Amazon Web Services Related Exams
SCS-C02 Exam
Key domains include:
Incident Response
Logging and Monitoring
Infrastructure Security
Identity and Access Management
Data Protection
Secure Design and Implementation
The SCS-C02 certification is all about protecting AWS environments—think encryption, access control, threat detection, and compliance. On the other hand, the ANS-C01 certification dives deep into network architecture—including hybrid setups, routing protocols, and secure connectivity.
A company has AWS accounts that are in an organization in AWS Organizations. An Amazon S3 bucket in one of the accounts is publicly accessible.
A security engineer must change the configuration so that the S3 bucket is no longer publicly accessible. The security engineer also must ensure that the S3 bucket cannot be made publicly accessible in the future.
Which solution will meet these requirements?
A company has an application on Amazon EC2 instances that store confidential customer data. The company must restrict access to customer data. A security engineer requires secure access to the instances that host the application. According to company policy, users must not open any inbound ports, maintain bastion hosts, or manage SSH keys for the EC2 instances.
The security engineer wants lo monitor, store, and access all session activity logs. The logs must be encrypted.
Which solution will meet these requirements?
A company has an AWS Key Management Service (AWS KMS) customer managed key with imported key material Company policy requires all encryption keys to be rotated every year
What should a security engineer do to meet this requirement for this customer managed key?