Amazon Web Services passguide aws Certified Specialty Scs-c01 Passing Score by Bleu q426 vce pdf

Page: 38 / 43

Exam Name:	AWS Certified Security - Specialty
Exam Code:	SCS-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	589 Q&A's	Shared By:	bleu

Question 152

You currently have an S3 bucket hosted in an IAM Account. It holds information that needs be accessed by a partner account. Which is the MOST secure way to allow the partner account to access the S3 bucket in your account? Select 3 options.

Please select:

Options:

Ensure an IAM role is created which can be assumed by the partner account.

Ensure an IAM user is created which can be assumed by the partner account.

Ensure the partner uses an external id when making the request

Provide the ARN for the role to the partner account

Provide the Account Id to the partner account

Provide access keys for your account to the partner account

Discussion

Question 153

One of your company's EC2 Instances have been compromised. The company has strict po thorough investigation on finding the culprit for the security breach. What would you do in from the options given below.

Please select:

Options:

Take a snapshot of the EBS volume

Isolate the machine from the network

Make sure that logs are stored securely for auditing and troubleshooting purpose

Ensure all passwords for all IAM users are changed

Ensure that all access kevs are rotated.

Discussion

Question 154

A company requires that data stored in IAM be encrypted at rest. Which of the following approaches achieve this requirement? Select 2 answers from the options given below.

Please select:

Options:

When storing data in Amazon EBS, use only EBS-optimized Amazon EC2 instances.

When storing data in EBS, encrypt the volume by using IAM KMS.

When storing data in Amazon S3, use object versioning and MFA Delete.

When storing data in Amazon EC2 Instance Store, encrypt the volume by using KMS.

When storing data in S3, enable server-side encryption.

Discussion

Answer:

B, E

Explanation:

Explanation:

The IAM Documentation mentions the following

To create an encrypted Amazon EBS volume, select the appropriate box in the Amazon EBS section of the Amazon EC2 console. You can use a custom customer master key (CMK) by choosing one from the list that appears below the encryption box. If you do not specify a custom CMK, Amazon EBS uses the IAM-managed CMK for Amazon EBS in your account. If there is no IAM-managed CMK for Amazon EBS in your account, Amazon EBS creates one.

Data protection refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers). You can protect data in transit by using SSL or by using client-side encryption. You have the following options of protecting data at rest in Amazon S3.

• Use Server-Side Encryption - You request Amazon S3 to encrypt your object before saving it on disks in its data centers and decrypt it when you download the objects.

• Use Client-Side Encryption - You can encrypt data client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools.

Option A is invalid because using EBS-optimized Amazon EC2 instances alone will not guarantee protection of instances at rest. Option C is invalid because this will not encrypt data at rest for S3 objects. Option D is invalid because you don't store data in Instance store. For more information on EBS encryption, please visit the below URL:

https://docs.IAM.amazon.com/kms/latest/developerguide/services-ebs.html

For more information on S3 encryption, please visit the below URL:

https://docs.IAM.amazon.com/AmazonS3/latest/dev/UsinEEncryption.html

The correct answers are: When storing data in EBS, encrypt the volume by using IAM KMS. When storing data in S3, enable server-side encryption.

Submit your Feedback/Queries to our Experts

Josie

I just passed my certification exam using their dumps and I must say, I was thoroughly impressed.

Fatimah Aug 14, 2025

You’re right. The dumps were authentic and covered all the important topics. I felt confident going into the exam and it paid off.

Carson

Yeah, definitely. I would definitely recommend Cramkey Dumps to anyone who is preparing for an exam.

Rufus Aug 16, 2025

Me too. They're a lifesaver!

Ayesha

They are study materials that are designed to help students prepare for exams and certification tests. They are basically a collection of questions and answers that are likely to appear on the test.

Ayden Aug 3, 2025

That sounds interesting. Why are they useful? Planning this week, hopefully help me. Can you give me PDF if you have ?

Hassan

Highly Recommended Dumps… today I passed my exam! Same questions appear. I bought Full Access.

Kasper Aug 5, 2025

Hey wonderful….so same questions , sounds good. Planning to write this week, I will go for full access today.

Erik

Hey, I have passed my exam using Cramkey Dumps?

Freyja Aug 1, 2025

Really, what are they? All come in your pool? Please give me more details, I am going to have access their subscription. Please brother, give me more details.

Question 155

A new application will be deployed on EC2 instances in private subnets. The application will transfer sensitive data to and from an S3 bucket. Compliance requirements state that the data must not traverse the public internet. Which solution meets the compliance requirement?

Please select:

Options:

Access the S3 bucket through a proxy server

Access the S3 bucket through a NAT gateway.

Access the S3 bucket through a VPC endpoint for S3

Access the S3 bucket through the SSL protected S3 endpoint