Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 21–30 of 486

Q21

What happens when a security group with no inbound rules is applied?

  • A No inbound traffic is allowed.
  • B All traffic is allowed by default.
  • C Outbound traffic is also blocked.
  • D Traffic is filtered based on status.
Explanation A security group without inbound rules permits no incoming traffic; the other options incorrectly imply different behaviors.
Q22

Which AWS service provides a centralized way to manage security policies across multiple accounts?

  • A AWS Organizations
  • B AWS IAM
  • C AWS Shield
  • D AWS Inspector
Explanation AWS Organizations enables the central management of policies, whereas IAM focuses on user permissions.
Q23

A company needs to grant temporary access to an external vendor for a specific S3 bucket. What is the best method?

  • A Create a new user in IAM
  • B Use IAM roles with temporary credentials
  • C Share bucket access key
  • D Provide the S3 bucket URL
Explanation IAM roles with temporary credentials provide secure, limited access without permanently sharing AWS resource keys.
Q24

You are configuring AWS CloudTrail for your account. What happens when you change the S3 bucket where CloudTrail logs are stored?

  • A Existing logs are deleted
  • B New logs are sent to the new bucket
  • C Logs stop entirely
  • D Access is lost to past logs
Explanation Changing the S3 bucket only affects future logs; existing ones remain accessible.
Q25

A company needs to ensure the integrity of data in Amazon S3. Which feature allows them to prevent accidental overwrites of objects?

  • A Object Versioning
  • B Lifecycle Policies
  • C S3 Transfer Acceleration
  • D Cross-Region Replication
Explanation Object versioning protects against accidental overwrites, while the other options manage data lifecycle or improve performance.
Q26

What happens when an IAM policy is attached to a user granting permissions, but a permission deny policy is applied to the user's group?

  • A User permissions get revoked.
  • B User leaves group permissions unchanged.
  • C User gets permissions from both.
  • D User permissions will be denied.
Explanation Deny policies take precedence over allow policies in IAM, resulting in the user being denied permissions regardless of their attached policy.
Q27

You are configuring AWS Shield for your application. Which level of Shield provides the highest level of protection against DDoS attacks?

  • A Shield Standard
  • B Shield Advanced
  • C Shield Basic
  • D Shield Pro
Explanation Shield Advanced offers enhanced detection and protections beyond what Shield Standard provides, while the other options are either basic or non-existent.
Q28

Which AWS service provides a scalable DNS service?

  • A Amazon Route 53
  • B Amazon EC2
  • C AWS Lambda
  • D Amazon S3
Explanation Amazon Route 53 is the correct answer as it manages DNS services, whereas EC2, Lambda, and S3 serve different purposes.
Q29

A company needs serverless real-time data processing. Which service should they choose?

  • A Amazon EC2
  • B AWS Lambda
  • C Amazon RDS
  • D AWS CloudFormation
Explanation AWS Lambda is best for serverless processing; EC2 requires management, RDS is relational, and CloudFormation is for provisioning.
Q30

What happens when you delete an IAM role that is in use?

  • A Immediate permissions denial
  • B Role becomes inactive
  • C Policies attached remain active
  • D Only attached users lose access
Explanation Immediate permissions denial occurs as the role is deleted, affecting all associated resources and users.