Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 461–470 of 486

Q461

A company needs to encrypt data in transit for its S3 bucket. What is the best practice?

  • A Use server-side encryption
  • B Use client-side encryption
  • C Use HTTPS for access
  • D Configure a VPN
Explanation HTTPS encrypts data in transit; others address storage encryption.
Q462

You are configuring IAM roles for an EC2 instance. What happens if the instance loses its IAM role?

  • A It cannot connect to the internet
  • B It loses access to AWS services
  • C It terminates automatically
  • D It sends alerts to admins
Explanation Losing the IAM role revokes permissions; others are not accurate implications.
Q463

Which AWS service enables DDoS mitigation for web applications?

  • A AWS Shield
  • B Amazon GuardDuty
  • C AWS Inspector
  • D AWS WAF
Explanation AWS Shield is specifically designed for DDoS protection, while the others serve different security purposes.
Q464

A company's compliance requirements mandate logging every API request. Which service should they enable?

  • A AWS CloudTrail
  • B Amazon CloudWatch
  • C AWS Config
  • D AWS Secrets Manager
Explanation AWS CloudTrail records API calls for compliance, unlike the other services which focus on different aspects of monitoring or configuration.
Q465

You are configuring a security group for an EC2 instance. What is the effect of allowing incoming traffic on TCP port 22?

  • A SSH access is permitted
  • B FTP access is granted
  • C SCP access is allowed
  • D RDP can be used
Explanation Allowing TCP port 22 enables SSH access; the other options are incorrect protocols or ports.
Q466

Which AWS service provides a globally distributed content delivery network?

  • A AWS CloudFormation
  • B Amazon CloudFront
  • C AWS Glue
  • D Amazon S3
Explanation Amazon CloudFront is specifically designed for content delivery, unlike the other services listed.
Q467

A company needs to implement fine-grained access control for their AWS resources. Which service should they use?

  • A AWS IAM
  • B AWS KMS
  • C AWS Shield
  • D AWS Config
Explanation AWS IAM allows for detailed policy creation for resource access, which the other services do not focus on.
Q468

What happens when an IAM role is assumed by an AWS service?

  • A The role is permanently deleted
  • B Security policies are bypassed
  • C Temporary credentials are provided
  • D Resources are encrypted automatically
Explanation When an IAM role is assumed, temporary credentials are issued to the service, while the other options reflect incorrect interpretations of IAM functionalities.
Q469

Which AWS service enables compliance auditing for user activities?

  • A AWS CloudTrail
  • B Amazon GuardDuty
  • C AWS Config
  • D Amazon Inspector
Explanation AWS CloudTrail records user activity for auditing, while the others serve different security functions.
Q470

A company needs to secure data in transit between their on-premises network and AWS. What should they implement?

  • A AWS Direct Connect
  • B VPN Gateway
  • C AWS Storage Gateway
  • D AWS Shield
Explanation A VPN Gateway encrypts data in transit, while Direct Connect focuses on bandwidth without encryption.