Amazon Web Services passguide aws Certified Specialty Scs-c01 Passing Score by Bleu q426 vce pdf

Page: 38 / 43

Exam Name:	AWS Certified Security - Specialty
Exam Code:	SCS-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	589 Q&A's	Shared By:	bleu

Question 152

You currently have an S3 bucket hosted in an IAM Account. It holds information that needs be accessed by a partner account. Which is the MOST secure way to allow the partner account to access the S3 bucket in your account? Select 3 options.

Please select:

Options:

Ensure an IAM role is created which can be assumed by the partner account.

Ensure an IAM user is created which can be assumed by the partner account.

Ensure the partner uses an external id when making the request

Provide the ARN for the role to the partner account

Provide the Account Id to the partner account

Provide access keys for your account to the partner account

Discussion

Question 153

One of your company's EC2 Instances have been compromised. The company has strict po thorough investigation on finding the culprit for the security breach. What would you do in from the options given below.

Please select:

Options:

Take a snapshot of the EBS volume

Isolate the machine from the network

Make sure that logs are stored securely for auditing and troubleshooting purpose

Ensure all passwords for all IAM users are changed

Ensure that all access kevs are rotated.

Discussion

Cecilia

Yes, I passed my certification exam using Cramkey Dumps.

Helena (not set)

Great. Yes they are really effective

Nell

Are these dumps reliable?

Ernie (not set)

Yes, very much so. Cramkey Dumps are created by experienced and certified professionals who have gone through the exams themselves. They understand the importance of providing accurate and relevant information to help you succeed.

Fatima

Hey I passed my exam. The world needs to know about it. I have never seen real exam questions on any other exam preparation resource like I saw on Cramkey Dumps.

Niamh (not set)

That's true. Cramkey Dumps are simply the best when it comes to preparing for the certification exam. They have all the key information you need and the questions are very similar to what you'll see on the actual exam.

Teddie

yes, I passed my exam with wonderful score, Accurate and valid dumps.

Isla-Rose (not set)

Absolutely! The questions in the dumps were almost identical to the ones that appeared in the actual exam. I was able to answer almost all of them correctly.

Georgina

I used Cramkey Dumps to prepare for my recent exam and I have to say, they were a huge help.

Corey (not set)

Really? How did they help you? I know these are the same questions appears in exam. I will give my try. But tell me if they also help in some training?

Question 154

A company requires that data stored in IAM be encrypted at rest. Which of the following approaches achieve this requirement? Select 2 answers from the options given below.

Please select:

Options:

When storing data in Amazon EBS, use only EBS-optimized Amazon EC2 instances.

When storing data in EBS, encrypt the volume by using IAM KMS.

When storing data in Amazon S3, use object versioning and MFA Delete.

When storing data in Amazon EC2 Instance Store, encrypt the volume by using KMS.

When storing data in S3, enable server-side encryption.

Discussion

Answer:

B, E

Explanation:

Explanation:

The IAM Documentation mentions the following

To create an encrypted Amazon EBS volume, select the appropriate box in the Amazon EBS section of the Amazon EC2 console. You can use a custom customer master key (CMK) by choosing one from the list that appears below the encryption box. If you do not specify a custom CMK, Amazon EBS uses the IAM-managed CMK for Amazon EBS in your account. If there is no IAM-managed CMK for Amazon EBS in your account, Amazon EBS creates one.

Data protection refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers). You can protect data in transit by using SSL or by using client-side encryption. You have the following options of protecting data at rest in Amazon S3.

• Use Server-Side Encryption - You request Amazon S3 to encrypt your object before saving it on disks in its data centers and decrypt it when you download the objects.

• Use Client-Side Encryption - You can encrypt data client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools.

Option A is invalid because using EBS-optimized Amazon EC2 instances alone will not guarantee protection of instances at rest. Option C is invalid because this will not encrypt data at rest for S3 objects. Option D is invalid because you don't store data in Instance store. For more information on EBS encryption, please visit the below URL:

https://docs.IAM.amazon.com/kms/latest/developerguide/services-ebs.html

For more information on S3 encryption, please visit the below URL:

https://docs.IAM.amazon.com/AmazonS3/latest/dev/UsinEEncryption.html

The correct answers are: When storing data in EBS, encrypt the volume by using IAM KMS. When storing data in S3, enable server-side encryption.

Submit your Feedback/Queries to our Experts

Question 155

A new application will be deployed on EC2 instances in private subnets. The application will transfer sensitive data to and from an S3 bucket. Compliance requirements state that the data must not traverse the public internet. Which solution meets the compliance requirement?

Please select:

Options:

Access the S3 bucket through a proxy server

Access the S3 bucket through a NAT gateway.

Access the S3 bucket through a VPC endpoint for S3

Access the S3 bucket through the SSL protected S3 endpoint