Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 51–60 of 486

Q51

What happens when you enable S3 bucket versioning?

  • A Previous versions are deleted
  • B Storage costs increase
  • C Bucket becomes public
  • D Objects cannot be deleted
Explanation Storage costs increase as multiple versions are stored, while the other options are incorrect regarding versioning mechanism.
Q52

Which AWS service helps in continuous security assessment?

  • A AWS Inspector
  • B AWS Shield
  • C AWS Config
  • D AWS WAF
Explanation AWS Inspector automatically assesses applications for security vulnerabilities, while the others handle different aspects of security.
Q53

A company needs to control access to their S3 buckets while ensuring fine-grained permissions. What should they use?

  • A IAM Policies
  • B Bucket Policies
  • C Network ACLs
  • D Security Groups
Explanation Bucket Policies directly enforce permissions on S3 resources, while IAM Policies provide broader user-based permissions.
Q54

What happens when an AWS Security Group is deleted?

  • A All associated instances are terminated
  • B The instances lose their firewall rules
  • C The rules are applied to new groups
  • D Resources are put into quarantine
Explanation When a Security Group is deleted, associated instances lose their firewall rules, affecting inbound/outbound traffic.
Q55

Which AWS service helps you assess security vulnerabilities in your cloud environment?

  • A AWS Inspector
  • B AWS CloudTrail
  • C AWS Config
  • D AWS Shield
Explanation AWS Inspector performs security assessments, while others focus on logging or compliance monitoring.
Q56

A company uses Amazon S3 for data storage and wants to restrict access to certain IAM roles. What is the best approach?

  • A Bucket Policies
  • B EC2 Security Groups
  • C IAM User Groups
  • D Route 53 Permissions
Explanation Bucket Policies directly control S3 access based on IAM roles, while others aren't applicable in this context.
Q57

What happens when an IAM user is assigned permissions using both a policy and an explicit deny rule?

  • A Access is granted
  • B Access is denied
  • C Access is evaluated ignored
  • D Policies override denies
Explanation Explicit deny rules always take precedence over allow permissions in IAM policies.
Q58

Which AWS service encrypts data at rest, using customer-managed keys?

  • A AWS Key Management Service (KMS)
  • B AWS Shield
  • C Amazon CloudWatch
  • D AWS CloudTrail
Explanation AWS KMS manages encryption keys for data at rest, while the others serve different functions.
Q59

A company needs to ensure that all IAM user actions are logged. What should they enable?

  • A CloudTrail logging
  • B VPC Flow Logs
  • C AWS Config
  • D S3 Access Logs
Explanation AWS CloudTrail logs API calls made by IAM users; the others track different resources or events.
Q60

What happens when an instance in a public subnet's security group allows port 22 but its network ACL denies inbound traffic on that port?

  • A Access is denied completely
  • B Access is allowed on port 22
  • C Traffic is logged by AWS
  • D Security groups override NACLs
Explanation Network ACLs take precedence over security groups, thus denying access completely.