Free SCS-C02 Exam Questions - Easiest Way for Success

Prepare for the Amazon SCS-C02 exam questions with our authentic preparation materials, including free SCS-C02 practice exam questions and answers. TheExamsLab provides all the support you need to succeed in the AWS Certified Security Specialty SCS-C02 exam. This dedication to student success is why we have the most satisfied SCS-C02 certification exam candidates worldwide.

Page: 1 / 97

Total 481 Questions | Updated On: Sep 11, 2024

Add To Cart

Question 1

A company has a relational database workload that runs on Amazon Aurora MySQL. According to new compliance standards the company must rotate all database credentials every 30 days. The company needs a solution that maximizes security and minimizes development effort. Which solution will meet these requirements?

A : Store the database credentials in AWS Secrets Manager. Configure automatic credential rotation tor every 30 days.

B : Store the database credentials in AWS Systems Manager Parameter Store. Create an AWS Lambda function to rotate the credentials every 30 days.

C : Store the database credentials in an environment file or in a configuration file. Modify the credentials every 30 days.

D : Store the database credentials in an environment file or in a configuration file. Create an AWS Lambda function to rotate the credentials every 30 days.

Answer: A

Question 2

A company uses Amazon API Gateway to present REST APIs to users. An API developer wants to analyze API access patterns without the need to parse the log files. Which combination of steps will meet these requirements with the LEAST effort? (Select TWO.)

A :

Configure access logging for the required API stage.

B :

Configure an AWS CloudTrail trail destination for API Gateway events. Configure filters on the userldentity, userAgent, and sourcelPAddress fields.

C :

Configure an Amazon S3 destination for API Gateway logs. Run Amazon Athena queries to analyze API access information.

D :

Use Amazon CloudWatch Logs Insights to analyze API access information.

E :

Select the Enable Detailed CloudWatch Metrics option on the required API stage.

Answer: C,D

Question 3

A developer who recently left a company was found to have published many access keys IDs to a public source code repository. A list of the exposed access key IDs has been created. A security engineer needs to quickly identify which users the access key IDs belong to so the credentials can be immediately rotated. The company uses multiple accounts in an AWS Organization.

Which approach should the security engineer take?

A : Generate a credential report in the root account in the Organization. Identify the users the access key IDs belong to. Rotate the access key IDs

B : Generate an IAM Access Analyzer report in each account in the Organization. Consolidate the reports and identify the users the access key IDs belong to. Rotate the access key IDs.

C : Generate a credential report in each account in the Organization. Consolidate the reports and identify the users the access key IDs belong to. Rotate the access key IDs.

D : Generate an IAM Access Analyzer report in the root account in the Organization. Identify the users the access key IDs belong to. Rotate the access key IDs.

Answer: C

Question 4

A developer is attempting to access an Amazon S3 bucket in a member account in AWS Organizations. The developer is logged in to the account with user credentials and has received an access denied error with no bucket listed. The developer should have read-only access to all buckets in the account.

A security engineer has reviewed the permissions and found that the developer's IAM user has been granted read-only access to all S3 buckets in the account.

Which additional steps should the security engineer take to troubleshoot the issue? (Select TWO.)

A : Check for the permissions boundaries set for the IAM user.

B : Check the SCPs set at the organizational units (OUs).

C : Check the ACLs for all S3 buckets.

D : Check if an appropriate IAM role is attached to the IAM user.

E : Check the bucket policies for all S3 buckets.

Answer: A,B

Question 5

A company has multiple accounts in the AWS Cloud. Users in the developer account need to have access to specific resources in the production account. What is the MOST secure way to provide this access?

A :

Create one IAM user in the production account. Grant the appropriate permissions to the resources that are needed. Share the password only with the users that need access.

B :

Create cross-account access with an IAM role in the developer account. Grant the appropriate permissions to this role. Allow users in the developer account to assume this role to access the production resources.

C :

Create cross-account access with an IAM user account in the production account. Grant the appropriate permissions to this user account. Allow users in the developer account to use this user account to access the production resources.

D :

Create cross-account access with an IAM role in the production account. Grant the appropriate permissions to this role. Allow users in the developer account to assume this role to access the production resources.

Answer: D

Page: 1 / 97

Total 481 Questions | Updated On: Sep 11, 2024

Add To Cart