Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 201–210 of 486

Q201

What happens when you disable an IAM user account?

  • A Access keys remain active.
  • B All permissions are revoked.
  • C The user can still sign in.
  • D Only some policies are affected.
Explanation Disabling the IAM user account revokes all permissions immediately, whereas the other options do not accurately represent what happens.
Q202

Which AWS service helps manage access to secrets?

  • A AWS Secrets Manager
  • B AWS Shield
  • C AWS Config
  • D AWS CloudTrail
Explanation AWS Secrets Manager specifically manages, retrieves, and stores secrets securely, while the others are unrelated to secrets management.
Q203

You are configuring IAM policies for a user. What should you consider to apply the principle of least privilege?

  • A Grant full access initially
  • B Limit permissions to what is needed
  • C Use wildcard in policies
  • D Assign admin role
Explanation Limiting permissions to just what is needed is the core of least privilege, while the other options provide excessive access.
Q204

What happens when you disable an AWS CloudTrail trail?

  • A All logs are immediately deleted
  • B No new events are logged
  • C Logs are archived automatically
  • D Only read access is revoked
Explanation Disabling a CloudTrail trail stops new event logging, while the other options are incorrect interpretations of trail behavior.
Q205

What AWS service provides detailed billing information about your services?

  • A AWS Cost Explorer
  • B Amazon CloudWatch
  • C AWS Config
  • D AWS Shield
Explanation AWS Cost Explorer analyzes your costs and usage, while the others serve different functions.
Q206

A company needs to limit EC2 instance types accessible to users. Which IAM feature will achieve this?

  • A Resource policies
  • B Service control policies
  • C IAM policies
  • D Permissions boundary
Explanation IAM policies attached to users limit allowed actions and resources, while others don’t solely restrict instance types.
Q207

What happens when an EC2 instance is stopped and then started?

  • A It retains its private IP
  • B It loses any associated IAM roles
  • C It changes its encryption settings
  • D It powers on with a new instance store
Explanation The private IP remains unless the instance is terminated, while other options describe incorrect behaviors.
Q208

Which AWS service provides DDoS protection?

  • A AWS Shield
  • B Amazon CloudFront
  • C AWS WAF
  • D AWS Firewall Manager
Explanation AWS Shield specifically offers DDoS protection, while others focus on web security or traffic management.
Q209

You are configuring Identity and Access Management (IAM) for a team. What principle should you implement for least privilege?

  • A Assign all permissions to users
  • B Use managed policies
  • C Give only necessary permissions
  • D Use S3 bucket policies
Explanation Least privilege entails granting only necessary permissions to users, avoiding excessive access rights.
Q210

What happens when an IAM user's credentials are compromised?

  • A Only their MFA token is affected
  • B Access to all AWS services is revoked
  • C Strongly enforced access policies fail
  • D Potential unauthorized access occurs
Explanation Compromised credentials can lead to unauthorized access, posing security risks.