Amazon Web Services examstrust amazon Web Services Scs-c01 Online Access by Amani q53 vce pdf

Page: 42 / 43

Exam Name:	AWS Certified Security - Specialty
Exam Code:	SCS-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	589 Q&A's	Shared By:	amani

Question 168

DDoS attacks that happen at the application layer commonly target web applications with lower volumes of traffic compared to infrastructure attacks. To mitigate these types of attacks, you should probably want to include a WAF (Web Application Firewall) as part of your infrastructure. To inspect all HTTP requests, WAFs sit in-line with your application traffic. Unfortunately, this creates a scenario where WAFs can become a point of failure or bottleneck. To mitigate this problem, you need the ability to run multiple WAFs on demand during traffic spikes. This type of scaling for WAF is done via a "WAF sandwich." Which of the following statements best describes what a "WAF sandwich" is? Choose the correct answer from the options below

Please select:

Options:

The EC2 instance running your WAF software is placed between your private subnets and any NATed connections to the internet.

The EC2 instance running your WAF software is placed between your public subnets and your Internet Gateway.

The EC2 instance running your WAF software is placed between your public subnets and your private subnets.

The EC2 instance running your WAF software is included in an Auto Scaling group and placed in between two Elastic load balancers.

Discussion

Madeleine

Passed my exam with my dream score…. Guys do give these dumps a try. They are authentic.

Ziggy (not set)

That's really impressive. I think I might give Cramkey Dumps a try for my next certification exam.

Ella-Rose

Amazing website with excellent Dumps. I passed my exam and secured excellent marks!!!

Alisha (not set)

Extremely accurate. They constantly update their materials with the latest exam questions and answers, so you can be confident that what you're studying is up-to-date.

Syeda

I passed, Thank you Cramkey for your precious Dumps.

Stella (not set)

That's great. I think I'll give Cramkey Dumps a try.

Neve

Will I be able to achieve success after using these dumps?

Rohan (not set)

Absolutely. It's a great way to increase your chances of success.

Josie

I just passed my certification exam using their dumps and I must say, I was thoroughly impressed.

Fatimah (not set)

You’re right. The dumps were authentic and covered all the important topics. I felt confident going into the exam and it paid off.

Question 169

Your company has defined a set of S3 buckets in IAM. They need to monitor the S3 buckets and know the source IP address and the person who make requests to the S3 bucket. How can this be achieved?

Please select:

Options:

Enable VPC flow logs to know the source IP addresses

Monitor the S3 API calls by using Cloudtrail logging

Monitor the S3 API calls by using Cloudwatch logging

Enable IAM Inspector for the S3 bucket

Discussion

Question 170

Your company has a set of EC2 Instances defined in IAM. They need to ensure that all traffic packets are monitored and inspected for any security threats. How can this be achieved? Choose 2 answers from the options given below

Please select:

Options:

Use a host based intrusion detection system

Use a third party firewall installed on a central EC2 instance

Use VPC Flow logs

Use Network Access control lists logging

Discussion

Question 171

A company is using a Redshift cluster to store their data warehouse. There is a requirement from the Internal IT Security team to ensure that data gets encrypted for the Redshift database. How can this be achieved?

Please select:

Options:

Encrypt the EBS volumes of the underlying EC2 Instances

Use IAM KMS Customer Default master key

Use SSL/TLS for encrypting the data

Use S3 Encryption