About

Tuesday, 9 June 2020

Amazon SCS-C01 Simulatios - Amazon SCS-C01 Real Exam Questions | Dumps4Download.com

Question: 1

The Security team believes that a former employee may have gained unauthorized access to AWS
resources sometime in the past 3 months by using an identified access key.
What approach would enable the Security team to find out what the former employee may have
done within AWS?
A. Use the AWS CloudTrail console to search for user activity.
B. Use the Amazon CloudWatch Logs console to filter CloudTrail data by user.
C. Use AWS Config to see what actions were taken by the user.
D. Use Amazon Athena to query CloudTrail logs stored in Amazon S3.

Answer: A 


Question: 2

The Security Engineer implemented a new vault lock policy for 10TB of data and called initiate-vaultlock
12 hours ago. The Audit team identified a typo that is allowing incorrect access to the vault.
What is the MOST cost-effective way to correct this?

A. Call the abort-vault-lock operation, fix the typo, and call the initiate-vault-lock again.
B. Copy the vault data to Amazon S3, delete the vault, and create a new vault with the data.
C. Update the policy, keeping the vault lock in place.
D. Update the policy and call initiate-vault-lock again to apply the new policy.

Answer: A

Question: 3

A company wants to control access to its AWS resources by using identities and groups that are
defined in its existing Microsoft Active Directory.
What must the company create in its AWS account to map permissions for AWS services to Active
Directory user attributes?

A. AWS IAM groups
B. AWS IAM users
C. AWS IAM roles
D. AWS IAM access keys

Answer: C 

Question: 4

A company has contracted with a third party to audit several AWS accounts. To enable the audit,
cross-account IAM roles have been created in each account targeted for audit. The Auditor is having
trouble accessing some of the accounts.
Which of the following may be causing this problem? (Choose three.)

A. The external ID used by the Auditor is missing or incorrect.
B. The Auditor is using the incorrect password.
C. The Auditor has not been granted sts:AssumeRole for the role in the destination account.
D. The Amazon EC2 role used by the Auditor must be set to the destination account role.
E. The secret key used by the Auditor is missing or incorrect.
F. The role ARN used by the Auditor is missing or incorrect.

Answer: ACF 

Question: 5

Compliance requirements state that all communications between company on-premises hosts and
EC2 instances be encrypted in transit. Hosts use custom proprietary protocols for their
communication, and EC2 instances need to be fronted by a load balancer for increased availability.
Which of the following solutions will meet these requirements?

A. Offload SSL termination onto an SSL listener on a Classic Load Balancer, and use a TCP connection
between the load balancer and the EC2 instances.
B. Route all traffic through a TCP listener on a Classic Load Balancer, and terminate the TLS
connection on the EC2 instances.
C. Create an HTTPS listener using an Application Load Balancer, and route all of the communication
through that load balancer.
D. Offload SSL termination onto an SSL listener using an Application Load Balancer, and re-spawn and
SSL connection between the load balancer and the EC2 instances.

Answer: B 

Related Link:

0 comments:

Post a Comment

Don't Spam.

Step By Step Instructions To Get Achievement In Your Outcome For MS-500 Test

We have analyzed and investigated the need for understudies for the arrangement of their tests with the assistance of our esteemed specialis...