Questions & Answers PDF For More Information: https://www.certswarrior.com/ Features: 90 Days Free Updates 30 Days Money Back Guarantee Instant Download Once Purchased 24/7 Online Chat Support Its Latest Version Amazon SCS-C02 AWS Certified Security - Specialty Visit us at https://www.certswarrior.com/exam/scs-c02/ Latest Version: 6.0 Question: 1 Which of the following security policies are NOT written in JSON format? Response: A. AWS IAM identity-based policies B. AWS KMS key policies C. AWS Organizational Service Control Policies D. AWS Amazon S3 ACLs Answer: D Question: 2 AWS Security Hub integrates smoothly with which AWS Service. (Choose two.) Response: A. AWS Config B. Amazon GuardDuty C. Amazon Macie D. AWS KMS Answer: BC Question: 3 You are experiencing an increase in the level of attacks across multiple different AWS accounts against your applications from the internet. This includes XSS and SQL injection attacks. As the security architect for your organization, you are responsible for implementing a solution to help reduce and minimize these threats. Which AWS services should you implement to help protect against these attacks? (Choose two.) Response: A. AWS Shield B. AWS Firewall Manager C. AWS Web Application Firewall D. AWS Secrets Manager Visit us at https://www.certswarrior.com/exam/scs-c02/ E. AWS Systems Manager Answe r: BC Question: 4 A company is hosting a web application on AWS and is using an Amazon S3 bucket to store images. Users should have the ability to read objects in the bucket. A Security Engineer has written the following bucket policy to grant public read access: Attempts to read an object, however, receive the error: "Action does not apply to any resource(s) in statement.” What should the Engineer do to fix the error? Response: A. Change the IAM permissions by applying PutBucketPolicy permissions. B. Verify that the policy has the same name as the bucket name. If not, make it the same. C. Change the resource section to "arn:aws:s3:::appbucket/*". D. Add an s3:ListBucket action. Answer: C Question: 5 A Security Engineer must ensure that all API calls are collected across all company accounts, and that they are preserved online and are instantly available for analysis for 90 days. For compliance reasons, this data must be restorable for 7 years. Which steps must be taken to meet the retention needs in a scalable, cost-effective way? Response: Visit us at https://www.certswarrior.com/exam/scs-c02/ A. Enable AWS CloudTrail logging across all accounts to a centralized Amazon S3 bucket with versioning enabled. Set a lifecycle policy to move the data to Amazon Glacier daily, and expire the data after 90 days. B. Enable AWS CloudTrail logging across all accounts to S3 buckets. Set a lifecycle policy to expire the data in each bucket after 7 years. C. Enable AWS CloudTrail logging across all accounts to Amazon Glacier. Set a lifecycle policy to expire the data after 7 years. D. Enable AWS CloudTrail logging across all accounts to a centralized Amazon S3 bucket. Set a lifecycle policy to move the data to Amazon Glacier after 90 days, and expire the data after 7 years. Answer: D Question: 6 How can you enhance the security of your AWS CloudTrail logs? (Choose two.) Response: A. Encrypt log files using CSE-KMS. B. Enable log file verification . C. Encrypt log files using SSE-KMS. D. Enable log file validation. Answer: CD Question: 7 Amazon GuardDuty works seamlessly with which AWS services? (Choose two.) Response: A. Amazon EC2 B. AWS CloudTrail C. Amazon S3 D. Amazon VPC flow logs E. Amazon CloudWatch Answer: BD Question: 8 Which of the following is NOT considered a security best practice? Visit us at https://www.certswarrior.com/exam/scs-c02/ Response: A. Enable Multi-Factor Authentication (MFA). B. Remove the root account access keys. C. Associate IAM users with a single resource-based policy. D. Enable AWS CloudTrail. Answer: C Question: 9 You are being audited by an external auditor against PCI-DSS, who is accessing your solutions that utilize AWS. You have been asked to provide evidence that certain controls are being met against infrastructure that is maintained by AWS. What is the best way to provide this evidence? Response: A. Contact your AWS account management team, asking them to speak with the auditor. B. As a customer, you have no control over the AWS infrastructure or if it meets certain compliance programs. C. Use AWS Auditing to download the appropriate compliance reports. D. Use AWS Artifact to download the appropriate compliance records. Answer: D Question: 10 Which is NOT a method of installing the Amazon Inspector agent? Response: A. A manual install via a script being run on the instance B. Using the Run command from within System Manager C. Installing the agent as a part of the initial assessment when defining your target D. Using an Amazon AMI that already has the agent installed E. Using the Deploy command from AWS Security Hub Answer: D Visit us at https://www.certswarrior.com/exam/scs-c02/ http://www.certswarrior.com/ Questions and Answers (PDF) Page | 1 http://www.certswarrior.com/exam/M2180-651/ For More Information – Visit link below: https://www.certswarrior.com 16 USD Discount Coupon Code: U89DY2AQ Powered by TCPDF (www.tcpdf.org) Visit us at https://www.certswarrior.com/exam/scs-c02/