Amazon Web Services passguarantee aws Certified Specialty Scs-c01 Updated Exam by Corey q532 vce pdf

Page: 4 / 43

Exam Name:	AWS Certified Security - Specialty
Exam Code:	SCS-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	589 Q&A's	Shared By:	corey

Question 16

A company has the software development teams that are creating applications that store sensitive data in Amazon S3 Each team's data must always be separate. The company's security team must design a data encryption strategy for both teams that provides the ability to audit key usage. The solution must also minimize operational overhead

what should me security team recommend?

Options:

Tell the application teams to use two different S3 buckets with separate IAM Key Management Service (IAM KMS) IAM managed CMKs Limit the key process to allow encryption and decryption of the CMKs to their respective teams only. Force the teams to use encryption context to encrypt and decrypt

Tell the application teams to use two different S3 buckets with a single IAM Key Management Service (IAM KMS) IAM managed CMK Limit the key policy to allow encryption and decryption of the CMK only. Do not allow the teams to use encryption context to encrypt and decrypt

Tell the application teams to use two different S3 buckets with separate IAM Key Management Service (IAM KMS) customer managed CMKs Limit the key policies to allow encryption and decryption of the CMKs to their respective teams only Force the teams to use encryption context to encrypt and decrypt

Tell the application teams to use two different S3 buckets with a single IAM Key Management Service (IAM KMS) customer managed CMK Limit the key policy to allow encryption and decryption of the CMK only Do not allow the teams to use encryption context to encrypt and decrypt

Discussion

Question 17

A company Is building a data lake on Amazon S3. The data consists of millions of small files containing sensitive information. The security team has the following requirements for the architecture:

• Data must be encrypted in transit.

• Data must be encrypted at rest.

• The bucket must be private, but if the bucket is accidentally made public, the data must remain confidential.

Which combination of steps would meet the requirements? (Select THREE.)

Options:

Enable AES-256 encryption using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) on the S3 bucket

Enable default encryption with server-side encryption with IAM KMS-managed keys (SSE-KMS) on the S3 bucket.

Add a bucket policy that includes a deny if a PutObject request does not include IAMiSecureTcanspoct.

Add a bucket policy with ws: Sourcelpto Allow uploads and downloads from the corporate intranet only.

Add a bucket policy that includes a deny if a PutObject request does not include s3:x-amz-sairv9r-side-enctyption: "IAM: kms".

Enable Amazon Macie to monitor and act on changes to the data lake's S3 bucket.

Discussion

Josephine

I want to ask about their study material and Customer support? Can anybody guide me?

Zayd (not set)

Yes, the dumps or study material provided by them are authentic and up to date. They have a dedicated team to assist students and make sure they have a positive experience.

Peyton

Hey guys. Guess what? I passed my exam. Thanks a lot Cramkey, your provided information was relevant and reliable.

Coby (not set)

Thanks for sharing your experience. I think I'll give Cramkey a try for my next exam.

Ari

Can anyone explain what are these exam dumps and how are they?

Ocean (not set)

They're exam preparation materials that are designed to help you prepare for various certification exams. They provide you with up-to-date and accurate information to help you pass your exams.

Norah

Cramkey is highly recommended.

Zayan (not set)

Definitely. If you're looking for a reliable and effective study resource, look no further than Cramkey Dumps. They're simply wonderful!

Question 18

A company is designing the securely architecture (or a global latency-sensitive web application it plans to deploy to IAM. A Security Engineer needs to configure a highly available and secure two-tier architecture. The security design must include controls to prevent common attacks such as DDoS, cross-site scripting, and SQL injection.

Which solution meets these requirements?

Options:

Create an Application Load Balancer (ALB) that uses public subnets across multiple Availability Zones within a single Region. Point the ALB to an Auto Scaling group with Amazon EC2 instances in private subnets across multiple Availability Zones within the same Region. Create an Amazon

CloudFront distribution that uses the ALB as its origin. Create appropriate IAM WAF ACLs and enable them on the CloudFront distribution.

Create an Application Load Balancer (ALB) that uses private subnets across multiple Availability Zones within a single Region. Point the ALB to an Auto Scaling group with Amazon EC2 instances in private subnets across multiple Availability Zones within the same Region. Create an Amazon CloudFront distribution that uses the ALB as its origin. Create appropriate IAM WAF ACLs and enable them on the CloudFront distribution.

Create an Application Load Balancer (ALB) that uses private subnets across multiple Availability Zones within a single Region. Point the ALB to an Auto Scaling group with Amazon EC2 instances in private subnets across multiple Availability Zones within the same Region. Create appropriate IAM WAF ACLs and enable them on the ALB.

Discussion

Question 19

A company is collecting IAM CloudTrail log data from multiple IAM accounts by managing individual trails in each account and forwarding log data to a centralized Amazon S3 bucket residing in a log archive account. After CloudTrail introduced support for IAM Organizations trails, the company decided to further centralize management and automate deployment of the CloudTrail logging capability across all of its IAM accounts.

The company's security engineer created an IAM Organizations trail in the master account, enabled server-side encryption with IAM KMS managed keys (SSE-KMS) for the log files, and specified the same bucket as the storage location. However, the engineer noticed that logs recorded by the new trail were not delivered to the bucket.

Which factors could cause this issue? (Select TWO.)

Options:

The CMK key policy does not allow CloudTrail to make encrypt and decrypt API calls against the key.

The CMK key policy does not allow CloudTrail to make GenerateDataKey API calls against the key.

The IAM role used by the CloudTrail trail does not have permissions to make PutObject API calls against a folder created for the Organizations trail.

The S3 bucket policy does not allow CloudTrail to make PutObject API calls against a folder created for the Organizations trail.

The CMK key policy does not allow the IAM role used by the CloudTrail trail to use the key for crypto graphicaI operations.

Discussion

Page: 4 / 43

Title

Questions

Posted