Amazon - Limited Time Discount Offer - Ends In 00:00:00 Coupon code: 30OFF
  1. Home
  2. Amazon
  3. SCS-C01 Exam

Free SCS-C01 Questions for Amazon SCS-C01 Exam as PDF & Practice Test Software

Page:    1 / 14   
Total 534 questions

Question 1

A development team is using an AWS Key Management Service (AWS KMS) CMK to try to encrypt and decrypt a secure string parameter from AWS Systems Manager Parameter Store. However, the development team receives an error message on each attempt.

Which issues that are related to the CMK could be reasons for the error? (Select TWO.)



Answer : A, D

Question 2

A company wants to monitor the deletion of customer managed CMKs A security engineer must create an alarm that will notify the company before a CMK is deleted The security engineer has configured the integration of AWS CloudTrail with Amazon CloudWatch

What should the security engineer do next to meet this requirement?

Within AWS Key Management Service (AWS KMS} specify the deletion time of the key material during CMK creation AWS KMS will automatically create a CloudWatch.

Create an amazon Eventbridge (Amazon CloudWatch Events) rule to look for API calls of DeleteAlias Create an AWS Lamabda function to send an Amazon Simple Notification Service (Amazon SNS) messages to the company Add the Lambda functions as the target of the Eventbridge (CloudWatch Events) rule.

Create an Amazon EventBridge (Amazon CloudWath Events) rule to look for API calls of DisableKey and ScheduleKeyDelection. Create an AWS Lambda function to generate the alarm and send the notification to the company. Add the lambda function as the target of the SNS policy.



Answer : A

Question 3

A company is hosting a static website on Amazon S3 The company has configured an Amazon CloudFront distribution to serve the website contents The company has associated an AWS WAF web ACL with the CloudFront distribution. The web ACL ensures that requests originate from the United States to address compliance restrictions.

THE company is worried that the S3 URL might still be accessible directly and that requests can bypass the CloudFront distribution

Which combination of steps should the company take to remove direct access to the S3 URL? (Select TWO. )



Answer : A, D

Question 4

A company's security team is building a solution for logging and visualization. The solution will assist the company with the large variety and velocity of data that it receives from AWS across multiple accounts. The security team has enabled AWS CloudTrail and VPC Flow Logs in all of its accounts In addition, the company has an organization in AWS Organizations and has an AWS Security Hub master account.

The security team wants to use Amazon Detective However the security team cannot enable Detective and is unsure why

What must the security team do to enable Detective?



Answer : D

Question 5

An application team wants to use AWS Certificate Manager (ACM) to request public certificates to ensure that data is secured in transit. The domains that are being used are not currently hosted on Amazon Route 53

The application team wants to use an AWS managed distribution and caching solution to optimize requests to its systems and provide better points of presence to customers The distribution solution will use a primary domain name that is customized The distribution solution also will use several alternative domain names The certificates must renew automatically over an indefinite period of time

Which combination of steps should the application team take to deploy this architecture? (Select THREE.)



Answer : C, D, F

Question 6

A security engineer needs to create an AWS Key Management Service

Which statement in the KMS key policy will meet these requirements?

A)

B)

C)



Answer : C

Page:    1 / 14   
Total 534 questions