SCS-C02 Leak Questions

AWS Certified Security - Specialty Questions and Answers

Question 109

You have an S3 bucket defined in IAM. You want to ensure that you encrypt the data before sending it across the wire. What is the best way to achieve this.

Please select:

Options:

Enable server side encryption for the S3 bucket. This request will ensure that the data is encrypted first.

Use the IAM Encryption CLI to encrypt the data first

Use a Lambda function to encrypt the data before sending it to the S3 bucket.

Enable client encryption for the bucket

Question 110

The Security Engineer is managing a traditional three-tier web application that is running on Amazon EC2 instances. The application has become the target of increasing numbers of malicious attacks from the Internet.

What steps should the Security Engineer take to check for known vulnerabilities and limit the attack surface? (Choose two.)

Options:

Use AWS Certificate Manager to encrypt all traffic between the client and application servers.

Review the application security groups to ensure that only the necessary ports are open.

Use Elastic Load Balancing to offload Secure Sockets Layer encryption.

Use Amazon Inspector to periodically scan the backend instances.

Use AWS Key Management Services to encrypt all the traffic between the client and application servers.

Question 111

A company runs a cuslom online gaming application. The company uses Amazon Cognito for user authentication and authorization.

A security engineer wants to use AWS to implement fine-grained authorization on resources in the custom application. The security engineer must implement a solution that uses the user attributes that exist in Cognito. The company has already set up a user pool and an identity pool in Cognito.

Which solution will meet these requirements?

Options:

Create a set of 1AM roles and 1AM policies Configure the Cognito identity pool to assign users to the 1AM roles.

Create a policy store in Amazon Verified Permissions. Configure Cognito as the identity source Map Cognito access tokens to the Verified Permissions schema.

Create customer managed permissions by using AWS Resource Access Manager (AWS RAM) Configure the Cognito identity pool to assign users to the customer managed permissions

Create a set of 1AM users and 1AM policies. Configure the Cognito user pool to assign users to the 1AM users.

Question 112

A company uses Amazon API Gateway to present REST APIs to users. An API developer wants to analyze API access patterns without the need to parse the log files.

Which combination of steps will meet these requirements with the LEAST effort? (Select TWO.)

Options:

Configure access logging for the required API stage.

Configure an AWS CloudTrail trail destination for API Gateway events. Configure filters on the userldentity, userAgent, and sourcelPAddress fields.

Configure an Amazon S3 destination for API Gateway logs. Run Amazon Athena queries to analyze API access information.

Use Amazon CloudWatch Logs Insights to analyze API access information.

Select the Enable Detailed CloudWatch Metrics option on the required API stage.

Winter Sale - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

AWS Certified Security - Specialty Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

CompTIA

Fortinet

Microsoft

Salesforce