×

Special Offer! November Sale at DumpsCity! Get 20% Off on All Certification Exam Questions. Use Code: DC20OFF

Email Us [email protected]
LOG IN SIGN UP 0

Free Amazon SCS-C02 Exam Questions

Try our Free Demo Practice Tests for Comprehensive SCS-C02 Exam Preparation

  • Amazon SCS-C02 Exam Questions
  • Provided By: Amazon
  • Exam: AWS Certified Security Specialty
  • Certification: AWS Certified Specialty
  • Total Questions: 481
  • Updated On: Nov 11, 2024
  • Rated: 4.9 |
  • Online Users: 962
Page No. 1 of 97
   
Add To Cart
  • Question 1

    • A company needs to implement DNS Security Extensions (DNSSEC) for a specific subdomain. The subdomain is already registered with Amazon Route 53. A security engineer has enabled DNSSEC signing and has created a key-signing key (KSK). When the security engineer tries to test the configuration, the security engineer receives an error for a broken trust chain. What should the security engineer do to resolve this error?


      Answer: C
  • Question 2

    • A company has an encrypted Amazon Aurora DB cluster in the us-east-1 Region. The DB cluster is encrypted with an AWS Key Management Service (AWS KMS) customer managed key. To meet compliance requirements, the company needs to copy a DB snapshot to the us-west-1 Region. However, when the company tries to copy the snapshot to us-west-1 the company cannot access the key that was used to encrypt the original database. What should the company do to set up the snapshot in us-west-1 with proper encryption?


      Answer: B
  • Question 3

    • A company has hundreds of AWS accounts in an organization in AWS Organizations. The company operates out of a single AWS Region. The company has a dedicated security tooling AWS account in the organization. The security tooling account is configured as the organization's delegated administrator for Amazon GuardDuty and AWS Security Hub. The company has configured the environment to automatically enable GuardDuty and Security Hub for existing AWS accounts and new AWS accounts. The company is performing control tests on specific GuardDuty findings to make sure that the company's security team can detect and respond to security events. The security team launched an Amazon EC2 instance and attempted to run DNS requests against a test domain, example.com, to generate a DNS finding. However, the GuardDuty finding was never created in the Security Hub delegated administrator account. Why was the finding was not created in the Security Hub delegated administrator account?


      Answer: C
  • Question 4

    • A company has a guideline that mandates the encryption of all Amazon S3 bucket data in transit. A security engineer must implement an S3 bucket policy that denies any S3 operations if data is not encrypted. Which S3 bucket policy will meet this requirement?


      Answer: B
  • Question 5
    • A developer is attempting to access an Amazon S3 bucket in a member account in AWS Organizations. The developer is logged in to the account with user credentials and has received an access denied error with no bucket listed. The developer should have read-only access to all buckets in the account.
      A security engineer has reviewed the permissions and found that the developer's IAM user has been granted read-only access to all S3 buckets in the account.
      Which additional steps should the security engineer take to troubleshoot the issue? (Select TWO.)

      Answer: A,B
PAGE: 1 - 97
   
Add To Cart

© Copyrights Dumpscity 2024. All Rights Reserved

We use cookies to ensure your best experience. So we hope you are happy to receive all cookies on the Dumpscity.