Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 11–20 of 486

Q11

A company needs to restrict access to AWS resources based on conditions. Which feature should they employ?

  • A IAM Roles
  • B IAM Policies
  • C Security Groups
  • D S3 Bucket Policies
Explanation IAM Policies can enforce conditional access, while roles and security groups do not offer this flexibility.
Q12

You are configuring AWS Secrets Manager for an application. What happens if a secret is deleted?

  • A It is permanently lost immediately.
  • B It goes into a recovery mode.
  • C It can be restored within a time period.
  • D It becomes inaccessible indefinitely.
Explanation Deleted secrets in AWS Secrets Manager can be restored within the recovery window, making them recoverable.
Q13

Which service provides a managed WAF solution?

  • A AWS WAF
  • B AWS Shield
  • C AWS CloudFront
  • D AWS Firewall Manager
Explanation AWS WAF is specifically designed for web application firewalls, while others serve different purposes.
Q14

A company needs to analyze logs from multiple AWS services. Which AWS service is best suited for this?

  • A Amazon Athena
  • B Amazon CloudWatch
  • C AWS Config
  • D AWS Trusted Advisor
Explanation Amazon Athena allows SQL queries on S3-stored logs, while others focus on monitoring or compliance.
Q15

You are configuring IAM roles for EC2 instances. What happens if no IAM role is assigned?

  • A Instances will have limited access.
  • B Instances will have full access.
  • C Instances cannot access AWS services.
  • D Instances access services via default credentials.
Explanation Without an IAM role, EC2 instances do not obtain any permissions for AWS services.
Q16

Which service provides a centralized view of AWS accounts?

  • A AWS Control Tower
  • B AWS Config
  • C AWS Secrets Manager
  • D AWS Shield
Explanation AWS Control Tower helps manage multi-account environments, while others serve different purposes regarding compliance and secret management.
Q17

A company needs to enforce strict access control based on specific attributes of IAM users. What should they use?

  • A IAM Policies
  • B Policy Conditions
  • C Resource Policies
  • D AWS CLI
Explanation Policy Conditions allow attribute-based access control, while the others don't address attribute conditions explicitly.
Q18

What happens when an AWS Lambda function times out during execution?

  • A Partial execution is saved
  • B Function retried automatically
  • C Failure reported to CloudTrail
  • D Invocation returns a timeout error
Explanation A timeout during Lambda execution results in an invocation returning a timeout error, whereas the other options are incorrect responses to execution failure.
Q19

Which AWS service provides DDoS protection?

  • A AWS Shield
  • B AWS WAF
  • C AWS Firewall Manager
  • D AWS Config
Explanation AWS Shield is specifically designed for DDoS protection; the others serve different security functions.
Q20

A company needs to log all IAM user activities continuously. What should they use?

  • A AWS CloudTrail
  • B AWS CloudWatch
  • C AWS Config
  • D AWS Inspector
Explanation AWS CloudTrail captures all IAM user activity, while the others serve different monitoring or compliance purposes.