - Specialty Questions and Answers

Question 1

There are currently multiple applications hosted in a VPC. During monitoring it has been noticed that multiple port scans are coming in from a specific IP Address block. The internal security team has requested that all offending IP Addresses be denied for the next 24 hours. Which of the following is the best method to quickly and temporarily deny access from the specified IP Address's.

Please select:

Options:

A.

Create an AD policy to modify the Windows Firewall settings on all hosts in the VPC to deny access from the IP Address block.

B.

Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP Address block.

C.

Add a rule to all of the VPC Security Groups to deny access from the IP Address block.

D.

Modify the Windows Firewall settings on all AMI'S that your organization uses in that VPC to deny access from the IP address block.

Buy Now
Question 2

A company hosts data in S3. There is now a mandate that going forward all data in the S3 bucket needs to encrypt at rest. How can this be achieved?

Please select:

Options:

A.

Use IAM Access keys to encrypt the data

B.

Use SSL certificates to encrypt the data

C.

Enable server side encryption on the S3 bucket

D.

Enable MFA on the S3 bucket

Question 3

You have just developed a new mobile application that handles analytics workloads on large scale datasets that are stored on Amazon Redshift. Consequently, the application needs to access Amazon Redshift tables. Which of the belov methods would be the best both practically and security-wise, to access the tables? Choose the correct answer from the options below

Please select:

Options:

A.

Create an IAM user and generate encryption keys for that user. Create a policy for Redshift read-only access. Embed th keys in the application.

B.

Create an HSM client certificate in Redshift and authenticate using this certificate.

C.

Create a Redshift read-only access policy in IAM and embed those credentials in the application.

D.

Use roles that allow a web identity federated user to assume a role that allows access to the Redshift table by providing temporary credentials.