Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 301–310 of 486

Q301

Which service provides automatic encryption for EBS volumes?

  • A EBS Encryption
  • B IAM Roles
  • C S3 Bucket Policies
  • D CloudTrail Logging
Explanation EBS Encryption automatically encrypts data at rest, while the others serve different purposes.
Q302

A company needs to analyze sensitive data stored in S3. What should they do to ensure compliance with GDPR?

  • A Enable public access on the bucket
  • B Use IAM for access control
  • C Encrypt data in transit only
  • D Remove all duplicate data
Explanation Using IAM allows precise access control, essential for GDPR compliance, unlike the other options which are risky or misleading.
Q303

What happens when you disable an IAM user's access key?

  • A All user permissions are revoked
  • B User cannot make API calls
  • C User retains console access
  • D Access key is reused automatically
Explanation Disabling an access key prevents the user from making programmatic calls, while permissions and console access remain intact.
Q304

Which service provides encryption for data at rest in S3?

  • A S3 Managed Keys (SSE-S3)
  • B AWS Shield
  • C Amazon CloudFront
  • D AWS Global Accelerator
Explanation S3 Managed Keys (SSE-S3) automatically encrypts data at rest, while the other options are unrelated to S3 encryption.
Q305

A company needs to restrict IAM user access based on conditions. What should they use?

  • A IAM Roles
  • B IAM Policies
  • C Resource Tags
  • D Service Control Policies (SCPs)
Explanation IAM Policies define user permissions and can incorporate conditions, unlike roles, tags, or SCPs, which have different purposes.
Q306

What happens when an EC2 instance is terminated?

  • A EBS volumes are deleted
  • B IP addresses are reassigned
  • C Automatic backups are saved
  • D Instance data is retained
Explanation Terminating an EC2 instance by default deletes its associated instance store volumes, unless configured otherwise, while all other options are incorrect regarding instance termination.
Q307

Which AWS service provides automatic security auditing and compliance monitoring?

  • A AWS Config
  • B Amazon Inspector
  • C AWS CloudTrail
  • D AWS Shield
Explanation AWS Config tracks configurations and compliance, while others do not focus solely on auditing.
Q308

A company needs to safeguard sensitive data in transit between its on-premises environment and AWS. Which solution is best?

  • A AWS Direct Connect
  • B AWS VPN
  • C AWS GuardDuty
  • D AWS Shield
Explanation AWS VPN encrypts data during transit, unlike Direct Connect which is not encrypted by default.
Q309

What happens when you disable MFA for an IAM user who previously had it enabled?

  • A User can't access the account anymore
  • B User can access without MFA
  • C User must reset their password
  • D User retains MFA settings temporarily
Explanation Disabling MFA allows access without MFA, following standard policy behavior.
Q310

Which AWS service helps you manage AWS Identity and Access Management policies collaboratively?

  • A AWS Organizations
  • B AWS IAM Access Analyzer
  • C AWS Config
  • D AWS CloudTrail
Explanation AWS IAM Access Analyzer helps analyze and manage policies, while others focus on resource management or tracking activity.