Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 381–390 of 486

Q381

You are configuring a security group. What happens if you add an inbound rule allowing all traffic?

  • A Blocks all outbound traffic
  • B Allows all inbound traffic only
  • C Restricts access to specific IPs
  • D Opens all inbound ports to the instance
Explanation Adding an inbound rule for all traffic opens all inbound ports; the others pertain to different security configurations.
Q382

Which AWS service provides real-time threat detection?

  • A AWS GuardDuty
  • B AWS CloudTrail
  • C AWS Config
  • D AWS Inspector
Explanation AWS GuardDuty offers real-time threat detection; the others provide different monitoring and compliance features.
Q383

A company needs to enforce IAM policies for specific actions. Which approach is best?

  • A AWS Organizations
  • B Service Control Policies
  • C IAM Roles
  • D IAM Multi-Factor Authentication
Explanation Service Control Policies allow organizations to enforce policies across accounts; the others don't enforce cross-account policies.
Q384

What happens when a user tries to access a resource not defined in their IAM permission?

  • A Access is granted
  • B Access is denied
  • C Access is logged
  • D Access is temporarily granted
Explanation Access is denied if not explicitly permitted in IAM policies; the other options are incorrect interpretations of IAM behavior.
Q385

Which AWS service enables you to enforce data protection policies across your organization?

  • A AWS Config
  • B AWS CloudTrail
  • C AWS Shield
  • D Amazon S3
Explanation AWS Config allows you to evaluate compliance with policies, while the others focus on monitoring or protecting against DDoS attacks.
Q386

You are configuring an S3 bucket for public access. Which setting should you apply to ensure objects within the bucket cannot be publicly readable?

  • A Block all public access settings
  • B Set bucket policy to allow public access
  • C Use IAM roles for S3 access
  • D Enable static website hosting
Explanation Block all public access settings completely restricts public access; others either allow or do not manage access.
Q387

What happens when you delete a user from IAM?

  • A All resources owned by user deleted
  • B User permissions revoke immediately
  • C User data stored in temporary buckets
  • D Access keys remain active for 30 days
Explanation User permissions are revoked upon deletion; however, resources and access keys are immediately inactive.
Q388

Which service provides DDoS protection for applications?

  • A AWS Shield
  • B AWS WAF
  • C AWS GuardDuty
  • D AWS Inspector
Explanation AWS Shield specifically provides DDoS protection, whereas the others focus on different security aspects.
Q389

A company needs to automatically rotate AWS IAM user credentials securely. Which service should be implemented?

  • A AWS Secrets Manager
  • B AWS CloudTrail
  • C AWS Config
  • D AWS Systems Manager
Explanation AWS Secrets Manager is designed for automating credential rotation, unlike the other options which serve different functions.
Q390

You are configuring an S3 bucket for public access. What happens if Bucket Policy allows public access?

  • A Bucket is always accessible to everyone
  • B Public access is denied by default
  • C Bucket can still be private
  • D Bucket should have an ACL set
Explanation If the Bucket Policy allows public access, it overrides the default deny behavior, making it accessible to everyone.