Online SCS-C03 Practice TestMore Amazon-Web-Services Products >

Free Amazon-Web-Services SCS-C03 Exam Dumps Questions

Amazon-Web-Services SCS-C03: AWS Certified Security - Specialty

- Get instant access to SCS-C03 practice exam questions

- Get ready to pass the AWS Certified Security - Specialty exam right now using our Amazon-Web-Services SCS-C03 exam package, which includes Amazon-Web-Services SCS-C03 practice test plus an Amazon-Web-Services SCS-C03 Exam Simulator.

- The best online SCS-C03 exam study material and preparation tool is here.

4.5

(10230 ratings)

Question 2

A company uses AWS IAM Identity Center to manage access to its AWS accounts. The accounts are in an organization in AWS Organizations. A security engineer needs to set up delegated administration of IAM Identity Center in the organization??s management account.
Which combination of steps should the security engineer perform in IAM Identity Center before configuring delegated administration? (Select THREE.)

A. Grant least privilege access to the organization's management account.

B. Create a new IAM Identity Center directory in the organization's management account.

C. Set up a second AWS Region in the organization??s management account.

D. Create permission sets for use only in the organization's management account.

E. Create IAM users for use only in the organization's management account.

F. Create user assignments only in the organization's management account.

Correct Answer:BDF

Question 3

A company is using AWS CloudTrail and Amazon CloudWatch to monitor resources in an AWS account. The company??s developers have been using an IAM role in the account for the last 3 months.
A security engineer needs to refine the customer managed IAM policy attached to the role to ensure that the role provides least privilege access.
Which solution will meet this requirement with the LEAST effort?

A. Implement AWS IAM Access Analyzer policy generation on the role.

B. Implement AWS IAM Access Analyzer policy validation on the role.

C. Search CloudWatch logs to determine the actions the role invoked and to evaluate the permissions.

D. Use AWS Trusted Advisor to compare the policies assigned to the role against AWS best practices.

Correct Answer:A

Question 4

A company experienced a security incident caused by a vulnerable container image that was pushed from an external CI/CD pipeline into Amazon ECR.
Which solution will prevent vulnerable images from being pushed?

A. Enable ECR enhanced scanning with Lambda blocking.

B. Use Amazon Inspector with EventBridge and Lambda.

C. Integrate Amazon Inspector into the CI/CD pipeline using SBOM generation and fail the pipeline on critical findings.

D. Enable basic continuous ECR scanning.

Correct Answer:C

Question 5

A company has a PHP-based web application that uses Amazon S3 as an object store for user files. The S3 bucket is configured for server-side encryption with Amazon S3 managed keys (SSE-S3). New requirements mandate full control of encryption keys.
Which combination of steps must a security engineer take to meet these requirements? (Select THREE.)

A. Create a new customer managed key in AWS Key Management Service (AWS KMS).

B. Change the SSE-S3 configuration on the S3 bucket to server-side encryption with customer-provided keys (SSE-C).

C. Configure the PHP SDK to use the SSE-S3 key before upload.

D. Create an AWS managed key for Amazon S3 in AWS KMS.

E. Change the SSE-S3 configuration on the S3 bucket to server-side encryption with AWS KMS managed keys (SSE-KMS).

F. Change all the S3 objects in the bucket to use the new encryption key.

Correct Answer:AEF

Question 6

A security engineer configured VPC Flow Logs to publish to Amazon CloudWatch Logs. After 10 minutes, no logs appear. The issue is isolated to the IAM role associated with VPC Flow Logs.
What could be the reason?

A. logs:GetLogEvents is missing.

B. The engineer cannot assume the role.

C. The vpc-flow-logs.amazonaws.com principal cannot assume the role.

D. The role cannot tag the log stream.