Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 281–290 of 486

Q281

A company needs to comply with GDPR. What AWS feature is essential?

  • A AWS CloudTrail
  • B Amazon S3 Versioning
  • C AWS data encryption
  • D Amazon EC2 Auto Scaling
Explanation AWS data encryption is vital for protecting personal data, whereas the others don't directly address encryption needs.
Q282

You are configuring IAM roles for an application. What happens if the policy has an implicit deny?

  • A Access is granted to all.
  • B Access is denied by default.
  • C Access is conditional.
  • D Access is logged only.
Explanation An implicit deny blocks access unless explicitly allowed, while the options suggest incorrect behaviors.
Q283

Which AWS service provides a way to manage secrets?

  • A AWS Secrets Manager
  • B AWS Systems Manager
  • C AWS Key Management Service
  • D AWS IAM
Explanation AWS Secrets Manager is specifically designed to manage and rotate secrets, while the others serve different purposes.
Q284

A company needs to enable resource policies for Lambda functions to control access. What should they use?

  • A IAM Roles
  • B Resource-based policies
  • C Service Control Policies
  • D Security Groups
Explanation Resource-based policies can directly control access to Lambda functions, while the others do not apply for direct access control.
Q285

You are configuring S3 bucket policies and want to deny access to a specific CIDR block. What should you do?

  • A Use a deny statement for the CIDR
  • B Enable public access settings
  • C Create a lifecycle policy
  • D Set versioning on the bucket
Explanation A deny statement in the policy effectively denies access based on the specified CIDR block, while the other options do not manage direct access controls.
Q286

Which service can automatically scale based on demand?

  • A Elastic Load Balancing
  • B AWS Lambda
  • C Amazon EC2 Auto Scaling
  • D AWS CloudFormation
Explanation Amazon EC2 Auto Scaling adjusts resources automatically; others do not provide this capability.
Q287

A company needs to store sensitive data compliant with GDPR. Which storage option is best?

  • A Amazon S3 Standard
  • B Amazon RDS with encryption
  • C Amazon EFS
  • D Amazon S3 Glacier
Explanation Amazon RDS with encryption supports GDPR compliance, while S3 Glacier is not ideal for sensitive data.
Q288

What happens when an IAM user tries to perform an action they are denied permission for?

  • A The action succeeds silently
  • B The action fails with an error
  • C Temporary permission is granted
  • D The action is logged in CloudTrail
Explanation The action fails with an error, while others do not describe the correct behavior.
Q289

Which service provides continuous compliance for AWS resources?

  • A AWS Config
  • B AWS Shield
  • C AWS IAM
  • D Amazon GuardDuty
Explanation AWS Config tracks resource compliance while others focus on security or management activities.
Q290

A company needs to securely store sensitive data in an encrypted state. Which service is most suitable?

  • A Amazon S3
  • B Amazon RDS
  • C AWS Lambda
  • D Amazon CloudFront
Explanation Amazon RDS can encrypt data at rest and in transit, whereas S3 requires additional steps for encryption.