Amazon Web Services examstrust amazon Web Services Scs-c01 Online Access by Amani q53 vce pdf

Page: 42 / 43

Exam Name:	AWS Certified Security - Specialty
Exam Code:	SCS-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	589 Q&A's	Shared By:	amani

Question 168

DDoS attacks that happen at the application layer commonly target web applications with lower volumes of traffic compared to infrastructure attacks. To mitigate these types of attacks, you should probably want to include a WAF (Web Application Firewall) as part of your infrastructure. To inspect all HTTP requests, WAFs sit in-line with your application traffic. Unfortunately, this creates a scenario where WAFs can become a point of failure or bottleneck. To mitigate this problem, you need the ability to run multiple WAFs on demand during traffic spikes. This type of scaling for WAF is done via a "WAF sandwich." Which of the following statements best describes what a "WAF sandwich" is? Choose the correct answer from the options below

Please select:

Options:

The EC2 instance running your WAF software is placed between your private subnets and any NATed connections to the internet.

The EC2 instance running your WAF software is placed between your public subnets and your Internet Gateway.

The EC2 instance running your WAF software is placed between your public subnets and your private subnets.

The EC2 instance running your WAF software is included in an Auto Scaling group and placed in between two Elastic load balancers.

Discussion

Question 169

Your company has defined a set of S3 buckets in IAM. They need to monitor the S3 buckets and know the source IP address and the person who make requests to the S3 bucket. How can this be achieved?

Please select:

Options:

Enable VPC flow logs to know the source IP addresses

Monitor the S3 API calls by using Cloudtrail logging

Monitor the S3 API calls by using Cloudwatch logging

Enable IAM Inspector for the S3 bucket

Discussion

Walter

Yayyy!!! I passed my exam with the help of Cramkey Dumps. Highly appreciated!!!!

Angus Mar 22, 2026

YES….. I saw the same questions in the exam.

Teddie

yes, I passed my exam with wonderful score, Accurate and valid dumps.

Isla-Rose Mar 5, 2026

Absolutely! The questions in the dumps were almost identical to the ones that appeared in the actual exam. I was able to answer almost all of them correctly.

Addison

Want to tell everybody through this platform that I passed my exam with excellent score. All credit goes to Cramkey Exam Dumps.

Libby Mar 7, 2026

That's good to know. I might check it out for my next IT certification exam. Thanks for the info.

Hendrix

Great website with Great Exam Dumps. Just passed my exam today.

Luka Mar 13, 2026

Absolutely. Cramkey Dumps only provides the latest and most updated exam questions and answers.

Question 170

Your company has a set of EC2 Instances defined in IAM. They need to ensure that all traffic packets are monitored and inspected for any security threats. How can this be achieved? Choose 2 answers from the options given below

Please select:

Options:

Use a host based intrusion detection system

Use a third party firewall installed on a central EC2 instance

Use VPC Flow logs

Use Network Access control lists logging

Discussion

Question 171

A company is using a Redshift cluster to store their data warehouse. There is a requirement from the Internal IT Security team to ensure that data gets encrypted for the Redshift database. How can this be achieved?

Please select:

Options:

Encrypt the EBS volumes of the underlying EC2 Instances

Use IAM KMS Customer Default master key

Use SSL/TLS for encrypting the data

Use S3 Encryption