Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 221–230 of 486

Q221

A company needs to ensure that sensitive data is encrypted at rest in S3. What should they configure?

  • A S3 Bucket Versioning
  • B S3 Security Policies
  • C Server-Side Encryption
  • D CloudFront Distribution
Explanation Server-Side Encryption is specifically for encrypting data at rest, unlike the other options.
Q222

You are configuring IAM roles for an application that runs on EC2 with access to S3. What happens when the application assumes a role with insufficient permissions?

  • A The application retrieves partial data.
  • B Access is denied for operations.
  • C Performance is significantly affected.
  • D The application auto-scales up.
Explanation If the role has insufficient permissions, all access attempts will be denied, ensuring security.
Q223

Which AWS service allows you to create custom policies for resource access?

  • A AWS IAM
  • B AWS Shield
  • C AWS Inspector
  • D AWS Config
Explanation AWS IAM enables custom policies for resource access, while others focus on protection and compliance issues.
Q224

A company needs to ensure data is encrypted in transit for their S3 bucket. Which method should they use?

  • A Enable bucket versioning
  • B Use HTTPS for requests
  • C Enable lifecycle policies
  • D Set bucket public access
Explanation Using HTTPS ensures data is encrypted in transit; the other options do not provide encryption in transit.
Q225

You are configuring an AWS Lambda function attached to an API Gateway. What is the maximum time a single invocation can run?

  • A 30 seconds
  • B 5 minutes
  • C 15 minutes
  • D 1 hour
Explanation AWS Lambda functions can run for up to 15 minutes; the other options exceed or mismatch this limit.
Q226

Which service provides fine-grained access control for AWS resources?

  • A AWS Identity and Access Management (IAM)
  • B AWS CloudTrail
  • C Amazon S3
  • D AWS Config
Explanation IAM allows you to manage access permissions, whereas the others focus on activity logging or resource management.
Q227

A company needs to ensure that all sensitive API calls are logged for compliance. Which AWS service should they use?

  • A AWS Lambda
  • B Amazon CloudWatch
  • C AWS CloudTrail
  • D Amazon GuardDuty
Explanation CloudTrail specifically logs API calls for auditing, unlike the other services which serve different purposes.
Q228

You are configuring a security group for an EC2 instance. What happens when you try to allow port 8080 from 0.0.0.0/0?

  • A Allows all traffic to port 8080
  • B Blocks all traffic to port 8080
  • C Restricts traffic to specific IPs
  • D Only allows intra-VPC traffic
Explanation Allowing from 0.0.0.0/0 enables global access, while the other options incorrectly describe security group behavior.
Q229

Which service can help enforce data access policies on AWS resources?

  • A AWS Identity and Access Management (IAM)
  • B AWS CloudTrail
  • C Amazon S3
  • D Amazon CloudWatch
Explanation IAM manages access permissions for AWS resources, while others serve different purposes.
Q230

A company needs to regularly audit its AWS environment for potential security issues. Which service should they use?

  • A AWS Config
  • B Amazon EC2
  • C AWS Lambda
  • D Amazon RDS
Explanation AWS Config provides continuous resource monitoring and auditing against desired configurations.