Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 151–160 of 486

Q151

Which service is used to monitor AWS account activity and usage?

  • A AWS CloudTrail
  • B AWS Lambda
  • C AWS IAM
  • D AWS Shield
Explanation AWS CloudTrail provides logs of account activities; others do not monitor account usage directly.
Q152

A company needs to secure sensitive data in Amazon RDS. Which step should they first take?

  • A Enable IAM roles for the RDS instance.
  • B Use SSL/TLS for database connections.
  • C Encrypt data at rest using KMS.
  • D Deploy Multi-AZ for high availability.
Explanation Encrypting data at rest is a critical first step; the others are secondary considerations.
Q153

What happens when an S3 bucket policy denies permissions based on IP address?

  • A Access is granted for all IPs.
  • B Only specified IPs are denied access.
  • C Access is denied to IPs not listed.
  • D Bucket becomes publicly inaccessible.
Explanation When denied by policy, access is blocked for non-specified IPs; others misinterpret the policy's effects.
Q154

Which AWS service provides a scalable domain name system?

  • A Amazon Route 53
  • B Amazon CloudFront
  • C Amazon S3
  • D AWS Lambda
Explanation Amazon Route 53 is specifically designed for scalable DNS management; the others do not primarily function as DNS services.
Q155

A company needs to control access to S3 buckets so only certain users can read objects. What should they implement?

  • A S3 Bucket Policies
  • B EC2 Instance Roles
  • C IAM User Keys
  • D VPC Endpoint Policies
Explanation S3 Bucket Policies allow for precise access control to objects, while the others don't directly manage S3 access.
Q156

You are configuring AWS Security Hub. What happens when you enable integration with AWS Lambda?

  • A More secure resource policies
  • B Custom remediation actions
  • C Increased billing costs
  • D Better identity management
Explanation Integration with AWS Lambda enables custom remediation actions to be triggered; other options do not relate to that integration directly.
Q157

Which AWS service allows you to manage API lifecycle lifecycle efficiently?

  • A AWS Lambda
  • B AWS API Gateway
  • C Amazon EC2
  • D Amazon RDS
Explanation AWS API Gateway is dedicated to managing APIs, while others serve different purposes.
Q158

A company needs to ensure only authorized users access sensitive data. What is the best practice?

  • A Open all access to everyone
  • B Use IAM policies for access control
  • C Disable multi-factor authentication
  • D Share credentials through email
Explanation Using IAM policies is essential for maintaining fine-grained control over access to resources.
Q159

What happens when a security group is assigned to an EC2 instance?

  • A Network traffic is automatically encrypted
  • B All inbound traffic is denied
  • C Traffic filtering rules apply immediately
  • D Instance gains a public IP address
Explanation Security group rules take effect as soon as they are assigned to an instance, controlling its traffic flow.
Q160

Which AWS service allows in-transit encryption of data using TLS?

  • A Amazon RDS
  • B Amazon S3
  • C AWS Direct Connect
  • D AWS CloudTrail
Explanation AWS Direct Connect can utilize TLS for encrypted connections, while others focus on data at rest or logging.