Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 91–100 of 486

Q91

Which AWS service helps manage AWS IAM permissions through roles?

  • A AWS Organizations
  • B AWS IAM Roles
  • C AWS Config
  • D AWS CloudTrail
Explanation AWS IAM Roles enable applications and services to access AWS resources via assumed permissions; the others do not directly manage roles.
Q92

A company needs to allow users access to specific S3 buckets based on their department. What is the best practice?

  • A Use IAM user roles.
  • B Implement S3 bucket policies.
  • C Create multiple AWS accounts.
  • D Apply VPC trends.
Explanation S3 bucket policies allow granular access control based on user attributes; IAM roles provide broader permissions, and multiple accounts complicate management.
Q93

What happens when a CloudWatch alarm triggers an EC2 Auto Scaling policy?

  • A Instances are shut down.
  • B More instances are launched.
  • C Database is optimized.
  • D Notifications are ignored.
Explanation Triggering an Auto Scaling policy typically results in launching additional instances; shutting down instances is not guaranteed and the other options don’t apply.
Q94

Which AWS service is designed for threat detection and security monitoring?

  • A Amazon GuardDuty
  • B AWS Config
  • C AWS CloudTrail
  • D Amazon Inspector
Explanation Amazon GuardDuty continuously monitors for threats while others focus on compliance or logging.
Q95

A company needs to restrict access to an S3 bucket by IP address. Which feature should they implement?

  • A S3 Lifecycle Policies
  • B S3 Bucket Policy
  • C AWS Lambda Triggers
  • D S3 Versioning
Explanation S3 Bucket Policies allow IP-based access restrictions, while others do not focus on access control.
Q96

What happens when a security group is removed from an EC2 instance?

  • A Traffic is automatically denied
  • B Instance is terminated immediately
  • C Instance loses all network connectivity
  • D All inbound rules are still applied
Explanation Traffic is denied because security groups are stateful firewalls and removing them leaves no rules to allow traffic.
Q97

Which AWS service enables secure file transfer using SFTP?

  • A AWS Transfer for SFTP
  • B AWS DataSync
  • C Amazon S3
  • D AWS Storage Gateway
Explanation AWS Transfer for SFTP specifically supports secure SFTP file transfers, while others serve different purposes.
Q98

A company needs an application to securely store secrets and access keys. Which service should they use?

  • A AWS Secrets Manager
  • B AWS Parameter Store
  • C Amazon S3
  • D AWS Config
Explanation AWS Secrets Manager is designed for securely storing and managing sensitive information unlike the other options which serve different functionalities.
Q99

You are configuring AWS CloudTrail. What happens if you set the log file validation to enabled?

  • A Logs are encrypted automatically
  • B Integrity validation of logs occurs
  • C CloudTrail logs cannot be deleted
  • D You cannot enable more than one trail
Explanation Enabling log file validation ensures integrity verification of your CloudTrail logs, which is essential for security audits.
Q100

Which service should you use to automatically rotate your AWS access keys and secret keys?

  • A AWS Secrets Manager
  • B AWS IAM
  • C AWS Key Management Service
  • D AWS Config
Explanation AWS Secrets Manager can automatically manage key rotation, while IAM is for static credentials, KMS for encryption keys, and Config for compliance monitoring.