AWS Certified Specialty SCS-C02 Updated Exam

AWS Certified Security - Specialty Questions and Answers

Question 13

A company wants to ensure that its IAM resources can be launched only in the us-east-1 and us-west-2 Regions.

What is the MOST operationally efficient solution that will prevent developers from launching Amazon EC2 instances in other Regions?

Options:

Enable Amazon GuardDuty in all Regions. Create alerts to detect unauthorized activity outside us-east-1 and us-west-2.

Use an organization in IAM Organizations. Attach an SCP that allows all actions when the IAM: Requested Region condition key is either us-east-1 or us-west-2. Delete the FullIAMAccess policy.

Provision EC2 resources by using IAM Cloud Formation templates through IAM CodePipeline. Allow only the values of us-east-1 and us-west-2 in the IAM CloudFormation template's parameters.

Create an IAM Config rule to prevent unauthorized activity outside us-east-1 and us-west-2.

Question 14

A company has an application that uses dozens of Amazon DynamoDB tables to store data. Auditors find that the tables do not comply with the company's data protection policy.

The company's retention policy states that all data must be backed up twice each month: once at midnight on the 15th day of the month and again at midnight on the 25th day of the month. The company must retain the backups for 3 months.

Which combination of steps should a security engineer take to meet these re-quirements? (Select TWO.)

Options:

Use the DynamoDB on-demand backup capability to create a backup plan. Con-figure a lifecycle policy to expire backups after 3 months.

Use AWS DataSync to create a backup plan. Add a backup rule that includes a retention period of 3 months.

Use AVVS Backup to create a backup plan. Add a backup rule that includes a retention period of 3 months.

Set the backup frequency by using a cron schedule expression. Assign each DynamoDB table to the backup plan.

Set the backup frequency by using a rate schedule expression. Assign each DynamoDB table to the backup plan.

Question 15

Which of the following are valid configurations for using SSL certificates with Amazon CloudFront? (Select THREE )

Options:

Default AWS Certificate Manager certificate

Custom SSL certificate stored in AWS KMS

Default CloudFront certificate

Custom SSL certificate stored in AWS Certificate Manager

Default SSL certificate stored in AWS Secrets Manager

Custom SSL certificate stored in AWS IAM

Question 16

A company has multiple accounts in the AWS Cloud. Users in the developer account need to have access to specific resources in the production account.

What is the MOST secure way to provide this access?

Options:

Create one IAM user in the production account. Grant the appropriate permissions to the resources that are needed. Share the password only with the users that need access.

Create cross-account access with an IAM role in the developer account. Grant the appropriate permissions to this role. Allow users in the developer account to assume this role to access the production resources.

Create cross-account access with an IAM user account in the production account. Grant the appropriate permissions to this user account. Allow users in the developer account to use this user account to access the production resources.

Create cross-account access with an IAM role in the production account. Grant the appropriate permissions to this role. Allow users in the developer account to assume this role to access the production resources.

Weekend Sale Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

AWS Certified Specialty SCS-C02 Updated Exam

AWS Certified Security - Specialty Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation: