Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 71–80 of 486

Q71

You are configuring IAM policies for a new application. What is the most secure practice regarding permissions?

  • A Grant full access to all resources
  • B Use least privilege principle
  • C Assign admin permissions for all users
  • D Use wildcard for all resources
Explanation Using least privilege limits access and reduces risk, whereas other options grant excessive permissions and increase security vulnerabilities.
Q72

A company needs to enforce HTTPS on their S3 website. What must they configure?

  • A S3 bucket policy
  • B CNAME record
  • C CloudFront distribution
  • D S3 lifecycle policy
Explanation Configuring CloudFront allows for HTTPS by using an SSL certificate, while S3 policies and lifecycle policies do not enforce HTTPS.
Q73

Which AWS service can automatically scale your applications based on traffic patterns?

  • A Amazon EC2 Auto Scaling
  • B AWS Direct Connect
  • C AWS Lambda
  • D Amazon S3
Explanation Amazon EC2 Auto Scaling adjusts capacity automatically; the others provide different functionalities.
Q74

A company needs to manage access to resources based on user attributes. Which IAM feature should they implement?

  • A AWS Organizations
  • B IAM Policies
  • C Attribute-Based Access Control
  • D Service Control Policies
Explanation Attribute-Based Access Control allows access management based on user attributes; the others are not based on attributes.
Q75

What happens when you delete a versioned object in S3?

  • A It is permanently deleted.
  • B It becomes a delete marker.
  • C It is archived to Glacier.
  • D Non-existent operations occur.
Explanation A delete marker is created which indicates the object is deleted without removing all versions; hence the other options are incorrect.
Q76

Which AWS service provides Threat Detection and Response?

  • A Amazon GuardDuty
  • B AWS Config
  • C AWS Shield
  • D Amazon Inspector
Explanation Amazon GuardDuty is designed for threat detection; the others focus on compliance or vulnerability response.
Q77

A company needs to securely share documents within a VPC. Which service should they use?

  • A AWS S3
  • B AWS PrivateLink
  • C AWS WorkDocs
  • D AWS Transfer for SFTP
Explanation AWS WorkDocs is built for document sharing; S3 is for storage, while Transfer and PrivateLink serve different use cases.
Q78

What happens when a maximum IAM role session duration is reached?

  • A Role is deleted
  • B Session expires
  • C Advisory alert issued
  • D No impact to resources
Explanation The session expires once the maximum duration is reached; roles and alerts are unaffected.
Q79

Which AWS service provides centralized logging and monitoring of AWS accounts?

  • A AWS CloudTrail
  • B AWS Config
  • C Amazon S3
  • D AWS Lambda
Explanation AWS CloudTrail records AWS API calls for auditing, while others serve different purposes.
Q80

A company needs to restrict access to certain S3 buckets based on VPC. Which feature should they use?

  • A S3 Block Public Access
  • B VPC Endpoint Policies
  • C IAM Roles
  • D S3 Lifecycle Policies
Explanation VPC Endpoint Policies limit access from specific VPCs, unlike the others.