Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 131–140 of 486

Q131

A company needs to audit IAM permissions usage. What is the best option?

  • A AWS CloudTrail
  • B AWS Config
  • C AWS Organizations
  • D AWS IAM Dashboard
Explanation AWS CloudTrail records IAM permissions usage; the others do not provide this specific audit capability.
Q132

What happens when an S3 bucket policy denies access to a specific IP range?

  • A Access is granted to all IPs.
  • B Only specific IPs can access it.
  • C Access is denied for specified IP range.
  • D Policy has no effect on access.
Explanation The Deny statement takes precedence, thus blocking specified IPs; options A and B are incorrect regarding deny policies, and D misinterprets policy enforcement.
Q133

Which AWS service allows you to monitor S3 bucket access logs?

  • A AWS CloudTrail
  • B AWS Config
  • C Amazon Inspector
  • D AWS Trust Advisor
Explanation CloudTrail tracks API calls, including S3 access logs, while the others serve different purposes.
Q134

A company needs to provide temporary access to AWS resources for third-party developers. What should they implement?

  • A Temporary IAM Roles
  • B Resource Policies
  • C Service Control Policies
  • D Dedicated IAM Users
Explanation Temporary IAM roles allow for short-term, controlled access, unlike static IAM users.
Q135

What happens when you disable MFA delete on an S3 bucket?

  • A MFA is no longer required for deletes
  • B Access to the bucket is restricted
  • C Versioning is automatically disabled
  • D Object lock becomes mandatory
Explanation Disabling MFA delete removes that security requirement, while others are not affected.
Q136

Which AWS service automatically scales your EC2 instances?

  • A Auto Scaling
  • B CloudWatch
  • C Elastic Load Balancing
  • D EC2 Instance Connect
Explanation Auto Scaling adjusts EC2 instance capacity, while others monitor or distribute traffic.
Q137

You are configuring a VPC with multiple subnets. What must you ensure for high availability?

  • A Place all resources in one subnet
  • B Use only public subnets
  • C Distribute instances across multiple Availability Zones
  • D Enable IPv6 only in all subnets
Explanation Distributing across Availability Zones provides redundancy and fault tolerance; others do not ensure high availability.
Q138

A company needs to log access to its S3 buckets. Which method is most effective?

  • A Enable S3 versioning
  • B Use CloudTrail for S3 APIs
  • C Configure IAM policies
  • D Set up bucket lifecycle policies
Explanation CloudTrail logs API access, while others manage versions or retention without logging access.
Q139

Which service provides centralized logging in AWS?

  • A AWS CloudTrail
  • B AWS Config
  • C Amazon S3
  • D AWS CloudWatch
Explanation AWS CloudTrail tracks user activity and API usage logs, while the others serve different functions.
Q140

A company needs to encrypt data at rest on Amazon S3. What should they use?

  • A Bucket Policies
  • B Amazon Macie
  • C S3 Server-Side Encryption
  • D IAM Roles
Explanation S3 Server-Side Encryption directly encrypts objects at rest, while the others are unrelated to data encryption.