Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 451–460 of 486

Q451

A company needs to securely share S3 bucket data with multiple partners. Which feature should they use?

  • A IAM Roles
  • B Bucket Policies
  • C AWSPolicy Simulator
  • D Access Control Lists
Explanation Bucket Policies allow for fine-grained permissions across AWS accounts; IAM Roles can't be used directly for bucket-level access control.
Q452

What happens when you enable MFA (Multi-Factor Authentication) on an IAM user?

  • A Roles are disabled
  • B Increased data throughput
  • C Additional security layer added
  • D Limited access hours defined
Explanation MFA adds a necessary second factor for authentication, increasing security; other options do not relate to MFA impact.
Q453

You are configuring a VPC with several subnets. What is a key reason for placing resources in private subnets?

  • A Automatic scaling
  • B Enhanced security of resources
  • C Direct internet access
  • D Simplified management
Explanation Private subnets enhance security by restricting direct internet access; other options do not provide security benefits.
Q454

Which service provides a managed encryption key service?

  • A AWS Key Management Service
  • B AWS Certificate Manager
  • C AWS CloudHSM
  • D AWS Secrets Manager
Explanation AWS Key Management Service allows for managed encryption key creation and management, while the others serve different purposes.
Q455

A company needs to restrict access to its S3 bucket for an application running only within a specific VPC. What should you implement?

  • A Bucket policy with VPC conditions
  • B Public access block
  • C S3 Transfer Acceleration
  • D IP address whitelisting
Explanation A bucket policy with VPC conditions can restrict access based on VPC, unlike the other options which don't provide this specific functionality.
Q456

What happens when an S3 bucket policy allows anonymous write access?

  • A Everyone can upload files to it
  • B Access is denied to all users
  • C Only IAM users can upload files
  • D Upload size is limited
Explanation Anonymous write access means anyone can upload files, which poses significant security risks compared to the other options.
Q457

Which AWS service helps in securely storing secrets?

  • A AWS Secrets Manager
  • B AWS CloudTrail
  • C AWS Config
  • D AWS CloudWatch
Explanation AWS Secrets Manager is designed specifically for storing secrets, while others serve different purposes.
Q458

A company needs to restrict network access to its EC2 instances and uses Security Groups. What happens if a new Security Group rule is added to allow inbound traffic on port 80?

  • A Existing rules are removed automatically
  • B All inbound traffic is denied
  • C Traffic on port 80 is allowed
  • D Instances are automatically exposed on the internet
Explanation Adding a rule for port 80 allows HTTP traffic while keeping other rules intact.
Q459

You are configuring IAM roles for an application using AWS Lambda. What is an important principle to follow when assigning permissions?

  • A Assign full administrative access to Lambda
  • B Use the least privilege principle
  • C Allow public access for more flexibility
  • D Grant permissions based on user requests
Explanation Using the least privilege principle minimizes security risks by granting only necessary permissions.
Q460

Which AWS service helps manage and automate security audits?

  • A AWS Security Hub
  • B AWS Inspector
  • C AWS CloudTrail
  • D AWS Config
Explanation AWS Security Hub aggregates security findings; others focus on specific aspects of security.