Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 171–180 of 486

Q171

What happens when a user attempts to access an AWS resource without the correct permissions?

  • A Access Denied error is shown.
  • B Access is granted as a default.
  • C An AWS administrator is notified.
  • D The request is logged in CloudTrail.
Explanation The user will see an Access Denied error as AWS enforces explicit permissions.
Q172

Which AWS service is primarily used for monitoring and logging resources?

  • A AWS CloudTrail
  • B AWS Elastic Beanstalk
  • C AWS Config
  • D AWS CodePipeline
Explanation CloudTrail logs API calls, while the others serve different purposes.
Q173

A company needs to limit S3 bucket access based on user groups. Which feature should they use?

  • A IAM Policies
  • B S3 Block Public Access
  • C Bucket Lifecycle Policies
  • D AWS Shield
Explanation IAM Policies can grant access controls, not the others effectively.
Q174

What happens when you set an EC2 instance to a 'stop' state?

  • A Data is deleted
  • B Instance retains storage
  • C IP address is static
  • D CPU utilization is maxed
Explanation Stopping an instance retains EBS volumes, while the other options are incorrect.
Q175

Which AWS service provides a managed service for Apache Kafka?

  • A Amazon Managed Streaming for Kafka (MSK)
  • B AWS Elastic Beanstalk
  • C AWS Step Functions
  • D Amazon CloudFront
Explanation Amazon MSK is specifically designed for Kafka, while others serve different purposes.
Q176

A company needs to ensure that only its security team can manage IAM roles. What is the best approach?

  • A Attach a role to the security team
  • B Use tags for IAM permissions
  • C Create an IAM policy with conditions
  • D Enable MFA for all IAM roles
Explanation Creating an IAM policy with conditions restricts role management efficiently to the security team.
Q177

You are configuring an S3 bucket for static website hosting. What happens if you do not set up a public access block?

  • A Website will not load
  • B Objects are private by default
  • C Repository access is disabled
  • D Objects can be accessed publicly
Explanation Without public access block, objects can be publicly accessible unless permissions are strictly defined.
Q178

Which AWS service enables automatic scaling of resources based on load?

  • A Auto Scaling
  • B CloudFormation
  • C Route 53
  • D CloudTrail
Explanation Auto Scaling automatically adjusts resource capacity, while the others serve different functions.
Q179

A company needs to ensure their critical logs are encrypted at rest. Which feature should they enable?

  • A S3 Versioning
  • B S3 Server-Side Encryption
  • C IAM Policies
  • D CloudWatch Alarms
Explanation S3 Server-Side Encryption secures logs at rest, unlike the other options which do not perform encryption.
Q180

You are configuring a VPC with public and private subnets. What happens when you place an EC2 instance in a private subnet?

  • A It has a public IP
  • B It cannot access the Internet
  • C It can connect to a public subnet
  • D It receives incoming public traffic
Explanation EC2 in a private subnet can access the Internet via NAT, while the other statements are inaccurate for this setup.