Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 391–400 of 486

Q391

Which AWS service automatically protects your web applications from DDoS attacks?

  • A AWS Shield
  • B AWS CloudTrail
  • C AWS WAF
  • D AWS Config
Explanation AWS Shield provides automatic DDoS protection, while the others serve different security purposes.
Q392

A company needs to ensure that sensitive data is encrypted at rest in S3. Which feature meets this requirement?

  • A Bucket Versioning
  • B S3 Encryption
  • C S3 Lifecycle Policies
  • D S3 Access Control Lists
Explanation S3 Encryption ensures data at rest is secured, while the others do not provide encryption functionalities.
Q393

You are configuring IAM roles to access an S3 bucket. What happens if the IAM role does not have the necessary permissions?

  • A Access will be granted anyway
  • B Access will be denied
  • C Access will get logged only
  • D Access may be granted temporarily
Explanation IAM roles require specific permissions to access resources, otherwise access is denied.
Q394

Which AWS service provides VPC traffic analysis for security monitoring?

  • A AWS CloudTrail
  • B Amazon GuardDuty
  • C AWS IAM
  • D AWS Shield
Explanation Amazon GuardDuty analyzes VPC traffic for potential threats, while CloudTrail logs API calls, IAM deals with identity management, and Shield provides DDoS protection.
Q395

A company needs secure automated data transfer between on-premises and AWS cloud. Which service should they use?

  • A AWS Direct Connect
  • B AWS S3 Transfer Acceleration
  • C Amazon QuickSight
  • D AWS CodeDeploy
Explanation AWS Direct Connect provides a dedicated, secure connection for data transfer; S3 Transfer Acceleration speeds up uploads over the Internet, QuickSight visualizes data, and CodeDeploy automates application deployments.
Q396

What happens when you enable Multi-Factor Authentication (MFA) on an IAM user?

  • A It restricts all API access.
  • B User must provide a second factor.
  • C User's permissions are upgraded.
  • D It disables access key credentials.
Explanation Enabling MFA requires the user to present a second authentication factor for access, but it does not restrict, upgrade permissions, or disable keys by default.
Q397

Which AWS service provides a unified view of security alerts?

  • A AWS Security Hub
  • B AWS CloudTrail
  • C AWS Shield
  • D AWS WAF
Explanation AWS Security Hub aggregates security alerts, while others serve different purposes.
Q398

A company needs to enforce multi-factor authentication for critical IAM users. What should be configured?

  • A IAM Policies
  • B IAM Roles
  • C MFA Devices
  • D Security Groups
Explanation MFA devices ensure an additional security layer, unlike the other options.
Q399

What happens when a security group is mistakenly configured with no rules?

  • A All inbound traffic is allowed
  • B All outbound traffic is denied
  • C No inbound or outbound traffic is allowed
  • D Only HTTPS traffic is allowed
Explanation Security groups deny all traffic if no rules are allowed, unlike other configurations.
Q400

Which service allows you to manage AWS access keys more securely?

  • A AWS Key Management Service
  • B AWS Secrets Manager
  • C AWS Identity Federation
  • D AWS CloudTrail
Explanation AWS Secrets Manager securely stores and rotates access keys, while the others serve different security purposes.