Free SCS-C02 Practice Exam Questions Online

Why Amazon SCS-C02 Practice Exam Questions?

Ready to level up your Amazon SCS-C02 exam study? Just TheExamsLab SCS-C02 practice tests free.

SCS-C02 exam questions are expertly crafted practice tests designed to simulate the real Amazon certification exam environment and help you assess your knowledge and figure out where you are lacking. From our free AWS Certified Security Specialty SCS-C02 practice exam, you will feel secure in passing any question type or time limit. TheExamsLab offers the SCS-C02 exam questions 2024. Don’t settle or do it half-heartedly get the best and invest in the best what you want is what you get.

Page: 1 / 97

Total 481 Questions | Updated On: Nov 20, 2024

Add To Cart

Question 1

A security engineer is tasked with securing the network access for an application that uses an AWS Lambda function and an Amazon RDS database. The Lambda function and database both run in the same AWS account.

Which network configuration is the MOST secure?

A : Create an interface VPC endpoint for Lambda and update a private subnet route table to point to the endpoint. Update the DB to connect to the private subnet and access the Lambda function. Use endpoint policies to secure network access between the function and DB instance

B : Attach an Elastic IP to the Lambda function. Attach a security group to the function that allows outbound access to the DB security group. Update the DB instance security group to allow traffic from the Lambda security group.

C : Connect the Lambda function to a public subnet within the VPC. Attach a security group to the function that allows outbound access to the DB security group only. Update the DB instance security group to allow traffic from the Lambda public address space.

D : Connect the Lambda function to a private subnet within the VPC. Attach a security group to the function that allows outbound access to the VPC CIDR block only. Update the DB instance security group to allow traffic from the Lambda security group.

Answer: D

Question 2

You have an S3 bucket defined in IAM. You want to ensure that you encrypt the data before sending it across the wire. What is the best way to achieve this. Please select:

A :

Enable server side encryption for the S3 bucket. This request will ensure that the data is encrypted first.

B :

Use the IAM Encryption CLI to encrypt the data first

C :

Use a Lambda function to encrypt the data before sending it to the S3 bucket.

D :

Enable client encryption for the bucket

Answer: B

Question 3

A business is developing a cloud-native application on AWS and has selected AWS CodeBuild for automating the process of building, testing, and packaging their software code. To meet their security requirements, the company needs to ensure that all CodeBuild API operations executed within the VPC do not traverse the public internet.

What should a security engineer do to meet this requirement?

A : Establish a connection to the VPC using AWS Direct Connect.

B : Deploy an interface VPC endpoint for CodeBuild API operations.

C : Implement a gateway VPC endpoint for CodeBuild API operations.

D : Launch a NAT gateway in a public subnet in the VPC.

Answer: B

Question 4

A company has two AWS accounts. One account is for development workloads. The other account is for production workloads. For compliance reasons the production account contains all the AWS Key Management. Service (AWS KMS) keys that the company uses for encryption. The company applies an IAM role to an AWS Lambda function in the development account to allow secure access to AWS resources. The Lambda function must access a specific KMS customer managed key that exists in the production account to encrypt the Lambda function's data. Which combination of steps should a security engineer take to meet these requirements? (Select TWO.)

A :

Configure the key policy for the customer managed key in the production account to allow access to the Lambda service.

B :

Configure the key policy for the customer managed key in the production account to allow access to the IAM role of the Lambda function in the development account.

C :

Configure a new IAM policy in the production account with permissions to use the customer managed key. Apply the IAM policy to the IAM role that the Lambda function in the development account uses.

D :

Configure a new key policy in the development account with permissions to use the customer managed key. Apply the key policy to the IAM role that the Lambda function in the development account uses.

E :

Configure the IAM role for the Lambda function in the development account by attaching an IAM policy that allows access to the customer managed key in the production account.

Answer: B,E

Question 5

A corporation is preparing to acquire several companies. A Security Engineer must design a solution to ensure that newly acquired IAM accounts follow the corporation's security best practices. The solution should monitor each Amazon S3 bucket for unrestricted public write access and use IAM managed services. What should the Security Engineer do to meet these requirements?

A :

Configure Amazon Macie to continuously check the configuration of all S3 buckets.

B :

Enable IAM Config to check the configuration of each S3 bucket.

C :

Set up IAM Systems Manager to monitor S3 bucket policies for public write access.

D :

Configure an Amazon EC2 instance to have an IAM role and a cron job that checks the status of all S3 buckets.

Answer: C

Page: 1 / 97

Total 481 Questions | Updated On: Nov 20, 2024

Add To Cart