Amazon Web Services exams lab exactprep Scs-c03 Questions by Albi q8 vce pdf

Page: 2 / 9

Exam Name:	AWS Certified Security – Specialty
Exam Code:	SCS-C03 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	179 Q&A's	Shared By:	albi

Question 8

A company's security team wants to receive near-real-time email notifications about AWS abuse reports related to DoS attacks. An Amazon SNS topic already exists and is subscribed to by the security team.

What should the security engineer do next?

Options:

Poll Trusted Advisor for abuse notifications by using a Lambda function.

Create an Amazon EventBridge rule that matches AWS Health events for AWS_ABUSE_DOS_REPORT and publishes to SNS.

Poll the AWS Support API for abuse cases by using a Lambda function.

Detect abuse reports by using CloudTrail logs and CloudWatch alarms.

Discussion

Wyatt

Passed my exam… Thank you so much for your excellent Exam Dumps.

Arjun Mar 23, 2026

That sounds really useful. I'll definitely check it out.

Everleigh

I must say that they are updated regularly to reflect the latest exam content, so you can be sure that you are getting the most accurate information. Plus, they are easy to use and understand, so even new students can benefit from them.

Huxley Mar 27, 2026

That's great to know. So, you think new students should buy these dumps?

Cody

I used Cramkey Dumps to prepare and a lot of the questions on the exam were exactly what I found in their study materials.

Eric Mar 12, 2026

Really? That's great to hear! I used Cramkey Dumps too and I had the same experience. The questions were almost identical.

Laila

They're such a great resource for anyone who wants to improve their exam results. I used these dumps and passed my exam!! Happy customer, always prefer. Yes, same questions as above I know you guys are perfect.

Keira Mar 17, 2026

100% right….And they're so affordable too. It's amazing how much value you get for the price.

Hendrix

Great website with Great Exam Dumps. Just passed my exam today.

Luka Mar 13, 2026

Absolutely. Cramkey Dumps only provides the latest and most updated exam questions and answers.

Question 9

A security engineer is responding to an incident that is affecting an AWS account. The ID of the account is 123456789012. The attack created workloads that are distributed across multiple AWS Regions.

The security engineer contains the attack and removes all compute and storage resources from all affected Regions. However, the attacker also created an AWS KMS key. The key policy on the KMS key explicitly allows IAM principal kms:* permissions.

The key was scheduled to be deleted the previous day. However, the key is still enabled and usable. The key has an ARN of

arn:aws:kms:us-east-2:123456789012:key/mrk-0bb0212cd9864fdea0dcamzo26efb5670.

The security engineer must delete the key as quickly as possible.

Which solution will meet this requirement?

Options:

Log in to the account by using the account root user credentials. Re-issue the deletion request for the KMS key with a waiting period of 7 days.

Identify the other Regions where the KMS key ID is present and schedule the key for deletion in 7 days.

Update the IAM principal to allow kms:* permissions on the KMS key ARN. Re-issue the deletion request for the KMS key with a waiting period of 7 days.

Disable the KMS key. Re-issue the deletion request for the KMS key in 30 days.

Discussion

Question 10

A company sends Apache logs from EC2 Auto Scaling instances to a CloudWatch Logs log group with 1-year retention. A suspicious IP address appears in logs. A security engineer needs to analyze the past week of logs to count requests from that IP and list requested URLs.

What should the engineer do with the LEAST effort?

Options:

Export to S3 and use Macie.

Stream to OpenSearch and analyze.

Use CloudWatch Logs Insights with queries.

Export to S3 and use AWS Glue.

Discussion

Question 11

A company’s web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) in an Auto Scaling group. An AWS WAF web ACL is associated with the ALB. Instance logs are lost after reboots. The operations team suspects malicious activity targeting a specific PHP file.

Which set of actions will identify the suspect attacker’s IP address for future occurrences?

Options:

Configure VPC Flow Logs and search for PHP file activity.

Install the CloudWatch agent on the ALB and export application logs.

Export ALB access logs to Amazon OpenSearch Service and search them.

Configure the web ACL to send logs to Amazon Kinesis Data Firehose. Deliver logs to Amazon S3 and query them with Amazon Athena.