Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 181–190 of 486

Q181

Which service provides automated security assessments for applications deployed on AWS?

  • A AWS Inspector
  • B AWS Shield
  • C AWS Firewall Manager
  • D AWS CloudTrail
Explanation AWS Inspector performs automated assessments, while the others focus on DDoS protection or logging.
Q182

A company needs to ensure that only authorized users can access sensitive S3 buckets. What feature should they implement?

  • A S3 Bucket Policy
  • B S3 Lifecycle Policy
  • C S3 Versioning
  • D S3 Event Notifications
Explanation S3 Bucket Policies control access permissions, while the others manage lifecycle, versioning, and notify events.
Q183

What happens when you detach an IAM policy from a user?

  • A User immediately loses all permissions.
  • B User retains permissions from other policies.
  • C User can still use console access.
  • D User is locked out of AWS account.
Explanation Detaching a policy removes specific permissions, but others may still be applicable from different policies.
Q184

Which AWS service allows you to centrally manage access across AWS services?

  • A AWS IAM
  • B AWS Config
  • C AWS Shield
  • D AWS WAF
Explanation AWS IAM is designed for centralized access management, while the others focus on configuration, DDoS protection, or web application firewall services.
Q185

A company needs to enforce security compliance for temporary access to AWS resources. What solution is most appropriate?

  • A AWS Roles
  • B AWS Organizations
  • C AWS Identity Federation
  • D IAM Policies
Explanation AWS Roles facilitate temporary access through assumption, while the other options focus on broader management and policy aspects.
Q186

You are configuring a VPC endpoint for S3 and find that your application still cannot access S3. What is the most likely reason?

  • A Incorrect VPC route table configuration
  • B S3 bucket not public
  • C VPC endpoint policy issues
  • D IAM user lacks permissions
Explanation VPC endpoint policy issues can prevent access to S3, whereas the other options do not directly relate to VPC endpoint functionality.
Q187

Which AWS service provides real-time threat detection?

  • A AWS GuardDuty
  • B AWS Config
  • C Amazon CloudWatch
  • D AWS Inspector
Explanation AWS GuardDuty detects threats through continuous monitoring, while others focus on compliance or performance.
Q188

A company needs to manage user permissions. Which approach should they use?

  • A IAM Policies
  • B CloudTrail Logs
  • C EC2 Security Groups
  • D S3 Encryption
Explanation IAM Policies are designed to manage user permissions, while other options serve different functions.
Q189

What happens when a user uploads an object to S3 without enabling versioning?

  • A Previous versions are lost
  • B Versioning is automatically enabled
  • C Object is encrypted
  • D User is notified of changes
Explanation Without versioning, the previous object is overwritten and cannot be recovered.
Q190

Which service would you use to monitor AWS account activity in real-time?

  • A AWS CloudTrail
  • B AWS CloudFormation
  • C AWS Config
  • D AWS Lambda
Explanation AWS CloudTrail is designed to log and monitor account activity, while the others manage resources or configuration.