Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 481–486 of 486

Q481

Which AWS service can automatically refresh SSL certificates?

  • A AWS Certificate Manager
  • B Amazon CloudFront
  • C AWS Key Management Service
  • D Amazon Route 53
Explanation AWS Certificate Manager automates SSL certificate management, whereas others do not focus on certificate refresh.
Q482

A company needs to prevent data loss in S3 due to accidental deletions. What should they enable?

  • A S3 Transfer Acceleration
  • B S3 Versioning
  • C S3 Object Lifecycle Policies
  • D S3 Cross-Region Replication
Explanation S3 Versioning retains all versions of an object, preventing loss, whereas the others do not provide maximum protection against deletions.
Q483

You are configuring IAM policies. What happens when a user’s permissions are defined by conflicting policies?

  • A The most permissive policy wins
  • B Access is denied due to conflict
  • C Access is granted by default
  • D A new merged policy is created
Explanation When there are conflicting permissions, access is denied until clarified, as IAM policies default to deny in conflicts.
Q484

Which service simplifies managing encryption keys for AWS resources?

  • A AWS Key Management Service
  • B Amazon RDS
  • C AWS CloudTrail
  • D Amazon SNS
Explanation AWS Key Management Service (KMS) is designed for managing encryption keys, while the others serve different purposes.
Q485

A company needs to ensure that EC2 instances cannot be accessed via the internet. What configuration should they implement?

  • A Use Public IPs for EC2
  • B Create a VPC with no Internet Gateway
  • C Configure EC2 Security Group rules
  • D Attach an Elastic IP to instances
Explanation Creating a VPC without an Internet Gateway ensures no internet access, whereas the other options would allow some form of external access.
Q486

What happens when you revoke permissions from an IAM user but they have active sessions from a previously granted policy?

  • A Immediate access revocation
  • B Access remains until session duration ends
  • C Permissions are deleted in seconds
  • D User cannot log in anymore
Explanation Revocation does not affect active sessions until their duration expires; the user retains access until then, unlike immediate revocation depicted in other options.