Free Amazon SCS-C02 Exam Questions
Try our Free Demo Practice Tests for Comprehensive SCS-C02 Exam Preparation
-
Amazon SCS-C02 Exam Questions
-
Provided By: Amazon
- Exam: AWS Certified Security Specialty
- Certification: AWS Certified Specialty
-
Total Questions: 522
-
Updated On: Feb 14, 2025
-
Rated: 4.9 |
-
Online Users: 1044
-
Question 1
-
A security team is responsible for reviewing AWS API call activity in the cloud environment for security violations. These events must be recorded and retained in a centralized location for both current and future AWS regions. What is the SIMPLEST way to meet these requirements?
Answer: C
-
-
Question 2
-
A company purchased a subscription to a third-party cloud security scanning solution that integrates with AWS Security Hub. A security engineer needs to implement a solution that will remediate the findings from the third-party scanning solution automatically. Which solution will meet this requirement?
Answer: A
-
-
Question 3
-
A company has a group of Amazon EC2 instances in a private subnet that does not have a NAT gateway attached. A security engineer needs to capture logs from an application and collect the log files in Amazon CloudWatch Logs.Which steps should the security engineer take to securely meet the requirements? (Select TWO.)
Answer: A,C
-
-
Question 4
-
A company wants to start processing sensitive data on Amazon EC2 instances. The company will use
Amazon CloudWatch Logs to monitor, store, and access log files from the EC2 instances.
The company's developers use CloudWatch Logs for troubleshooting. A security engineer must implement a
solution that prevents the developers from viewing the sensitive data The solution must automatically apply to
any new log groups that are created in the account in the future.
Which solution will meet these requirements?
Answer: A
-
A company wants to start processing sensitive data on Amazon EC2 instances. The company will use
Amazon CloudWatch Logs to monitor, store, and access log files from the EC2 instances.
The company's developers use CloudWatch Logs for troubleshooting. A security engineer must implement a
solution that prevents the developers from viewing the sensitive data The solution must automatically apply to
any new log groups that are created in the account in the future.
Which solution will meet these requirements?
-
Question 5
-
A security engineer is investigating a malware infection that has spread across a set of Amazon EC2
instances. A key indicator of the compromise is outbound traffic on TCP port 2905 to a set of command and
control hosts on the internet.
The security engineer creates a network ACL rule that denies the identified outbound traffic. The security
engineer applies the network ACL rule to the subnet of the EC2 instances. The security engineer must identify
any EC2 instances that are trying to communtcate on TCP port 2905.
Which solution will identify the affected EC2 instances with the LEAST operational effort?
Answer: B
-
A security engineer is investigating a malware infection that has spread across a set of Amazon EC2
instances. A key indicator of the compromise is outbound traffic on TCP port 2905 to a set of command and
control hosts on the internet.
The security engineer creates a network ACL rule that denies the identified outbound traffic. The security
engineer applies the network ACL rule to the subnet of the EC2 instances. The security engineer must identify
any EC2 instances that are trying to communtcate on TCP port 2905.
Which solution will identify the affected EC2 instances with the LEAST operational effort?