Amazon Web Services passguide aws Certified Specialty Scs-c01 Passing Score by Bleu q426 vce pdf

Page: 38 / 43

Exam Name:	AWS Certified Security - Specialty
Exam Code:	SCS-C01 Dumps
Vendor:	Amazon Web Services	Certification:	AWS Certified Specialty
Questions:	589 Q&A's	Shared By:	bleu

Question 152

You currently have an S3 bucket hosted in an IAM Account. It holds information that needs be accessed by a partner account. Which is the MOST secure way to allow the partner account to access the S3 bucket in your account? Select 3 options.

Please select:

Options:

Ensure an IAM role is created which can be assumed by the partner account.

Ensure an IAM user is created which can be assumed by the partner account.

Ensure the partner uses an external id when making the request

Provide the ARN for the role to the partner account

Provide the Account Id to the partner account

Provide access keys for your account to the partner account

Discussion

Question 153

One of your company's EC2 Instances have been compromised. The company has strict po thorough investigation on finding the culprit for the security breach. What would you do in from the options given below.

Please select:

Options:

Take a snapshot of the EBS volume

Isolate the machine from the network

Make sure that logs are stored securely for auditing and troubleshooting purpose

Ensure all passwords for all IAM users are changed

Ensure that all access kevs are rotated.

Discussion

Nell

Are these dumps reliable?

Ernie Feb 8, 2026

Yes, very much so. Cramkey Dumps are created by experienced and certified professionals who have gone through the exams themselves. They understand the importance of providing accurate and relevant information to help you succeed.

Annabel

I recently used them for my exam and I passed it with excellent score. I am impressed.

Amirah Feb 10, 2026

I passed too. The questions I saw in the actual exam were exactly the same as the ones in the Cramkey Dumps. I was able to answer the questions confidently because I had already seen and studied them.

Kylo

What makes Cramkey Dumps so reliable? Please guide.

Sami Feb 6, 2026

Well, for starters, they have a team of experts who are constantly updating their material to reflect the latest changes in the industry. Plus, they have a huge database of questions and answers, which makes it easy to study and prepare for the exam.

Robin

Cramkey is highly recommended.

Jonah Feb 9, 2026

Definitely. If you're looking for a reliable and effective study resource, look no further than Cramkey Dumps. They're simply wonderful!

Question 154

A company requires that data stored in IAM be encrypted at rest. Which of the following approaches achieve this requirement? Select 2 answers from the options given below.

Please select:

Options:

When storing data in Amazon EBS, use only EBS-optimized Amazon EC2 instances.

When storing data in EBS, encrypt the volume by using IAM KMS.

When storing data in Amazon S3, use object versioning and MFA Delete.

When storing data in Amazon EC2 Instance Store, encrypt the volume by using KMS.

When storing data in S3, enable server-side encryption.

Discussion

Answer:

B, E

Explanation:

Explanation:

The IAM Documentation mentions the following

To create an encrypted Amazon EBS volume, select the appropriate box in the Amazon EBS section of the Amazon EC2 console. You can use a custom customer master key (CMK) by choosing one from the list that appears below the encryption box. If you do not specify a custom CMK, Amazon EBS uses the IAM-managed CMK for Amazon EBS in your account. If there is no IAM-managed CMK for Amazon EBS in your account, Amazon EBS creates one.

Data protection refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers). You can protect data in transit by using SSL or by using client-side encryption. You have the following options of protecting data at rest in Amazon S3.

• Use Server-Side Encryption - You request Amazon S3 to encrypt your object before saving it on disks in its data centers and decrypt it when you download the objects.

• Use Client-Side Encryption - You can encrypt data client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools.

Option A is invalid because using EBS-optimized Amazon EC2 instances alone will not guarantee protection of instances at rest. Option C is invalid because this will not encrypt data at rest for S3 objects. Option D is invalid because you don't store data in Instance store. For more information on EBS encryption, please visit the below URL:

https://docs.IAM.amazon.com/kms/latest/developerguide/services-ebs.html

For more information on S3 encryption, please visit the below URL:

https://docs.IAM.amazon.com/AmazonS3/latest/dev/UsinEEncryption.html

The correct answers are: When storing data in EBS, encrypt the volume by using IAM KMS. When storing data in S3, enable server-side encryption.

Submit your Feedback/Queries to our Experts

Question 155

A new application will be deployed on EC2 instances in private subnets. The application will transfer sensitive data to and from an S3 bucket. Compliance requirements state that the data must not traverse the public internet. Which solution meets the compliance requirement?

Please select:

Options:

Access the S3 bucket through a proxy server

Access the S3 bucket through a NAT gateway.

Access the S3 bucket through a VPC endpoint for S3

Access the S3 bucket through the SSL protected S3 endpoint