Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

Amazon Web Services Updated SCS-C03 Exam Questions and Answers by alvie

Page: 11 / 17

Amazon Web Services SCS-C03 Exam Overview :

Exam Name: AWS Certified Security – Specialty
Exam Code: SCS-C03 Dumps
Vendor: Amazon Web Services Certification: AWS Certified Specialty
Questions: 231 Q&A's Shared By: alvie
Question 44

A company runs a web application on a fleet of Amazon EC2 instances in an Auto Scaling group. Amazon GuardDuty and AWS Security Hub are enabled. The security engineer needs an automated response to anomalous traffic that follows AWS best practices and minimizes application disruption.

Which solution will meet these requirements?

Options:

A.

Use EventBridge to disable the instance profile access keys.

B.

Use EventBridge to invoke a Lambda function that removes the affected instance from the Auto Scaling group and isolates it with a restricted security group.

C.

Use Security Hub to update the subnet network ACL to block traffic.

D.

Send GuardDuty findings to Amazon SNS for email notification.

Discussion
Question 45

A company is planning to migrate its applications to AWS in a single AWS Region. The company’s applications will use a combination of Amazon EC2 instances, Elastic Load Balancing (ELB) load balancers, and Amazon S3 buckets. The company wants to complete the migration as quickly as possible. All the applications must meet the following requirements:

• Data must be encrypted at rest.

• Data must be encrypted in transit.

• Endpoints must be monitored for anomalous network traffic.

Which combination of steps should a security engineer take to meet these requirements with the LEAST effort? (Select THREE.)

Options:

A.

Install the Amazon Inspector agent on EC2 instances by using AWS Systems Manager Automation.

B.

Enable Amazon GuardDuty in all AWS accounts.

C.

Create VPC endpoints for Amazon EC2 and Amazon S3. Update VPC route tables to use only the secure VPC endpoints.

D.

Configure AWS Certificate Manager (ACM). Configure the load balancers to use certificates from ACM.

E.

Use AWS Key Management Service (AWS KMS) for key management. Create an S3 bucket policy to deny any PutObject command with a condition for x-amz-meta-side-encryption.

F.

Use AWS Key Management Service (AWS KMS) for key management. Create an S3 bucket policy to deny any PutObject command with a condition for x-amz-server-side-encryption.

Discussion
Question 46

A company uses AWS IAM Identity Center with SAML 2.0 federation. The company decides to change its federation source from one identity provider (IdP) to another. The underlying directory for both IdPs is Active Directory.

Which solution will meet this requirement?

Options:

A.

Disable all existing users and groups within IAM Identity Center that were part of the federation with the original IdP.

B.

Modify the attribute mappings within the IAM Identity Center trust relationship to match information that the new IdP sends.

C.

Reconfigure all existing IAM roles in the company ' s AWS accounts to explicitly trust the new IdP as the principal.

D.

Confirm that the Network Time Protocol (NTP) clock skew is correctly set between IAM Identity Center and the new IdP endpoints.

Discussion
Josephine
I want to ask about their study material and Customer support? Can anybody guide me?
Zayd Jun 24, 2026
Yes, the dumps or study material provided by them are authentic and up to date. They have a dedicated team to assist students and make sure they have a positive experience.
Nylah
I've been looking for good study material for my upcoming certification exam. Need help.
Dolly Jun 8, 2026
Then you should definitely give Cramkey Dumps a try. They have a huge database of questions and answers, making it easy to study and prepare for the exam. And the best part is, you can be sure the information is accurate and relevant.
Lennie
I passed my exam and achieved wonderful score, I highly recommend it.
Emelia Jun 15, 2026
I think I'll give Cramkey a try next time I take a certification exam. Thanks for the recommendation!
Marley
Hey, I heard the good news. I passed the certification exam!
Jaxson Jun 12, 2026
Yes, I passed too! And I have to say, I couldn't have done it without Cramkey Dumps.
Question 47

A security engineer for a company is investigating suspicious traffic on a web application in the AWS Cloud. The web application is protected by an Application Load Balancer (ALB) behind an Amazon CloudFront distribution. There is an AWS WAF web ACL associated with the ALB. The company stores AWS WAF logs in an Amazon S3 bucket.

The engineer notices that all incoming requests in the AWS WAF logs originate from a small number of IP addresses that correspond to CloudFront edge locations. The security engineer must identify the source IP addresses of the clients that are initiating the suspicious requests.

Which solution will meet this requirement?

Options:

A.

Enable VPC Flow Logs in the VPC where the ALB is deployed. Examine the source field to capture the client IP addresses.

B.

Inspect the X-Forwarded-For header in the AWS WAF logs to determine the original client IP addresses.

C.

Modify the CloudFront distribution to disable ALB connection reuse. Examine the clientIp field in the AWS WAF logs to identify the original client IP addresses.

D.

Configure CloudFront to add a custom header named Client-IP to origin requests that are sent to the ALB.

Discussion
Page: 11 / 17
Title
Questions
Posted

SCS-C03
PDF

$36.75  $104.99

SCS-C03 Testing Engine

$43.75  $124.99

SCS-C03 PDF + Testing Engine

$57.75  $164.99