Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 311–320 of 486

Q311

A company needs to ensure data encryption in S3. Which service should they use?

  • A AWS KMS
  • B AWS Lambda
  • C Amazon Inspector
  • D AWS Direct Connect
Explanation AWS KMS provides encryption services for data, while the others do not focus on data encryption.
Q312

What happens when you enable AWS Shield Advanced for your application?

  • A Increased latency
  • B Protection against DDoS attacks
  • C Automatic scaling of resources
  • D Free usage of CloudFront
Explanation AWS Shield Advanced specifically offers protection against DDoS attacks, while the other options are unrelated or incorrect.
Q313

Which service automatically adjusts IAM policies for least privilege?

  • A IAM Access Analyzer
  • B AWS Config
  • C AWS CloudTrail
  • D Amazon GuardDuty
Explanation IAM Access Analyzer helps you analyze policies for least privilege, while the others serve different purposes.
Q314

A company needs to secure a multi-account AWS environment; which service prevents unauthorized cross-account access?

  • A AWS Organizations
  • B Amazon VPC
  • C AWS Single Sign-On
  • D Amazon EC2
Explanation AWS Organizations supports service control policies to restrict cross-account access, unlike the others.
Q315

What happens when you configure AWS KMS key policies incorrectly?

  • A Access is granted to all users
  • B Key cannot be used at all
  • C Key policies are ignored
  • D Access denied to intended users
Explanation Incorrect policies will deny access to intended users, while the others describe incorrect behaviors.
Q316

Which AWS service offers managed DDoS protection?

  • A AWS Shield
  • B AWS Firewall Manager
  • C AWS WAF
  • D Amazon GuardDuty
Explanation AWS Shield provides DDoS protection; others focus on different security aspects.
Q317

A company needs temporary access for contractors to an S3 bucket. Which IAM feature should they use?

  • A IAM Roles
  • B IAM Groups
  • C IAM Policies
  • D Service Control Policies
Explanation IAM Roles allow temporary access; groups manage user roles but don't provide temp access.
Q318

What happens when you enable MFA Delete on an S3 bucket?

  • A Delete actions require MFA
  • B MFA is optional for deletes
  • C Bucket cannot accept uploads
  • D Access log is disabled
Explanation MFA Delete requires multi-factor authentication for deletions; incorrect options misrepresent functionality.
Q319

Which service provides real-time security monitoring?

  • A AWS CloudTrail
  • B Amazon GuardDuty
  • C AWS Config
  • D AWS Shield
Explanation Amazon GuardDuty offers real-time threat detection, while the others serve different security purposes.
Q320

A company needs to ensure instant incident response capabilities. Which AWS service should they utilize?

  • A AWS Lambda
  • B AWS Systems Manager
  • C AWS Step Functions
  • D AWS Security Hub
Explanation AWS Systems Manager enables operational control, including incident response, unlike the other options which have different roles.