Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 331–340 of 486

Q331

Which AWS service enables you to monitor AWS resource configurations for compliance?

  • A AWS Config
  • B AWS CloudTrail
  • C AWS CloudWatch
  • D Amazon Inspector
Explanation AWS Config provides continuous monitoring and compliance checking of AWS resource configurations, while the others focus on logging, performance monitoring, or security assessments.
Q332

A company needs to restrict access to an S3 bucket based on IP addresses. What feature should they use?

  • A S3 Block Public Access
  • B Bucket Policy
  • C IAM Role
  • D S3 Lifecycle Policy
Explanation Bucket Policies allow specifying access conditions, like IP addresses, whereas the others do not provide this level of granularity.
Q333

You are configuring AWS Multi-Factor Authentication (MFA). What happens if you lose your MFA device?

  • A Use another MFA device
  • B No access until reset
  • C Access through AWS Support
  • D Enter a backup code
Explanation Losing access to your MFA device prevents you from signing in until it is removed or you reset it via the management console or API with sufficient privileges.
Q334

Which AWS service provides a centralized view of your AWS accounts’ security compliance?

  • A AWS Config
  • B AWS Security Hub
  • C AWS CloudTrail
  • D AWS IAM
Explanation AWS Security Hub aggregates data from multiple sources to provide compliance and security insights, while the others serve different functions.
Q335

A company needs to securely store and manage encryption keys for their sensitive data. Which AWS service should they use?

  • A AWS KMS
  • B AWS Secrets Manager
  • C AWS S3
  • D AWS System Manager
Explanation AWS KMS is specifically designed for managing encryption keys, while the others serve different purposes.
Q336

What happens when you enable AWS CloudTrail in your account?

  • A Real-time monitoring starts immediately.
  • B Logging starts for services in all regions.
  • C Billing alerts are triggered.
  • D Automatic backup of data is enabled.
Explanation CloudTrail logs API calls across all regions, while the other options are inaccurate descriptions of its functionality.
Q337

Which AWS service allows you to manage API access with fine-grained permissions?

  • A AWS IAM
  • B AWS Lambda
  • C Amazon S3
  • D AWS CloudFormation
Explanation AWS IAM provides fine-grained access control, while the others don't serve this purpose.
Q338

A company needs to ensure that data in Amazon S3 is automatically encrypted in transit. What should they enable?

  • A Bucket Policy
  • B S3 Object Lock
  • C SSL/TLS Configuration
  • D Lifecycle Policy
Explanation SSL/TLS ensures encryption in transit; the other options are unrelated to this.
Q339

You are configuring a VPC Security Group. What happens when you add a rule to allow all outbound traffic?

  • A Blocks all incoming traffic
  • B Allows all outbound traffic
  • C Limits traffic to VPN only
  • D Prevents traffic from private IP ranges
Explanation Allowing all outbound traffic permits every outbound connection regardless of other rules.
Q340

Which service helps you manage AWS access centrally?

  • A AWS IAM
  • B AWS S3
  • C AWS RDS
  • D AWS EC2
Explanation AWS IAM allows centralized access management, while others serve different functions.