CertsTopics Logo

Weekend Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

AWS Certified Specialty Changed SCS-C02 Questions

Page: 5 / 31
Total 417 questions
Get SCS-C02 Full Access Download SCS-C02 PDF

AWS Certified Security - Specialty Questions and Answers

Question 17

A company finds that one of its Amazon EC2 instances suddenly has a high CPU usage. The company does not know whether the EC2 instance is compromised or whether the operating system is performing background cleanup.

Which combination of steps should a security engineer take before investigating the issue? (Select THREE.)

Options:

A.

Disable termination protection for the EC2 instance if termination protection has not been disabled.

B.

Enable termination protection for the EC2 instance if termination protection has not been enabled.

C.

Take snapshots of the Amazon Elastic Block Store (Amazon EBS) data volumes that are attached to theEC2 instance.

D.

Remove all snapshots of the Amazon Elastic Block Store (Amazon EBS) data volumes that are attached to the EC2 instance.

E.

Capture the EC2 instance metadata, and then tag the EC2 instance as under quarantine.

F.

Immediately remove any entries in the EC2 instance metadata that contain sensitive information.

Question 18

You work at a company that makes use of IAM resources. One of the key security policies is to ensure that all data i encrypted both at rest and in transit. Which of the following is one of the right ways to implement this.

Please select:

Options:

A.

Use S3 SSE and use SSL for data in transit

B.

SSL termination on the ELB

C.

Enabling Proxy Protocol

D.

Enabling sticky sessions on your load balancer

Question 19

A company wants to protect its website from man in-the-middle attacks by using Amazon CloudFront. Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Use the SimpleCORS managed response headers policy.

B.

Use a Lambda@Edge function to add the Strict-Transport-Security response header.

C.

Use the SecurityHeadersPolicy managed response headers policy.

D.

Include the X-XSS-Protection header in a custom response headers policy.

Question 20

Amazon CtoudWatch Logs agent is successfully delivering logs lo the CloudWatch Logs service. However, logs stop being delivered after the associated log stream has been active for a specific number of hours.

What steps are necessary to identify the cause of this phenomenon? (Select TWO.)

Options:

A.

Ensure that file permissions for monitored files that allow the CloudWatch Logs agent to read the file have not been modified

B.

Verify that the OS Log rotation rules are compatible with the configuration requirements for agent streaming.

C.

Configure an Amazon Kinesis producer to first put the logs into Amazon Kinesis Streams.

D.

Create a CloudWatch Logs metric to isolate a value that changes at least once during the period before logging stops.

E.

Use AWS CloudFormation to dynamically create and maintain the configuration file for the CloudWatch Logs agent.

Page: 5 / 31
Total 417 questions
Get SCS-C02 Full Access Download SCS-C02 PDF