Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 351–360 of 486

Q351

What happens when an AWS VPC's security group allows all inbound traffic on port 22?

  • A SSH access is blocked
  • B SSH access is allowed
  • C All access is denied
  • D Outbound traffic is blocked
Explanation Allowing inbound traffic on port 22 enables SSH access, contrary to the other options which suggest restrictions.
Q352

Which AWS service is used for Security Incident Management?

  • A AWS Security Hub
  • B AWS CloudFormation
  • C AWS CodeDeploy
  • D AWS X-Ray
Explanation AWS Security Hub provides a comprehensive view for security incidents, while the others serve different functions.
Q353

A company needs to ensure its sensitive data in S3 is encrypted at rest. What should they use?

  • A AWS KMS for server-side encryption
  • B Only IAM roles
  • C S3 bucket policies
  • D SSO for data access
Explanation AWS KMS provides the necessary key management for encrypting S3 data, while the other options do not address encryption directly.
Q354

What happens when an IAM user tries to access a service without explicit permission?

  • A Access is denied
  • B Access is granted
  • C Access is granted via wildcard
  • D System will prompt for permission
Explanation IAM operates on the principle of least privilege; if permission isn't explicitly granted, access is denied.
Q355

Which service helps secure API access in AWS?

  • A API Gateway
  • B IAM Policies
  • C CloudFront
  • D VPC Peering
Explanation API Gateway provides built-in authorization features, while the others do not specifically target API access.
Q356

A company needs to handle unauthorized access alerts for its S3 bucket. Which AWS service should they integrate?

  • A AWS Config
  • B CloudTrail
  • C CloudWatch
  • D Trusted Advisor
Explanation CloudTrail logs API calls, ensuring access-related actions are tracked; the others do not specifically log access events.
Q357

What happens when you enable AWS Shield Advanced for your CloudFront distribution?

  • A DDoS attacks are prevented.
  • B Increased latency occurs.
  • C Cost increases significantly.
  • D No effect on traffic.
Explanation AWS Shield Advanced provides enhanced DDoS protection; the other options misrepresent its function or impact.
Q358

Which service can automatically detect vulnerabilities in Amazon EC2 instances?

  • A Amazon Inspector
  • B AWS Shield
  • C AWS Config
  • D Amazon GuardDuty
Explanation Amazon Inspector scans for vulnerabilities, while others focus on different security aspects.
Q359

A company needs to ensure that only authorized users can access AWS resources. Which AWS feature should they implement?

  • A AWS Key Management Service
  • B AWS Identity and Access Management
  • C Amazon CloudFront
  • D AWS WAF
Explanation AWS IAM manages user permissions effectively; others do not primarily focus on user access.
Q360

What happens when an AWS Lambda function times out during execution?

  • A The function automatically retries.
  • B It returns a timeout error.
  • C It logs the output before exiting.
  • D All resources are terminated immediately.
Explanation A timeout results in an error, while others misrepresent Lambda's behavior.