Amazon AWS

AWS Certified Security – Specialty

SCS-C03

The AWS Certified Security – Specialty (SCS-C03) exam tests your skills in securing AWS environments. It is designed for security professionals looking to validate their expertise in AWS security.

486 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 81–90 of 486

Q81

What happens when an AWS IAM user is deleted?

  • A User's permissions are revoked instantly.
  • B User can still access resources.
  • C Delete all user access keys.
  • D User must be recreated to regain access.
Explanation Deleting an IAM user revokes all associated permissions immediately.
Q82

Which service provides real-time AWS Cloud trail log monitoring and alerting?

  • A Amazon GuardDuty
  • B AWS Config
  • C AWS CloudTrail
  • D AWS CloudWatch
Explanation Amazon GuardDuty detects suspicious activity but does real-time monitoring of CloudTrail logs, while others do not specialize in this.
Q83

A company needs to ensure security compliance for access to its S3 buckets. Which feature should it implement?

  • A Bucket Versioning
  • B Bucket Policies
  • C Public Access Block
  • D Cross-Region Replication
Explanation Bucket Policies enforce compliance by managing access permissions, while the others provide utility but not direct compliance controls.
Q84

What happens when an EC2 instance's IAM role is removed while it is running?

  • A Instantly loses all access rights
  • B Retains access until reboot
  • C Access rights remain unchanged
  • D Access rights only lost for new requests
Explanation Removing the IAM role causes the instance to lose permissions for any new requests, but retains existing access in session until then.
Q85

Which AWS service provides the capability to manage user identities and permissions?

  • A AWS IAM
  • B Amazon RDS
  • C AWS Lambda
  • D Amazon S3
Explanation AWS IAM is designed for managing user identities and permissions; the others focus on data management or serverless functions.
Q86

A company needs to ensure confidential data is encrypted both at rest and in transit. Which approach should they take?

  • A Use S3's default encryption only.
  • B Implement SSL/TLS and use KMS.
  • C Only encrypt databases at rest.
  • D Use IAM roles for encryption.
Explanation Implementing SSL/TLS and using KMS ensures encryption both at rest and in transit, while the other options are either insufficient or restrict encryption capabilities.
Q87

What happens when a security group associated with an EC2 instance does not allow inbound traffic?

  • A Traffic is accepted.
  • B Traffic is blocked by default.
  • C Traffic is logged.
  • D Traffic is routed elsewhere.
Explanation Security groups block inbound traffic unless explicitly allowed; the other options misrepresent how security groups operate.
Q88

Which service offers centralized logging across AWS accounts?

  • A AWS CloudTrail
  • B Amazon S3
  • C AWS Config
  • D Amazon CloudWatch
Explanation AWS CloudTrail records and centralizes account activity, while others focus on storage, compliance, or metrics.
Q89

A company needs to apply strong password policies across its AWS account. Which AWS service should they use?

  • A AWS Organizations
  • B AWS IAM
  • C AWS Shield
  • D Amazon Inspector
Explanation AWS IAM allows you to enforce password policies, while others do not manage password settings.
Q90

What happens when you configure an S3 bucket policy allowing access to 'Everyone'?

  • A Only authenticated users can access.
  • B Data becomes publicly accessible.
  • C Access is denied for all users.
  • D Policy is ignored by S3.
Explanation Allowing access to 'Everyone' makes the bucket public, whereas the other options either misunderstand or misrepresent access settings.