Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 471–480 of 486

Q471

What happens when an IAM user tries to access a resource without the required permissions?

  • A Access is granted by default.
  • B Access is denied.
  • C User is logged out.
  • D Access is granted with warnings.
Explanation AWS IAM implements deny by default, ensuring access is denied if permissions are not explicitly granted.
Q472

Which service provides centralized logging of AWS API calls?

  • A AWS CloudTrail
  • B Amazon CloudWatch
  • C AWS Config
  • D AWS IAM
Explanation CloudTrail logs API calls, while CloudWatch monitors metrics, Config tracks resource changes, and IAM manages permissions.
Q473

A company needs to ensure that a critical web application can recover quickly in case of a disaster. What AWS feature should they leverage?

  • A AWS Snowball
  • B AWS Elastic Beanstalk
  • C AWS Backup
  • D Amazon Route 53
Explanation AWS Backup automates backups for quick recovery; Snowball is for data transfer, Elastic Beanstalk deploys apps, and Route 53 manages DNS.
Q474

You are configuring security for an S3 bucket. What happens when you set the bucket policy to 'Allow' all actions to 'Everyone'?

  • A Only authenticated users can access.
  • B Bucket is publicly accessible.
  • C No changes can be made.
  • D Only admins can upload.
Explanation The policy makes the bucket publicly accessible, while A restricts access, C prevents all changes, and D limits uploads.
Q475

Which service allows you to automate compliance checks in AWS resources?

  • A AWS Config
  • B AWS Shield
  • C AWS WAF
  • D Amazon Inspector
Explanation AWS Config monitors and evaluates AWS resource configurations against compliance rules, while the others focus on security protection and assessments.
Q476

A company needs to securely share files between its S3 buckets across different AWS accounts. What solution should they implement?

  • A Bucket Policy
  • B IAM Role
  • C Resource Access Manager
  • D Access Control List
Explanation Bucket Policies are used to define permissions for accessing buckets across accounts, while IAM roles and ACLs do not serve this purpose effectively.
Q477

What happens when an AWS KMS key is deleted but still associated with an active resource?

  • A The resource will become unusable
  • B The key can be recovered after deletion
  • C The key is permanently lost
  • D The resource automatically uses a different key
Explanation Deleting a KMS key renders encrypted resources unusable, while the other options incorrectly suggest recovery or seamless switching.
Q478

Which service provides fine-grained access control for application resources?

  • A AWS Identity and Access Management (IAM)
  • B Amazon S3
  • C AWS Key Management Service (KMS)
  • D Amazon CloudFront
Explanation IAM allows users to create policies for fine-grained control, while others manage resources.
Q479

A company needs to manage an encryption key lifecycle. Which AWS service should they use?

  • A AWS CloudTrail
  • B AWS Key Management Service (KMS)
  • C Amazon RDS
  • D AWS Secrets Manager
Explanation AWS KMS is specifically designed for key management, unlike the others.
Q480

What happens when a user exceeds their EC2 service limits?

  • A Their instances are terminated immediately.
  • B No new instances will launch.
  • C All running instances are stopped.
  • D Service is automatically upgraded.
Explanation New instances cannot be launched if limits are exceeded; existing ones remain unaffected.