Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 241–250 of 486

Q241

Which AWS service helps to manage secrets securely?

  • A AWS Secrets Manager
  • B AWS CloudTrail
  • C AWS CodeCommit
  • D AWS Config
Explanation AWS Secrets Manager is specifically designed for managing secrets securely, while the others serve different purposes.
Q242

A company needs to enforce multi-factor authentication (MFA) for its IAM users. What is the best approach?

  • A Implement MFA on IAM user accounts
  • B Use only password policies
  • C Disable IAM roles
  • D Enable EC2 instance metadata
Explanation Implementing MFA on IAM user accounts directly addresses the security requirement, while the other options do not meet this goal.
Q243

You are configuring an S3 bucket policy. What happens if you set the policy to allow public read access?

  • A Only bucket owner can read objects
  • B All users can read objects
  • C Bucket is deleted immediately
  • D Only admins can read objects
Explanation Allowing public read access enables all users to read objects in the bucket, while the other options are incorrect permissions scenarios.
Q244

Which service helps encrypt data at rest in AWS?

  • A AWS Key Management Service (KMS)
  • B AWS Lambda
  • C AWS CloudFormation
  • D AWS Elastic Beanstalk
Explanation KMS provides customer-controlled encryption keys for data at rest, unlike the other options.
Q245

A company needs multi-factor authentication for AWS management console access. What should they implement?

  • A IAM users and groups
  • B AWS Security Hub
  • C IAM roles
  • D AWS MFA
Explanation AWS MFA adds an additional layer beyond just a username and password, which is essential for secure access.
Q246

You are configuring a VPC with public and private subnets. What needs to be done to allow private instances to access the internet?

  • A Assign floating IPs to private instances
  • B Use a NAT Gateway
  • C Configure an internet gateway
  • D Enable Route 53
Explanation A NAT Gateway allows private instances to initiate outbound internet traffic while preventing inbound access, unlike the other options.
Q247

Which AWS service is specifically designed for managing secrets?

  • A AWS Secrets Manager
  • B AWS Config
  • C AWS Lambda
  • D AWS IAM
Explanation AWS Secrets Manager securely stores and manages secrets, while others manage different resources.
Q248

A company needs to ensure that their application can recover from a failure without data loss. Which AWS service should they use?

  • A Amazon S3
  • B Amazon RDS with Multi-AZ
  • C AWS CloudFormation
  • D AWS Lambda
Explanation Amazon RDS with Multi-AZ provides automatic failover and data replication, ensuring data availability, unlike others.
Q249

What happens when an IAM user tries to perform an action that is not explicitly allowed?

  • A Success if an implicit deny exists
  • B Access is denied by default
  • C Access is granted if service is active
  • D Action prompts a security alert
Explanation IAM operates on a default deny principle; explicit allow is necessary for access.
Q250

Which service provides a secure way to manage API keys?

  • A AWS Secrets Manager
  • B Amazon S3
  • C AWS CloudTrail
  • D AWS Lambda
Explanation AWS Secrets Manager is designed for managing and securing sensitive information such as API keys, while the other options do not specifically offer this functionality.