Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 121–130 of 486

Q121

Which AWS service enables users to manage IAM identities and policies centrally?

  • A AWS IAM
  • B AWS Organizations
  • C AWS Config
  • D AWS CloudTrail
Explanation AWS Organizations allows for central management of accounts and IAM policies, whereas IAM is for identity management for a single account.
Q122

A company needs to comply with GDPR. Which AWS service can help identify and classify data?

  • A AWS Trusted Advisor
  • B AWS Macie
  • C AWS Inspector
  • D Amazon GuardDuty
Explanation AWS Macie automates data discovery and classification for compliance, unlike the other options which focus on security or performance.
Q123

You are configuring an S3 bucket with versioning. What happens when an object is deleted?

  • A Object is permanently deleted.
  • B Delete marker is created.
  • C All versions are inaccessible.
  • D Data is archived in Glacier.
Explanation When versioning is enabled, deleting an object creates a delete marker, allowing access to previous versions.
Q124

Which AWS service enables you to manage secrets securely?

  • A AWS Secrets Manager
  • B AWS S3
  • C AWS IAM
  • D AWS EC2
Explanation AWS Secrets Manager is designed for managing secrets, while the others serve different purposes.
Q125

A company needs to allow secure access to its data on S3 but must prevent public data exposure. What feature should they implement?

  • A IAM Policies
  • B VPC Endpoint
  • C S3 Bucket Policies
  • D CloudTrail Logs
Explanation S3 Bucket Policies can restrict access while ensuring security against public exposure.
Q126

You are configuring a Lambda function with access to DynamoDB. What happens if IAM policies incorrectly deny access to DynamoDB?

  • A Lambda function fails to execute.
  • B Lambda runs but with limited functionality.
  • C DynamoDB is completely unaffected.
  • D Service reverts to default settings.
Explanation If IAM policies deny DynamoDB access, the Lambda function will fail due to insufficient permissions.
Q127

Which service provides DDoS protection for AWS applications?

  • A AWS Shield
  • B Amazon GuardDuty
  • C AWS WAF
  • D Amazon Inspector
Explanation AWS Shield is specifically designed for DDoS protection; others target different security aspects.
Q128

A company needs to audit IAM user activities in real-time. Which service should it use?

  • A AWS CloudTrail
  • B AWS Config
  • C Amazon Inspector
  • D AWS Lambda
Explanation AWS CloudTrail records API calls to help audit IAM activity; others focus on resource configurations or security assessments.
Q129

What happens when an S3 bucket policy denies access to a specific AWS principal?

  • A Access granted if public
  • B Access denied regardless of other policies
  • C Access granted only for AWS services
  • D Access denied unless trusted role is used
Explanation A deny policy takes precedence over allows, regardless of other policies.
Q130

Which AWS service provides DDoS protection?

  • A AWS Shield
  • B AWS Inspector
  • C AWS WAF
  • D AWS Config
Explanation AWS Shield is specifically designed for DDoS protection; the others serve different security functions.