Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 211–220 of 486

Q211

Which AWS service enables you to centrally manage access policies across multiple AWS accounts?

  • A AWS Organizations
  • B AWS SSO
  • C IAM Roles
  • D AWS Config
Explanation AWS Organizations allows centralized policy management, while SSO and IAM Roles focus on user access, and AWS Config centers on resource compliance.
Q212

A company needs to implement a robust incident response plan on AWS. Which service would you use to automate the response to detected security incidents?

  • A AWS CloudTrail
  • B AWS Config
  • C AWS Lambda
  • D Amazon GuardDuty
Explanation AWS Lambda automates response actions based on triggers, while CloudTrail records activity, Config monitors configurations, and GuardDuty detects threats.
Q213

What happens when you add a bucket policy to an S3 bucket that denies access to a specific user?

  • A User can still access bucket
  • B Bucket is deleted
  • C Access denied is enforced
  • D Policy requires higher precedence
Explanation S3 bucket policies are enforced, making access denied for specified users, unlike options A and B which are incorrect practices.
Q214

Which AWS service provides DDoS protection?

  • A AWS Shield
  • B AWS GuardDuty
  • C AWS IAM
  • D AWS WAF
Explanation AWS Shield specifically protects against DDoS attacks; others serve different security functions.
Q215

A company needs to ensure data is encrypted in transit for an S3 bucket. Which solution is best?

  • A Use S3 Transfer Acceleration
  • B Enable S3 Bucket Versioning
  • C Configure Bucket Policy
  • D Use HTTPS for S3 access
Explanation Using HTTPS encrypts data in transit to/from S3; others do not provide this capability.
Q216

You are configuring AWS IAM. What happens when you attach an IAM policy directly to a user?

  • A Policy is not effective
  • B Grants permissions to the user
  • C Overrides account root permissions
  • D Limits user’s console access
Explanation Attaching a policy grants the specified permissions to that user; others are incorrect because they misinterpret IAM behavior.
Q217

Which AWS service provides DDoS protection for applications?

  • A AWS Shield
  • B AWS Secrets Manager
  • C Amazon RDS
  • D AWS Lambda
Explanation AWS Shield specifically protects against DDoS attacks, while the others do not provide DDoS protection.
Q218

A company needs to implement strong multi-factor authentication for its AWS resources. Which service should they use?

  • A AWS IAM
  • B AWS CloudTrail
  • C AWS Config
  • D Amazon CloudFront
Explanation AWS IAM allows for multi-factor authentication, unlike the others which focus on tracking or delivering content.
Q219

You are configuring a bucket policy for an S3 bucket. What happens when you allow public access to the bucket?

  • A All users can access the bucket
  • B Only authenticated AWS users can access
  • C Access is denied to everyone
  • D An error occurs
Explanation Allowing public access means unrestricted access to all users, while others incorrectly assume limited access or errors.
Q220

Which service provides centralized visibility into AWS resources and policies?

  • A AWS CloudTrail
  • B AWS Config
  • C Amazon GuardDuty
  • D AWS Shield
Explanation AWS Config monitors and records resource configurations, while the others serve different security monitoring functions.