Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Pass SCS-C03 Exam Guide

Page: 17 / 17
Total 231 questions

AWS Certified Security – Specialty Questions and Answers

Question 65

A company has security requirements for Amazon Aurora MySQL databases regarding encryption, deletion protection, public access, and audit logging. The company needs continuous monitoring and real-time visibility into compliance status.

Which solution will meet these requirements?

Options:

A.

Use AWS Audit Manager with a custom framework.

B.

Enable AWS Config and use managed rules to monitor Aurora MySQL compliance.

C.

Use AWS Security Hub configuration policies.

D.

Use EventBridge and Lambda with custom metrics.

Question 66

A company runs an application outside of AWS. The external application authenticates to AWS as an IAM user. A security engineer needs to migrate the external application to use an IAM role. The company’s human users already use IAM roles with AWS IAM Identity Center.

Which solution will give the external application the ability to use an IAM role?

Options:

A.

Set up the external application as a managed application in IAM Identity Center. Create a new account assignment to generate an IAM role for the external application to use.

B.

Create an AWS Verified Access instance. Set up a trust provider for the external application. Create a Verified Access policy to allow the external application to assume an IAM role.

C.

Use IAM Roles Anywhere. Create a trust anchor and profile on AWS. Set up the credential helper tool in the external application. Configure an IAM role to trust IAM Roles Anywhere.

D.

Enable federation with IAM. Configure SAML 2.0 federation by adding a relying party trust between the external application and AWS. Set up an IAM role for the external application to assume.

Question 67

A company has a compliance requirement to encrypt all data in transit. The company recently discovered an Amazon Aurora cluster that does not meet this requirement.

How can the company enforce encryption for all connections to the Aurora cluster?

Options:

A.

In the Aurora cluster configuration, set therequire_secure_transportDB cluster parameter toON.

B.

Use AWS Directory Service for Microsoft Active Directory to create a user directory and to enforce Kerberos authentication with Aurora.

C.

Configure the Aurora cluster to use AWS Certificate Manager (ACM) to provide encryption certificates.

D.

Create an Amazon RDS proxy. Connect the proxy to the Aurora cluster to enable encryption.

Page: 17 / 17
Total 231 questions