Free SCS-C01 Exam Braindumps

- (Exam Topic 3)
A company created an AWS account for its developers to use for testing and learning purposes Because MM account will be shared among multiple teams of developers, the company wants to restrict the ability to stop and terminate Amazon EC2 instances so that a team can perform these actions only on the instances it owns.
Developers were Instructed to tag al their instances with a Team tag key and use the team name in the tag value One of the first teams to use this account is Business Intelligence A security engineer needs to develop a
highly scalable solution for providing developers with access to the appropriate resources within the account The security engineer has already created individual 1AM roles for each team.
Which additional configuration steps should the security engineer take to complete the task?

1. A. For each team, create an AM policy similar to the one that fellows Populate the ec2: ResourceTag/Team condition key with a proper team name Attach resulting policies to the corresponding 1AM roles.
2. B. For each team create an 1AM policy similar to the one that follows Populate the aws TagKeys/Team condition key with a proper team nam
3. C. Attach the resuming policies to the corresponding 1AM roles.
4. D. Tag each 1AM role with a Team lag ke
5. E. and use the team name in the tag valu
6. F. Create an 1AM policy similar to the one that follows, and attach 4 to all the 1AM roles used by developers.
7. G. Tag each IAM role with the Team key, and use the team name in the tag valu
8. H. Create an IAM policy similar to the one that follows, and it to all the IAM roles used by developers.

Correct Answer: A

- (Exam Topic 1)
A security engineer needs to configure monitoring and auditing for AWS Lambda.
Which combination of actions using AWS services should the security engineer take to accomplish this goal? (Select TWO.)

1. A. Use AWS Config to track configuration changes to Lambda functions, runtime environments, tags, handler names, code sizes, memory allocation, timeout settings, and concurrency settings, along with Lambda IAM execution role, subnet, and security group associations.
2. B. Use AWS CloudTrail to implement governance, compliance, operational, and risk auditing for Lambda.
3. C. Use Amazon Inspector to automatically monitor for vulnerabilities and perform governance, compliance, operational, and risk auditing for Lambda.
4. D. Use AWS Resource Access Manager to track configuration changes to Lambda functions, runtime environments, tags, handler names, code sizes, memory allocation, timeout settings, and concurrency settings, along with Lambda IAM execution role, subnet, and security group associations.
5. E. Use Amazon Macie to discover, classify, and protect sensitive data being executed inside the Lambda function.

Correct Answer: AB

- (Exam Topic 2)
An organization has a system in AWS that allows a large number of remote workers to submit data files. File sizes vary from a few kilobytes to several megabytes. A recent audit highlighted a concern that data files are not encrypted while in transit over untrusted networks.
Which solution would remediate the audit finding while minimizing the effort required?

1. A. Upload an SSL certificate to IAM, and configure Amazon CloudFront with the passphrase for the private key.
2. B. Call KMS.Encrypt() in the client, passing in the data file contents, and call KMS.Decrypt() server-side.
3. C. Use AWS Certificate Manager to provision a certificate on an Elastic Load Balancing in front of the web service’s servers.
4. D. Create a new VPC with an Amazon VPC VPN endpoint, and update the web service’s DNS record.

Correct Answer: C

- (Exam Topic 1)
A security engineer has noticed that VPC Flow Logs are getting a lot REJECT traffic originating from a single Amazon EC2 instance in an Auto Scaling group. The security engineer is concerned that this EC2 instance may be compromised.
What immediate action should the security engineer take? What immediate action should the security engineer take?

1. A. Remove me instance from the Auto Seating group Close me security group mm ingress only from a single forensic P address to perform an analysis.
2. B. Remove me instance from the Auto Seating group Change me network ACL rules to allow traffic only from a single forensic IP address to perform en analysis Add a rule to deny all other traffic.
3. C. Remove the instance from the Auto Scaling group Enable Amazon GuardDuty in that AWS account Install the Amazon Inspector agent cm the suspicious EC 2 instance to perform a scan.
4. D. Take a snapshot of the suspicious EC2 instanc
5. E. Create a new EC2 instance from me snapshot in a closed security group with ingress only from a single forensic IP address to perform an analysis

Correct Answer: B

- (Exam Topic 3)
Your team is designing a web application. The users for this web application would need to sign in via an external ID provider such asfacebook or Google. Which of the following AWS service would you use for authentication?
Please select:

1. A. AWS Cognito
2. B. AWS SAML
3. C. AWS IAM
4. D. AWS Config

Correct Answer: A
The AWS Documentation mentions the following
Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps. Your users ca sign in directly with a user name and password, or through a third party such as Facebook, Amazon, or Google.
Option B is incorrect since this is used for identity federation
Option C is incorrect since this is pure Identity and Access management Option D is incorrect since AWS is a configuration service
For more information on AWS Cognito please refer to the below Link: https://docs.aws.amazon.com/coenito/latest/developerguide/what-is-amazon-cognito.html The correct answer is: AWS Cognito
Submit your Feedback/Queries to our Experts