×

Special Offer! Limited-Time Offer! Get 25% Off on All Certification Exams – Prepare & Pass with Confidence! Use Code:  DC25OFF  

Free Amazon SCS-C02 Exam Questions

Try our Free Demo Practice Tests for Comprehensive SCS-C02 Exam Preparation

  • Amazon SCS-C02 Exam Questions
  • Provided By: Amazon
  • Exam: AWS Certified Security Specialty
  • Certification: AWS Certified Specialty
  • Total Questions: 522
  • Updated On: Mar 28, 2025
  • Rated: 4.9 |
  • Online Users: 1044
Page No. 1 of 105
Add To Cart
  • Question 1
    • A company has two AWS accounts. One account is for development workloads. The other account is for production workloads. For compliance reasons the production account contains all the AWS Key Management. Service (AWS KMS) keys that the company uses for encryption. The company applies an IAM role to an AWS Lambda function in the development account to allow secure access to AWS resources. The Lambda function must access a specific KMS customer managed key that exists in the production account to encrypt the Lambda function's data. Which combination of steps should a security engineer take to meet these requirements? (Select TWO.) 


      Answer: B,E
  • Question 2
    • A company needs to delect unauthenticated access to its Amazon Elastic Kubernetes Service (Amazon EKS) clusters. The company needs a solution that requires no additional configuration ot the existing EKS deployment. Which solution will meet these requirements with the LEAST operational effort?

      Answer: D
  • Question 3
    • A security engineer is investigating a malware infection that has spread across a set of Amazon EC2 instances. A key indicator of the compromise is outbound traffic on TCP port 2905 to a set of command and control hosts on the internet. The security engineer creates a network ACL rule that denies the identified outbound traffic. The security engineer applies the network ACL rule to the subnet of the EC2 instances. The security engineer must identify any EC2 instances that are trying to communtcate on TCP port 2905. Which solution will identify the affected EC2 instances with the LEAST operational effort?

      Answer: B
  • Question 4
    • A company wants to start processing sensitive data on Amazon EC2 instances. The company will use Amazon CloudWatch Logs to monitor, store, and access log files from the EC2 instances. The company's developers use CloudWatch Logs for troubleshooting. A security engineer must implement a solution that prevents the developers from viewing the sensitive data The solution must automatically apply to any new log groups that are created in the account in the future. Which solution will meet these requirements?

      Answer: A
  • Question 5
    • A company wants to start processing sensitive data on Amazon EC2 instances. The company will use Amazon CloudWatch Logs to monitor, store, and access log files from the EC2 instances. The company's developers use CloudWatch Logs for troubleshooting. A security engineer must implement a solution that prevents the developers from viewing the sensitive data The solution must automatically apply to any new log groups that are created in the account in the future. Which solution will meet these requirements?

      Answer: A
PAGE: 1 - 105
Add To Cart

© Copyrights Dumpscity 2025. All Rights Reserved

We use cookies to ensure your best experience. So we hope you are happy to receive all cookies on the Dumpscity.