Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 231–240 of 486

Q231

What happens when you create an IAM user without permissions?

  • A User cannot access any resources
  • B User has full access by default
  • C User can only access S3
  • D User can access services without setup
Explanation IAM users require explicit permissions to access resources; none means no access.
Q232

Which service provides automated security assessments for applications deployed on AWS?

  • A Amazon Inspector
  • B AWS Config
  • C CloudTrail
  • D AWS Shield
Explanation Amazon Inspector automates security assessments, while others serve different security purposes.
Q233

A company needs to limit access to its AWS resources based on a user's role. Which AWS service should they use?

  • A IAM Policies
  • B CloudWatch
  • C VPC
  • D S3 Bucket Policies
Explanation IAM Policies control access based on user roles, unlike the other options.
Q234

What happens when a user tries to access an S3 bucket in a different account without proper permissions?

  • A Access is granted immediately.
  • B Access is denied.
  • C User is asked to authenticate.
  • D AWS will send a notification.
Explanation Access is denied if permissions are not set properly, while the other options describe incorrect scenarios.
Q235

Which service allows for detailed monitoring of AWS resources?

  • A CloudWatch
  • B CloudTrail
  • C IAM
  • D AWS Config
Explanation CloudWatch provides monitoring for AWS resources; CloudTrail records API calls, IAM manages identities, and AWS Config monitors configuration.
Q236

A company needs to ensure data residency in the EU for their S3 buckets. What should they configure?

  • A Bucket Policies
  • B Lifecycle Policies
  • C Data Encryption
  • D Region Selection
Explanation Selecting the correct region ensures data residency; policies and encryption don't affect residency.
Q237

You are configuring an IAM policy. What happens when you use "Deny" alongside "Allow" for the same resource?

  • A Deny overrides Allow
  • B Allow overrides Deny
  • C Both permissions are ineffective
  • D Policy will fail to apply
Explanation In IAM, Deny permissions always override Allow; allowing both has no effect.
Q238

Which service offers DDoS mitigation for AWS resources?

  • A AWS Shield
  • B Amazon Inspector
  • C AWS WAF
  • D Amazon GuardDuty
Explanation AWS Shield is specifically designed for DDoS protection; others provide different security functions.
Q239

A company needs to manage access to AWS resources based on the job function of its users. Which AWS feature should they implement?

  • A Security Groups
  • B IAM Policies
  • C CloudTrail
  • D VPC Peering
Explanation IAM Policies allow fine-grained control of user permissions; the others are unrelated to access management.
Q240

You are configuring an S3 bucket for public access. What happens if you do not disable the block public access settings?

  • A Bucket is publicly accessible.
  • B Block public access takes precedence.
  • C Access is controlled by ACLs.
  • D Only certain files are public.
Explanation Block public access settings prevent any public access despite bucket configuration; others misrepresent the functionality of these settings.