Free Amazon SCS-C01 Exam Dumps and SCS-C01 Exam Questions

Question No: 21

MultipleChoice

A company is building a data lake on Amazon S3. The data consists of millions of small files containing sensitive information. The Security team has the following requirements for the architecture:

* Data must be encrypted in transit.

* Data must be encrypted at rest.

* The bucket must be private, but if the bucket is accidentally made public, the data must remain confidential.

Which combination of steps would meet the requirements? (Choose two.)

Options

AEnable AES-256 encryption using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) on the S3 bucket.

BEnable default encryption with server-side encryption with AWS KMS-managed keys (SSE-KMS) on the S3 bucket.

CAdd a bucket policy that includes a deny if a PutObject request does not include aws:SecureTransport.

DAdd a bucket policy with aws:SourceIp to Allow uploads and downloads from the corporate intranet only.

EAdd a bucket policy that includes a deny if a PutObject request does not include s3:x-amz-server-side-encryption: 'aws:kms'.

FEnable Amazon Macie to monitor and act on changes to the data lake's S3 bucket.

Question No: 22

MultipleChoice

You are designing a custom IAM policy that would allow uses to list buckets in S3 only if they are MFA authenticated. Which of the following would best match this requirement?

Options

AOption

BOption

COption

DOption

Question No: 23

MultipleChoice

Which of the following bucket policies will ensure that objects being uploaded to a bucket called 'demo' are encrypted.

Please select:

Options

AOption

BOption

COption

DOption

Question No: 24

MultipleChoice

A company's Director of information Security wants a daily email report from AWS that contains recommendations for each company account to meet AWS Security best practices

Which solution would meet these requirements?

Options

Ain every AWS account, configure AWS Lambda to query me AWS Support API tor AWS Trusted Advisor security checks Send the results from Lambda to an Amazon SNS topic to send reports.

BConfigure Amazon GuardDuty in a master account and invite all other accounts to be managed by the master account Use GuardDuty's integration with Amazon SNS to report on findings

CUse Amazon Athena and Amazon QuickSight to build reports off of AWS CloudTrail Create a daily Amazon CloudWatch trigger to run the report dally and email It using Amazon SNS

CUse AWS Artifact's prebuilt reports and subscriptions Subscribe the Director of Information Security to the reports by adding the Director as the security alternate contact tor each account

Question No: 25

MultipleChoice

A company's Security Engineer has been asked to monitor and report all AWS account root user activities

Which of the following would enable the Security Engineer to monitor and report all root user activities? (Select TWO)

Options

AConfiguring AWS Organizations to monitor root user API calls on the paying account

BCreating an Amazon CloudWatch Events rule that will trigger when any API call from the root user is reported

CConfiguring Amazon Inspector to scan the AWS account for any root user activity

DConfiguring AWS Trusted Advisor to send an email to the Security team when the root user logs in to the console

EUsing Amazon SNS to notify the target group

Question No: 26

MultipleChoice

A security engineer to ensure their company's uses of AWS meets AWS security best practices. As part of this, the AWS account root user must not be used for daily work. The root user must be monitored for use, and the Security team must be alerted as quickly as possible if the root user is used.

Which solution meets these requirements?

Options

ASet up an Amazon CloudWatch Events rule that triggers an Amazon SNS notification.

BSet up an Amazon CloudWatch Events rule that triggers an Amazon SNS notification logs from S3 and generate notifications using Amazon SNS.

CSet up a rule in AWS config to trigger root user events. Trigger an AWS Lambda function and generate notifications using Amazon SNS.

DUse Amazon Inspector to monitor the usage of the root user and generate notifications using Amazon SNS