Amazon Web Services nwexams ace Your Scs-c03 Aws Certified Specialty Exam by Albi q49 vce pdf

Page: 5 / 9

Exam Name:	AWS Certified Security – Specialty
Exam Code:	SCS-C03 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	179 Q&A's	Shared By:	albi

Question 20

CloudFormation stack deployments fail for some users due to permission inconsistencies.

Which combination of steps will ensure consistent deployments MOST securely? (Select THREE.)

Options:

Create a composite principal service role.

Create a service role with cloudformation.amazonaws.com as the principal.

Attach scoped policies to the service role.

Attach service ARNs in policy resources.

Update each stack to use the service role.

Allow iam:PassRole to the service role.

Discussion

Freddy

I passed my exam with flying colors and I'm confident who will try it surely ace the exam.

Aleksander Apr 20, 2026

Thanks for the recommendation! I'll check it out.

Aryan

Absolutely rocked! They are an excellent investment for anyone who wants to pass the exam on the first try. They save you time and effort by providing a comprehensive overview of the exam content, and they give you a competitive edge by giving you access to the latest information. So, I definitely recommend them to new students.

Jessie Mar 31, 2026

did you use PDF or Engine? Which one is most useful?

Elise

I've heard that Cramkey is one of the best websites for exam dumps. They have a high passing rate and the questions are always up-to-date. Is it true?

Cian Apr 9, 2026

Definitely. The dumps are constantly updated to reflect the latest changes in the certification exams. And I also appreciate how they provide explanations for the answers, so I could understand the reasoning behind each question.

Peyton

Hey guys. Guess what? I passed my exam. Thanks a lot Cramkey, your provided information was relevant and reliable.

Coby Apr 8, 2026

Thanks for sharing your experience. I think I'll give Cramkey a try for my next exam.

Question 21

A company uses an organization in AWS Organizations to manage its 250 member accounts. The company also uses AWS IAM Identity Center with a SAML external identity provider (IdP). IAM Identity Center has been delegated to a member account. The company's security team has access to the delegated account.

The security team has been investigating a malicious internal user who might be accessing sensitive accounts. The security team needs to know when the user logged into the organization during the last 7 days.

Which solution will quickly identify the access attempts?

Options:

In the delegated account, use Amazon CloudWatch Logs to search for events that match the user details for all successful attempts.

In each member account, use the IAM Identity Center console to search for events that match the user details for all attempts.

In the external IdP, use Amazon EventBridge to search for events that match the user details for all attempts.

In the organization's management account, use AWS CloudTrail to search for events that match the user details for all successful attempts.

Discussion

Question 22

A company runs an internet-accessible application on several Amazon EC2 instances that run Windows Server. The company used an instance profile to configure the EC2 instances. A security team currently accesses the VPC that hosts the EC2 instances by using an AWS Site-to-Site VPN tunnel from an on-premises office.

The security team issues a policy that requires all external access to the VPC to be blocked in the event of a security incident. However, during an incident, the security team must be able to access the EC2 instances to obtain forensic information on the instances.

Which solution will meet these requirements?

Options:

Install EC2 Instance Connect on the EC2 instances. Update the IAM policy for the IAM role to grant the required permissions. Use the AWS CLI to open a tunnel to connect to the instances.

Install EC2 Instance Connect on the EC2 instances. Configure the instances to permit access to the ec2-instance-connect command user. Use the AWS Management Console to connect to the EC2 instances.

Create an EC2 Instance Connect endpoint in the VPC. Configure an appropriate security group to allow access between the EC2 instances and the endpoint. Use the AWS CLI to open a tunnel to connect to the instances.

Create an EC2 Instance Connect endpoint in the VPC. Configure an appropriate security group to allow access between the EC2 instances and the endpoint. Use the AWS Management Console to connect to the EC2 instances.

Discussion

Question 23

A company has decided to move its fleet of Linux-based web server instances to an Amazon EC2 Auto Scaling group. Currently, the instances are static and are launched manually. When an administrator needs to view log files, the administrator uses SSH to establish a connection to the instances and retrieves the logs manually.

The company often needs to query the logs to produce results about application sessions and user issues. The company does not want its new automatically scaling architecture to result in the loss of any log files when instances are scaled in.

Which combination of steps should a security engineer take to meet these requirements MOST cost-effectively? (Select TWO.)

Options:

Configure a cron job on the instances to forward the log files to Amazon S3 periodically.

Configure AWS Glue and Amazon Athena to query the log files.

Configure the Amazon CloudWatch agent on the instances to forward the logs to Amazon CloudWatch Logs.

Configure Amazon CloudWatch Logs Insights to query the log files.

Configure the instances to write the logs to an Amazon Elastic File System (Amazon EFS) volume.