Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 371–380 of 486

Q371

A company needs to enforce Multi-Factor Authentication (MFA) for all IAM users. What is the quickest way to achieve this?

  • A Create a permission policy.
  • B Modify each user's console login.
  • C Use an IAM policy with condition keys.
  • D Implement AWS Organizations policies.
Explanation IAM policies with condition keys can enforce MFA across users effectively, while others lack efficiency.
Q372

You are configuring AWS Shield for DDoS protection, what happens if you enable only AWS Shield Standard?

  • A Protection against all DDoS attacks.
  • B Basic protection for AWS resources.
  • C Advanced threat intelligence report.
  • D Custom mitigation strategies available.
Explanation AWS Shield Standard provides basic protections, while others are features of Shield Advanced.
Q373

Which service provides network IDS/IPS for AWS environments?

  • A AWS WAF
  • B AWS Shield
  • C Amazon GuardDuty
  • D AWS Config
Explanation Amazon GuardDuty offers threat detection and continuous monitoring for malicious activity, while others focus on specific types of security.
Q374

A company needs to encrypt data at rest in S3. What should they use?

  • A S3 Object Lock
  • B Amazon Macie
  • C S3 Bucket Policies
  • D S3 Server-Side Encryption
Explanation S3 Server-Side Encryption automatically encrypts data at rest, while the other options do not specifically handle encryption.
Q375

What happens when an IAM policy explicitly denies an action?

  • A Action is always allowed
  • B Action is denied regardless of permissions
  • C Actions can be overridden by permissions
  • D Action is conditionally allowed
Explanation An explicit deny takes precedence over any allow permissions in IAM policies.
Q376

Which AWS service provides secrets management?

  • A AWS Secrets Manager
  • B AWS IAM
  • C Amazon RDS
  • D AWS Config
Explanation AWS Secrets Manager is specifically designed for secrets management, whereas the others serve different purposes.
Q377

A company needs to monitor all AWS resources for security compliance. Which service should it use?

  • A AWS CloudTrail
  • B AWS Config
  • C Amazon GuardDuty
  • D AWS CloudWatch
Explanation AWS Config continuously monitors resources for compliance, unlike CloudTrail which tracks API calls.
Q378

What happens when you attach an AWS IAM policy to a user?

  • A User gains immediate full access
  • B User inherits permissions only
  • C Policy denies all permissions
  • D User obtains policy-provided permissions
Explanation Attaching a policy provides the user with the permissions specified, not an inheritance or denial.
Q379

Which service provides a scalable object storage solution?

  • A Amazon S3
  • B Amazon RDS
  • C AWS Lambda
  • D Amazon EC2
Explanation Amazon S3 is designed for scalable object storage; the others serve different purposes.
Q380

A company needs to share data securely across AWS accounts. What should they use?

  • A AWS IAM Roles
  • B Amazon VPC Peering
  • C AWS Organizations
  • D AWS Shared Responsibility Model
Explanation AWS Organizations allows secure cross-account data sharing; the others do not specifically address this need.