Amazon Web Services examstrust amazon Web Services Scs-c01 Online Access by Amani q53 vce pdf

Page: 42 / 43

Exam Name:	AWS Certified Security - Specialty
Exam Code:	SCS-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	589 Q&A's	Shared By:	amani

Question 168

DDoS attacks that happen at the application layer commonly target web applications with lower volumes of traffic compared to infrastructure attacks. To mitigate these types of attacks, you should probably want to include a WAF (Web Application Firewall) as part of your infrastructure. To inspect all HTTP requests, WAFs sit in-line with your application traffic. Unfortunately, this creates a scenario where WAFs can become a point of failure or bottleneck. To mitigate this problem, you need the ability to run multiple WAFs on demand during traffic spikes. This type of scaling for WAF is done via a "WAF sandwich." Which of the following statements best describes what a "WAF sandwich" is? Choose the correct answer from the options below

Please select:

Options:

The EC2 instance running your WAF software is placed between your private subnets and any NATed connections to the internet.

The EC2 instance running your WAF software is placed between your public subnets and your Internet Gateway.

The EC2 instance running your WAF software is placed between your public subnets and your private subnets.

The EC2 instance running your WAF software is included in an Auto Scaling group and placed in between two Elastic load balancers.

Discussion

Question 169

Your company has defined a set of S3 buckets in IAM. They need to monitor the S3 buckets and know the source IP address and the person who make requests to the S3 bucket. How can this be achieved?

Please select:

Options:

Enable VPC flow logs to know the source IP addresses

Monitor the S3 API calls by using Cloudtrail logging

Monitor the S3 API calls by using Cloudwatch logging

Enable IAM Inspector for the S3 bucket

Discussion

Melody

My experience with Cramkey was great! I was surprised to see that many of the questions in my exam appeared in the Cramkey dumps.

Colby Feb 7, 2026

Yes, In fact, I got a score of above 85%. And I attribute a lot of my success to Cramkey's dumps.

Inaya

Passed the exam. questions are valid. The customer support is top-notch. They were quick to respond to any questions I had and provided me with all the information I needed.

Cillian Feb 24, 2026

That's a big plus. I've used other dump providers in the past and the customer support was often lacking.

Mylo

Excellent dumps with authentic information… I passed my exam with brilliant score.

Dominik Feb 25, 2026

That's amazing! I've been looking for good study material that will help me prepare for my upcoming certification exam. Now, I will try it.

Cecilia

Yes, I passed my certification exam using Cramkey Dumps.

Helena Feb 24, 2026

Great. Yes they are really effective

Freddy

I passed my exam with flying colors and I'm confident who will try it surely ace the exam.

Aleksander Feb 24, 2026

Thanks for the recommendation! I'll check it out.

Question 170

Your company has a set of EC2 Instances defined in IAM. They need to ensure that all traffic packets are monitored and inspected for any security threats. How can this be achieved? Choose 2 answers from the options given below

Please select:

Options:

Use a host based intrusion detection system

Use a third party firewall installed on a central EC2 instance

Use VPC Flow logs

Use Network Access control lists logging

Discussion

Question 171

A company is using a Redshift cluster to store their data warehouse. There is a requirement from the Internal IT Security team to ensure that data gets encrypted for the Redshift database. How can this be achieved?

Please select:

Options:

Encrypt the EBS volumes of the underlying EC2 Instances

Use IAM KMS Customer Default master key

Use SSL/TLS for encrypting the data

Use S3 Encryption