Instant Access Amazon.SCS-C01.v2023-08-21.q586 Actual Practice Test Engine for Free (Page 20)

Question 91

A company has enabled Amazon GuardDuty in all Regions as part of its security monitoring strategy. In one of the VPCs, the company hosts an Amazon EC2 instance working as an FTP server that is contacted by a high number of clients from multiple locations. This is identified by GuardDuty as a brute force attack due to the high number of connections that happen every hour.
The finding has been flagged as a false positive. However, GuardDuty keeps raising the issue. A Security Engineer has been asked to improve the signal-to-noise ratio. The Engineer needs to ensure that changes do not compromise the visibility of potential anomalous behavior.
How can the Security Engineer address the issue?

A.Disable the FTP rule in GuardDuty in the Region where the FTP server is deployed
B.Add the FTP server to a trusted IP list and deploy it to GuardDuty to stop receiving the notifications
C.Use GuardDuty filters with auto archiving enabled to close the findings
D.Create an AWS Lambda function that closes the finding whenever a new occurrence is reported

Question 92

To meet regulatory requirements, a Security Engineer needs to implement an IAM policy that restricts the use of IAM services to the us-east-1 Region.
What policy should the Engineer implement?

A.Option B
B.Option C
C.Option A
D.Option D

Question 93

An ecommerce website was down for 1 hour following a DDoS attack Users were unable to connect to the website during the attack period. The ecommerce company's security team is worried about future potential attacks and wants to prepare for such events The company needs to minimize downtime in its response to similar attacks in the future.
Which steps would help achieve this9 (Select TWO )

A.Set up an Amazon CloudWatch Events rule to monitor the AWS CloudTrail events in real time use AWS Config rules to audit the configuration, and use AWS Systems Manager for remediation.
B.Use AWS WAF to create rules to respond to such attacks
C.Use VPC Flow Logs to monitor network: traffic and an AWS Lambda function to automatically block an attacker's IP using security groups.
D.Subscribe to AWS Shield Advanced and reach out to AWS Support in the event of an attack.
E.Enable Amazon GuardDuty to automatically monitor for malicious activity and block unauthorized access.

Question 94

A security team is creating a response plan in the event an employee executes unauthorized actions on AWS infrastructure. They want to include steps to determine if the employee's 1AM permissions changed as part of the incident.
What steps should the team document in the plan?
Please select:

A.Use AWS Config to examine the employee's 1AM permissions prior to the incident and compare them to the employee's current 1AM permissions.
B.Use Made to examine the employee's 1AM permissions prior to the incident and compare them to the employee's A current 1AM permissions.
C.Use CloudTrail to examine the employee's 1AM permissions prior to the incident and compare them to the employee's current 1AM permissions.
D.Use Trusted Advisor to examine the employee's 1AM permissions prior to the incident and compare them to the employee's current 1AM permissions.

Question 95

Your company hosts critical data in an S3 bucket. There is a requirement to ensure that all data is encrypted.
There is also metadata about the information stored in the bucket that needs to be encrypted as well. Which of the below measures would you take to ensure that the metadata is encrypted?
Please select:

A.Put the metadata as metadata for each object in the S3 bucket and then enable S3 Server side encryption.
B.Put the metadata as metadata for each object in the S3 bucket and then enable S3 Server KMS encryption.
C.Put the metadata in a DynamoDB table and ensure the table is encrypted during creation time.
D.Put thp metadata in thp S3 hurkpf itself.

Question 91

Question 92

Question 93

Question 94

Question 95

Download PDF File