Instant Access Amazon.SCS-C01.v2023-08-21.q586 Actual Practice Test Engine for Free (Page 5)

Question 16

The Security Engineer created a new AWS Key Management Service (AWS KMS) key with the following key policy:

What are the effects of the key policy? (Choose two.)

A.The policy allows access for the AWS account 111122223333 to manage key access though IAM policies.
B.The policy allows all IAM users in account 111122223333 to have full access to the KMS key.
C.The policy allows the root user in account 111122223333 to have full access to the KMS key.
D.The policy allows the KMS service-linked role in account 111122223333 to have full access to the KMS key.
E.The policy allows all IAM roles in account 111122223333 to have full access to the KMS key.

Question 17

A recent security audit identified that a company's application team injects database credentials into the environment variables of an AWS Fargate task. The company's security policy mandates that all sensitive data be encrypted at rest and in transit.
When combination of actions should the security team take to make the application compliant within the security policy? (Select THREE)

A.Modify the application to pull credentials from the AWS Secrets Manager secret instead of the environment variables.
B.Create an AWS Secrets Manager secret and specify the key/value pairs to be stored in this secret
C.Store the credentials securely in a file in an Amazon S3 bucket with restricted access to the application team IAM role Ask the application team to read the credentials from the S3 object instead
D.Add the following statement to the container instance IAM role policy

Question 18

Your company has a requirement to monitor all root user activity by notification. How can this best be achieved? Choose 2 answers from the options given below. Each answer forms part of the solution Please select:

A.Create a Cloudwatch Events Rule s
B.Create a Cloudwatch Logs Rule
C.Use a Lambda function
D.Use Cloudtrail API call

Question 19

A Security Engineer is defining the logging solution for a newly developed product. Systems Administrators and Developers need to have appropriate access to event log files in AWS CloudTrail to support and troubleshoot the product.
Which combination of controls should be used to protect against tampering with and unauthorized access to log files? (Choose two.)

A.Ensure that all log files are stored on Amazon EC2 instances that allow SSH access from the internal corporate network only.
B.Ensure that all log files are written to at least two separate Amazon S3 buckets in the same account.
C.Ensure that the log file integrity validation mechanism is enabled.
D.Ensure that Systems Administrators and Developers can edit log files, but prevent any other access.
E.Ensure that Systems Administrators and Developers with job-related need-to-know requirements only are capable of viewing-but not modifying-the log files.

Question 20

For compliance reasons, an organization limits the use of resources to three specific AWS regions. It wants to be alerted when any resources are launched in unapproved regions.
Which of the following approaches will provide alerts on any resources launched in an unapproved region?

A.Use AWS Trusted Advisor to alert on all resources being created.
B.Analyze Amazon CloudWatch Logs for activities in unapproved regions.
C.Monitor Amazon S3 Event Notifications for objects stored in buckets in unapproved regions.
D.Develop an alerting mechanism based on processing AWS CloudTrail logs.

Question 16

Question 17

Question 18

Question 19

Question 20

Download PDF File