Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 271–280 of 486

Q271

Which service provides automated compliance checks for AWS resources?

  • A AWS Config
  • B AWS CloudTrail
  • C AWS Shield
  • D AWS IAM
Explanation AWS Config tracks compliance of resources, while others log activities or manage access.
Q272

A company needs to securely share data between AWS accounts. What is the best solution?

  • A AWS IAM roles
  • B S3 bucket policies
  • C AWS Data Pipeline
  • D VPC peering
Explanation S3 bucket policies can control cross-account access directly, unlike the others.
Q273

What happens when a Security Group rule is modified on an existing EC2 instance?

  • A Existing connections drop immediately
  • B New connections apply the rule
  • C All rules are deleted
  • D You get a notification email
Explanation Modifying a Security Group affects only new connections; existing ones remain unaffected.
Q274

Which AWS service is primarily used for vulnerability scanning?

  • A AWS Inspector
  • B AWS Trusted Advisor
  • C AWS Shield
  • D AWS Config
Explanation AWS Inspector performs automated security assessments, while the others focus on different security aspects.
Q275

A company needs to encrypt S3 bucket data at rest and in transit. Which setup should they utilize?

  • A S3 default encryption and HTTPS
  • B Instance-level encryption and HTTP
  • C IAM policies with no encryption
  • D Redshift encryption only
Explanation Using S3 default encryption with HTTPS ensures both at-rest and in-transit security.
Q276

What happens when you create a security group with no inbound rules?

  • A All inbound traffic is allowed.
  • B All inbound traffic is denied.
  • C Only HTTP is allowed in.
  • D No effect on instances.
Explanation A security group with no inbound rules denies all incoming traffic by default.
Q277

Which AWS service allows you to centrally manage permissions?

  • A AWS Identity and Access Management
  • B AWS Inspector
  • C AWS Lambda
  • D AWS CloudTrail
Explanation AWS IAM is designed for managing permissions; others serve different purposes.
Q278

A company needs to ensure that its S3 bucket does not allow public access. What should they configure?

  • A Bucket Policy with Public Access Deny
  • B Object Versioning Enabled
  • C S3 Lifecycle Rules
  • D Cross-Region Replication
Explanation A bucket policy can be configured to explicitly deny public access, while others do not affect access control directly.
Q279

You are configuring AWS WAF for a web application. What happens when a request exceeds the rate limit specified?

  • A Request is allowed with warning
  • B Request is counted but allowed
  • C Request is blocked
  • D Request is logged only
Explanation Requests exceeding rate limits are blocked by AWS WAF; other options misinterpret WAF behavior.
Q280

Which service provides a centralized view of AWS resource configurations?

  • A AWS Config
  • B Amazon Inspector
  • C AWS Lambda
  • D AWS GuardDuty
Explanation AWS Config tracks resource configurations, while the others serve different security or functional roles.