Amazon Web Services exams lab exactprep Scs-c03 Questions by Albi q8 vce pdf

Page: 2 / 9

Exam Name:	AWS Certified Security – Specialty
Exam Code:	SCS-C03 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	179 Q&A's	Shared By:	albi

Question 8

A company's security team wants to receive near-real-time email notifications about AWS abuse reports related to DoS attacks. An Amazon SNS topic already exists and is subscribed to by the security team.

What should the security engineer do next?

Options:

Poll Trusted Advisor for abuse notifications by using a Lambda function.

Create an Amazon EventBridge rule that matches AWS Health events for AWS_ABUSE_DOS_REPORT and publishes to SNS.

Poll the AWS Support API for abuse cases by using a Lambda function.

Detect abuse reports by using CloudTrail logs and CloudWatch alarms.

Discussion

Question 9

A security engineer is responding to an incident that is affecting an AWS account. The ID of the account is 123456789012. The attack created workloads that are distributed across multiple AWS Regions.

The security engineer contains the attack and removes all compute and storage resources from all affected Regions. However, the attacker also created an AWS KMS key. The key policy on the KMS key explicitly allows IAM principal kms:* permissions.

The key was scheduled to be deleted the previous day. However, the key is still enabled and usable. The key has an ARN of

arn:aws:kms:us-east-2:123456789012:key/mrk-0bb0212cd9864fdea0dcamzo26efb5670.

The security engineer must delete the key as quickly as possible.

Which solution will meet this requirement?

Options:

Log in to the account by using the account root user credentials. Re-issue the deletion request for the KMS key with a waiting period of 7 days.

Identify the other Regions where the KMS key ID is present and schedule the key for deletion in 7 days.

Update the IAM principal to allow kms:* permissions on the KMS key ARN. Re-issue the deletion request for the KMS key with a waiting period of 7 days.

Disable the KMS key. Re-issue the deletion request for the KMS key in 30 days.

Discussion

Question 10

A company sends Apache logs from EC2 Auto Scaling instances to a CloudWatch Logs log group with 1-year retention. A suspicious IP address appears in logs. A security engineer needs to analyze the past week of logs to count requests from that IP and list requested URLs.

What should the engineer do with the LEAST effort?

Options:

Export to S3 and use Macie.

Stream to OpenSearch and analyze.

Use CloudWatch Logs Insights with queries.

Export to S3 and use AWS Glue.

Discussion

Lennie

I passed my exam and achieved wonderful score, I highly recommend it.

Emelia Apr 23, 2026

I think I'll give Cramkey a try next time I take a certification exam. Thanks for the recommendation!

Robin

Cramkey is highly recommended.

Jonah Apr 11, 2026

Definitely. If you're looking for a reliable and effective study resource, look no further than Cramkey Dumps. They're simply wonderful!

Atlas

What are these Dumps? Would anybody please explain it to me.

Reign Apr 19, 2026

These are exam dumps for a variety of IT certifications. They have a vast collection of updated questions and answers, which are very helpful in preparing for the exams.

Mariam

Do anyone think Cramkey questions can help improve exam scores?

Katie Apr 14, 2026

Absolutely! Many people have reported improved scores after using Cramkey Dumps, and there are also success stories of people passing exams on the first try. I already passed this exam. I confirmed above questions were in exam.

Madeleine

Passed my exam with my dream score…. Guys do give these dumps a try. They are authentic.

Ziggy Apr 22, 2026

That's really impressive. I think I might give Cramkey Dumps a try for my next certification exam.

Question 11

A company’s web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) in an Auto Scaling group. An AWS WAF web ACL is associated with the ALB. Instance logs are lost after reboots. The operations team suspects malicious activity targeting a specific PHP file.

Which set of actions will identify the suspect attacker’s IP address for future occurrences?

Options:

Configure VPC Flow Logs and search for PHP file activity.

Install the CloudWatch agent on the ALB and export application logs.

Export ALB access logs to Amazon OpenSearch Service and search them.

Configure the web ACL to send logs to Amazon Kinesis Data Firehose. Deliver logs to Amazon S3 and query them with Amazon Athena.