Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 261–270 of 486

Q261

You are configuring AWS Secrets Manager for sensitive information storage. What happens if you exceed the number of API calls per second for retries?

  • A Rate limit enforced, further calls blocked
  • B API calls are queued until limits reset
  • C Response with error, retries allowed forever
  • D Rate limit warnings are sent via SMS
Explanation Rate limits enforce quotas, blocking further calls; the other options misinterpret the API behavior.
Q262

Which AWS service helps to protect against DDoS attacks?

  • A AWS Shield
  • B AWS Firewall
  • C AWS Inspector
  • D AWS WAF
Explanation AWS Shield is specifically designed for DDoS protection; others serve different purposes like application security.
Q263

A company needs to monitor AWS resources for compliance. Which service should they use?

  • A Amazon CloudWatch
  • B AWS Config
  • C AWS CloudTrail
  • D AWS IAM
Explanation AWS Config tracks compliance of AWS resources, unlike CloudWatch and others that monitor different metrics.
Q264

What happens when an IAM policy denies permissions that are allowed by a different policy?

  • A Permissions are granted
  • B Permissions are denied
  • C Permissions are overridden
  • D Permissions are assessed
Explanation IAM policies follow an explicit deny rule, meaning any deny overrides allows.
Q265

Which service provides centralized logging for AWS resources?

  • A AWS CloudTrail
  • B AWS Shield
  • C AWS CloudFormation
  • D AWS Inspector
Explanation CloudTrail logs AWS account activity; others do not provide centralized logging.
Q266

A company needs to enforce Multi-Factor Authentication (MFA) for all IAM users. What feature should be enabled?

  • A IAM Access Analyzer
  • B IAM Policies
  • C IAM MFA
  • D IAM Roles
Explanation IAM MFA directly handles multi-factor authentication enforcement; others do not manage MFA settings specifically.
Q267

What happens when an IAM user's permissions are revoked but the user's session is still active?

  • A Immediate access is revoked immediately
  • B Access remains until session expires
  • C User requires new credentials
  • D Access is temporarily granted
Explanation Active sessions maintain permissions until expiration; revoked permissions take effect in new sessions.
Q268

Which AWS service can provide real-time threat detection?

  • A AWS GuardDuty
  • B AWS Shield
  • C AWS Inspector
  • D AWS Config
Explanation AWS GuardDuty continuously monitors for malicious activity, while the others serve different purposes like attack protection or compliance.
Q269

A company needs to ensure their S3 buckets are not publicly accessible. What feature should they use?

  • A Bucket Policy
  • B IAM Role
  • C Public Access Block
  • D S3 Storage Class
Explanation Public Access Block settings help prevent any public access, unlike other options which focus on permissions.
Q270

You are configuring an IAM Role for a Lambda function. What happens if the role has no permissions assigned?

  • A Lambda executes without errors.
  • B Lambda fails due to lack of permissions.
  • C Lambda runs with default administrative rights.
  • D Lambda waits for user approvals.
Explanation Without permissions, the Lambda function cannot perform any actions required, while the others do not accurately reflect IAM behavior.