Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 141–150 of 486

Q141

You are configuring an IAM role for an EC2 instance. What happens if the role is not correctly associated?

  • A Instance runs with full access
  • B All services fail to respond
  • C Instance runs without permissions
  • D Instance logs unauthorized access
Explanation Without the role, the instance cannot access AWS resources, while the other options suggest incorrect outcomes.
Q142

Which AWS service provides a detailed inventory of S3 objects?

  • A AWS CloudTrail
  • B AWS Config
  • C S3 Inventory
  • D Amazon CloudWatch
Explanation S3 Inventory is designed specifically for reporting on S3 objects, while the others serve different monitoring or compliance purposes.
Q143

A company needs to ensure that only designated IP addresses can access their AWS resources. What should they implement?

  • A Network ACLs
  • B IAM Policies
  • C Security Groups
  • D Route 53
Explanation Network ACLs are the correct choice for controlling access by IP address, while IAM policies and Security Groups are used for different access control layers.
Q144

You are configuring an AWS IAM role to allow an EC2 instance to access an S3 bucket. What is required to enable this access?

  • A S3 Bucket Policy alone
  • B IAM Role attached to EC2
  • C IAM User credentials
  • D Public Access Settings
Explanation The IAM Role must be attached to the EC2 instance to authorize it to access the S3 bucket, while the other options do not fulfill this requirement properly.
Q145

Which service enables encryption for data at rest in S3?

  • A S3 Server-Side Encryption
  • B S3 Transfer Acceleration
  • C IAM Roles
  • D AWS Shield
Explanation S3 Server-Side Encryption provides encryption for data at rest, whereas the other options serve different purposes.
Q146

A company needs to enforce multi-factor authentication (MFA) for all users accessing the AWS Management Console. What should they implement?

  • A IAM Policies only
  • B MFA devices with IAM Users
  • C AWS Organizations service access
  • D Single Sign-On authentication
Explanation MFA devices are specifically designed for enhancing security for IAM users, unlike the other options.
Q147

You are configuring an Amazon RDS instance. What happens if you don't create a backup before deleting an instance?

  • A You can restore from point-in-time
  • B Data is permanently lost
  • C Instance will be archived
  • D Deletion can be undone later
Explanation Without a backup, data is permanently lost; only point-in-time backups allow for restores.
Q148

Which AWS service helps prevent DDoS attacks?

  • A AWS Shield
  • B AWS Trusted Advisor
  • C AWS IAM
  • D AWS Inspector
Explanation AWS Shield specializes in DDoS protection while the others focus on different areas.
Q149

A company needs to share sensitive data with external partners securely. Which AWS service is best suited for this?

  • A AWS S3 Bucket Policies
  • B AWS KMS
  • C AWS Transfer Family
  • D AWS CloudTrail
Explanation AWS Transfer Family is designed for secure file transfers to partners, while the others do not specifically address data sharing needs.
Q150

What happens when an IAM user's permissions are assigned directly to another user instead of using IAM groups?

  • A Permissions stack regardless
  • B Permissions are inherited
  • C No permissions granted
  • D Permissions must be managed individually
Explanation Managing permissions individually can lead to increased administrative overhead compared to using IAM groups for simplification.