Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 361–370 of 486

Q361

Which AWS service allows for central management of security policies?

  • A AWS Organizations
  • B AWS Lambda
  • C AWS CodeDeploy
  • D AWS X-Ray
Explanation AWS Organizations enables centralized policy management, while the others do not focus on security policy enforcement.
Q362

A company needs to ensure that data is encrypted at rest and in transit. Which AWS service combination should they utilize?

  • A EBS with AWS Shield
  • B S3 with AWS Config
  • C RDS with KMS
  • D CloudFront with CloudTrail
Explanation RDS integrates with KMS for encryption at rest and supports SSL for encryption in transit, unlike the other options.
Q363

What happens when a user exceeds their IAM policy permissions?

  • A They gain elevated privileges
  • B Their actions get logged
  • C All actions are denied
  • D They receive a warning
Explanation IAM policies strictly enforce permissions; exceeding them results in action denial, rather than warnings or elevated privileges.
Q364

Which AWS service automates security assessments?

  • A Amazon Inspector
  • B AWS CloudTrail
  • C Amazon GuardDuty
  • D AWS Config
Explanation Amazon Inspector specializes in automated security assessments; the others track activity or compliance.
Q365

A company needs to ensure that sensitive data in S3 is encrypted automatically. What should they enable?

  • A S3 Versioning
  • B S3 Transfer Acceleration
  • C S3 Default Encryption
  • D S3 Lifecycle Policies
Explanation S3 Default Encryption automatically encrypts uploaded objects during storage; the others do not ensure encryption.
Q366

You are configuring an IAM role to grant limited permissions. What is the principle of least privilege?

  • A Grant every possible permission
  • B Minimum permissions needed only
  • C Permissions based on user role
  • D Assign full access to admin users
Explanation The principle of least privilege advocates granting only necessary permissions; the other options provide excessive access.
Q367

Which service provides protection against DDoS attacks?

  • A AWS Shield
  • B AWS WAF
  • C Amazon Inspector
  • D AWS Config
Explanation AWS Shield is specifically designed for DDoS protection, while the others serve different security functions.
Q368

A company needs multi-factor authentication for high-security IAM roles. What should it implement?

  • A IAM Access Analyzer
  • B AWS Identity Center
  • C AWS Multi-Factor Authentication
  • D CloudTrail
Explanation AWS Multi-Factor Authentication directly provides the required multi-factor capability for IAM roles.
Q369

What happens when an S3 bucket policy denies access to all users?

  • A Access is granted to all
  • B Access is denied to everyone
  • C Access is granted to bucket owner
  • D It causes a service disruption
Explanation A deny in an S3 bucket policy takes precedence and denies access to everyone.
Q370

Which AWS service provides a managed solution for security incident management?

  • A AWS Security Hub
  • B AWS Inspector
  • C AWS GuardDuty
  • D AWS Shield
Explanation AWS Security Hub aggregates alerts from services, while others focus on specific security checks or protections.