×

Special Offer! Limited-Time Offer! Get 25% Off on All Certification Exams – Prepare & Pass with Confidence! Use Code:  DC25OFF  

Free Amazon SCS-C02 Exam Questions

Try our Free Demo Practice Tests for Comprehensive SCS-C02 Exam Preparation

  • Amazon SCS-C02 Exam Questions
  • Provided By: Amazon
  • Exam: AWS Certified Security Specialty
  • Certification: AWS Certified Specialty
  • Total Questions: 522
  • Updated On: Apr 23, 2025
  • Rated: 4.9 |
  • Online Users: 1044
Page No. 1 of 105
Add To Cart
  • Question 1
    • A security engineer has created an Amazon GuardDuty detector in several AWS accounts. The accounts are in an organization in AWS Organizations. The security engineer needs centralized visibility of the security findings from the detectors.

      Answer: C
  • Question 2
    • A security team is working on a solution that will use Amazon EventBridge (Amazon CloudWatch Events) to monitor new Amazon S3 objects. The solution will monitor for public access and for changes to any S3 bucket policy or setting that result in public access. The security team configures EventBridge to watch for specific API calls that are logged from AWS CloudTrail. EventBridge has an action to send an email notification through Amazon Simple Notification Service (Amazon SNS) to the security team immediately with details of the API call. Specifically, the security team wants EventBridge to watch for the s3:PutObjectAcl, s3:DeleteBucketPolicy, and s3:PutBucketPolicy API invocation logs from CloudTrail. While developing the solution in a single account, the security team discovers that the s3:PutObjectAcl API call does not invoke an EventBridge event. However, the s3:DeleteBucketPolicy API call and the s3:PutBucketPolicy API call do invoke an event. The security team has enabled CloudTrail for AWS management events with a basic configuration in the AWS Region in which EventBridge is being tested. Verification of the EventBridge event pattern indicates that the pattern is set up correctly. The security team must implement a solution so that the s3:PutObjectAcl API call will invoke an EventBridge event. The solution must not generate false notifications. Which solution will meet these requirements?


      Answer: D
  • Question 3
    • A company hosts business-critical applications on Amazon EC2 instances in a VPC. The VPC uses default DHCP options sets. A security engineer needs to log all DNS queries that internal resources make in the VPC. The security engineer also must create a list of the most common DNS queries over time. Which solution will meet these requirements?


      Answer: D
  • Question 4
    • A company needs to delect unauthenticated access to its Amazon Elastic Kubernetes Service (Amazon EKS) clusters. The company needs a solution that requires no additional configuration ot the existing EKS deployment. Which solution will meet these requirements with the LEAST operational effort?

      Answer: D
  • Question 5
    • A security engineer is investigating a malware infection that has spread across a set of Amazon EC2 instances. A key indicator of the compromise is outbound traffic on TCP port 2905 to a set of command and control hosts on the internet. The security engineer creates a network ACL rule that denies the identified outbound traffic. The security engineer applies the network ACL rule to the subnet of the EC2 instances. The security engineer must identify any EC2 instances that are trying to communtcate on TCP port 2905. Which solution will identify the affected EC2 instances with the LEAST operational effort?

      Answer: B
PAGE: 1 - 105
Add To Cart

© Copyrights Dumpscity 2025. All Rights Reserved

We use cookies to ensure your best experience. So we hope you are happy to receive all cookies on the Dumpscity.