Amazon Web Services passguide aws Certified Specialty Scs-c01 Passing Score by Bleu q426 vce pdf

Page: 38 / 43

Exam Name:	AWS Certified Security - Specialty
Exam Code:	SCS-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	589 Q&A's	Shared By:	bleu

Question 152

You currently have an S3 bucket hosted in an IAM Account. It holds information that needs be accessed by a partner account. Which is the MOST secure way to allow the partner account to access the S3 bucket in your account? Select 3 options.

Please select:

Options:

Ensure an IAM role is created which can be assumed by the partner account.

Ensure an IAM user is created which can be assumed by the partner account.

Ensure the partner uses an external id when making the request

Provide the ARN for the role to the partner account

Provide the Account Id to the partner account

Provide access keys for your account to the partner account

Discussion

Honey

I highly recommend it. They made a big difference for me and I'm sure they'll help you too. Just make sure to use them wisely and not solely rely on them. They should be used as a supplement to your regular studies.

Antoni Oct 25, 2024

Good point. Thanks for the advice. I'll definitely keep that in mind.

Josie

I just passed my certification exam using their dumps and I must say, I was thoroughly impressed.

Fatimah Oct 24, 2024

You’re right. The dumps were authentic and covered all the important topics. I felt confident going into the exam and it paid off.

Georgina

I used Cramkey Dumps to prepare for my recent exam and I have to say, they were a huge help.

Corey Oct 2, 2024

Really? How did they help you? I know these are the same questions appears in exam. I will give my try. But tell me if they also help in some training?

Joey

I highly recommend Cramkey Dumps to anyone preparing for the certification exam. They have all the key information you need and the questions are very similar to what you'll see on the actual exam.

Dexter Aug 7, 2024

Agreed. It's definitely worth checking out if you're looking for a comprehensive and reliable study resource.

Question 153

One of your company's EC2 Instances have been compromised. The company has strict po thorough investigation on finding the culprit for the security breach. What would you do in from the options given below.

Please select:

Options:

Take a snapshot of the EBS volume

Isolate the machine from the network

Make sure that logs are stored securely for auditing and troubleshooting purpose

Ensure all passwords for all IAM users are changed

Ensure that all access kevs are rotated.

Discussion

Question 154

A company requires that data stored in IAM be encrypted at rest. Which of the following approaches achieve this requirement? Select 2 answers from the options given below.

Please select:

Options:

When storing data in Amazon EBS, use only EBS-optimized Amazon EC2 instances.

When storing data in EBS, encrypt the volume by using IAM KMS.

When storing data in Amazon S3, use object versioning and MFA Delete.

When storing data in Amazon EC2 Instance Store, encrypt the volume by using KMS.

When storing data in S3, enable server-side encryption.

Discussion

Answer:

B, E

Explanation:

Explanation:

The IAM Documentation mentions the following

To create an encrypted Amazon EBS volume, select the appropriate box in the Amazon EBS section of the Amazon EC2 console. You can use a custom customer master key (CMK) by choosing one from the list that appears below the encryption box. If you do not specify a custom CMK, Amazon EBS uses the IAM-managed CMK for Amazon EBS in your account. If there is no IAM-managed CMK for Amazon EBS in your account, Amazon EBS creates one.

Data protection refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers). You can protect data in transit by using SSL or by using client-side encryption. You have the following options of protecting data at rest in Amazon S3.

• Use Server-Side Encryption - You request Amazon S3 to encrypt your object before saving it on disks in its data centers and decrypt it when you download the objects.

• Use Client-Side Encryption - You can encrypt data client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools.

Option A is invalid because using EBS-optimized Amazon EC2 instances alone will not guarantee protection of instances at rest. Option C is invalid because this will not encrypt data at rest for S3 objects. Option D is invalid because you don't store data in Instance store. For more information on EBS encryption, please visit the below URL:

https://docs.IAM.amazon.com/kms/latest/developerguide/services-ebs.html

For more information on S3 encryption, please visit the below URL:

https://docs.IAM.amazon.com/AmazonS3/latest/dev/UsinEEncryption.html

The correct answers are: When storing data in EBS, encrypt the volume by using IAM KMS. When storing data in S3, enable server-side encryption.

Submit your Feedback/Queries to our Experts

Question 155

A new application will be deployed on EC2 instances in private subnets. The application will transfer sensitive data to and from an S3 bucket. Compliance requirements state that the data must not traverse the public internet. Which solution meets the compliance requirement?

Please select:

Options:

Access the S3 bucket through a proxy server

Access the S3 bucket through a NAT gateway.

Access the S3 bucket through a VPC endpoint for S3

Access the S3 bucket through the SSL protected S3 endpoint