Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 421–430 of 486

Q421

Which AWS service provides DDoS protection?

  • A AWS Shield
  • B AWS WAF
  • C Amazon CloudFront
  • D AWS Firewall Manager
Explanation AWS Shield specifically provides DDoS protection, while the others serve different security functions.
Q422

You are configuring IAM policies. What is a key principle to enforce?

  • A Admin permissions for all users
  • B Least privilege access
  • C Full access to trusted services
  • D Using wildcard '*' for resources
Explanation Least privilege access minimizes the risk of unauthorized actions, while the others would increase security risk.
Q423

What happens when you create an Amazon S3 bucket with public access enabled?

  • A All objects are public automatically
  • B Bucket policies are ignored
  • C Public access is restricted overall
  • D Only specific objects can be public
Explanation Enabling public access allows all objects to be accessed publicly unless restricted by individual object permissions.
Q424

Which service provides protection against DDoS attacks?

  • A AWS Shield
  • B AWS WAF
  • C Amazon CloudFront
  • D Amazon Route 53
Explanation AWS Shield specifically provides DDoS protection, unlike the others.
Q425

A company needs to control user access to specific S3 buckets. Which approach should they take?

  • A Bucket Policies
  • B CloudFormation
  • C IAM Groups
  • D EC2 Roles
Explanation Bucket Policies directly manage access to S3 buckets.
Q426

What happens when an IAM user exceeds their permission boundaries?

  • A Access is blocked
  • B Permissions are expanded
  • C User is locked
  • D New roles are created
Explanation Exceeding permission boundaries blocks access to specific actions.
Q427

Which service helps manage and monitor AWS configurations?

  • A AWS Config
  • B AWS CloudTrail
  • C AWS Shield
  • D AWS Lambda
Explanation AWS Config assesses and monitors configuration changes, while others serve different purposes.
Q428

A company needs to automate the deployment of infrastructure securely. Which AWS service should they use?

  • A AWS CloudFormation
  • B Amazon EC2
  • C AWS CodeDeploy
  • D AWS Secrets Manager
Explanation AWS CloudFormation automates infrastructure as code deployments; the others do not serve the same purpose.
Q429

You are configuring a VPC security group. What happens when you allow inbound traffic on port 80?

  • A HTTP traffic is allowed
  • B HTTPS traffic is allowed
  • C All outbound traffic is blocked
  • D SSH access is enabled
Explanation Allowing inbound traffic on port 80 permits HTTP traffic specifically, while others misinterpret the actions on ports.
Q430

Which AWS service provides a secure connection to external identities for authentication?

  • A AWS IAM
  • B Amazon Cognito
  • C AWS Shield
  • D AWS CloudTrail
Explanation Amazon Cognito integrates with external identities for user authentication, while the others serve different functions.