Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 291–300 of 486

Q291

What happens when an IAM user is assigned too many permissions?

  • A Access is denied automatically
  • B AWS limits permission counts
  • C Security vulnerability increases
  • D Permissions are ignored
Explanation Excessive permissions can lead to potential security vulnerabilities, while the other options are incorrect regarding permission management.
Q292

Which service provides centralized logging for AWS resources?

  • A Amazon CloudWatch
  • B AWS Lambda
  • C Amazon EC2
  • D AWS CodePipeline
Explanation Amazon CloudWatch provides centralized logging and monitoring, while the others serve different functions.
Q293

A company needs to securely share sensitive files with a partner using AWS services. Which service should they use to ensure encryption at rest and in transit?

  • A AWS S3 with KMS
  • B AWS Glacier
  • C AWS EFS without encryption
  • D AWS Direct Connect
Explanation AWS S3 with KMS enables encryption both at rest and in transit, while the others offer less security or no encryption options.
Q294

What happens when a rule in an AWS WAF denies access to traffic?

  • A Traffic is logged only
  • B Traffic is dropped silently
  • C Traffic is challenged for human verification
  • D Traffic is redirected to another server
Explanation When traffic is denied by AWS WAF, it is dropped silently unless configured otherwise; the other options misrepresent the behavior of WAF rules.
Q295

Which AWS service is used for centralized logging?

  • A AWS CloudTrail
  • B AWS Shield
  • C AWS Config
  • D Amazon RDS
Explanation AWS CloudTrail provides logging for API calls, while the other options serve different purposes.
Q296

A company needs to prevent data loss from an S3 bucket; which feature should they enable?

  • A Versioning
  • B Cross-Region Replication
  • C S3 Inventory
  • D S3 Lifecycle Rules
Explanation Versioning allows recovery of previous versions; the others do not prevent data loss directly.
Q297

You are configuring an AWS IAM policy. What happens if you specify both 'Allow' and 'Deny' for the same action?

  • A Allow is prioritized
  • B Deny is prioritized
  • C Both rules cancel each other
  • D No effect if neither is specified
Explanation IAM policy precedence states Deny takes priority over Allow.
Q298

Which AWS service can be used to automate security assessments?

  • A AWS Inspector
  • B AWS Shield
  • C AWS Config
  • D AWS CloudTrail
Explanation AWS Inspector automates security assessments; the others focus on different areas.
Q299

A company needs to ensure that its S3 buckets are not publicly accessible. What should be implemented?

  • A S3 Block Public Access
  • B IAM Policies
  • C AWS Config Rules
  • D S3 Encryption
Explanation S3 Block Public Access controls bucket accessibility; the others relate to permissions or data protection.
Q300

What happens when you enable AWS CloudTrail in multiple regions?

  • A Continuous logging enabled across regions
  • B Increased latency for API actions
  • C Multi-Region buckets are created
  • D Costs are doubled in every region
Explanation Enabling CloudTrail logs activities across multiple regions; the other options do not accurately describe the effect.