Free SCS-C01 Exam Braindumps

- (Exam Topic 1)
A developer is creating an AWS Lambda function that requires environment variables to store connection information and logging settings. The developer is required to use an AWS KMS Customer Master Key (CMK> supplied by the information security department in order to adhere to company standards for securing Lambda environment variables.
Which of the following are required for this configuration to work? (Select TWO.)

1. A. The developer must configure Lambda access to the VPC using the --vpc-config parameter.
2. B. The Lambda function execution role must have the kms:Decrypt- permission added in the AWS IAM policy.
3. C. The KMS key policy must allow permissions for the developer to use the KMS key.
4. D. The AWS IAM policy assigned to the developer must have the kmseGcnerate-DataKcy permission added.
5. E. The Lambda execution role must have the kms:Encrypt permission added in the AWS IAM policy.

Correct Answer: BC

- (Exam Topic 3)
A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at Rest. If the user is supplying his own keys for encryption SSE-C, which of the below mentioned statements is true?
Please select:

1. A. The user should use the same encryption key for all versions of the same object
2. B. It is possible to have different encryption keys for different versions of the same object
3. C. AWS S3 does not allow the user to upload his own keys for server side encryption
4. D. The SSE-C does not work when versioning is enabled

Correct Answer: B
anaging your own encryption keys, y
You can encrypt the object and send it across to S3
Option A is invalid because ideally you should use different encryption keys Option C is invalid because you can use you own encryption keys Option D is invalid because encryption works even if versioning is enabled For more information on client side encryption please visit the below Link:
""Keys.html https://docs.aws.ama2on.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
The correct answer is: It is possible to have different encryption keys for different versions of the same object Submit your Feedback/Queries to our Experts

- (Exam Topic 3)
An enterprise wants to use a third-party SaaS application. The SaaS application needs to have access to issue several API commands to discover Amazon EC2 resources running within the enterprise's account. The enterprise has internal security policies that require any outside access to their environment must conform to the principles of least privilege and there must be controls in place to ensure that the credentials used by the SaaS vendor cannot be used by any other third party. Which of the following would meet all of these conditions?
Please select:

1. A. From the AWS Management Console, navigate to the Security Credentials page and retrieve the access and secret key for your account.
2. B. Create an IAM user within the enterprise account assign a user policy to the IAM user that allows only the actions required by the SaaS applicatio
3. C. Create a new access and secret key for the user and provide these credentials to the SaaS provider.
4. D. Create an IAM role for cross-account access allows the SaaS provider's account to assume the role and assign it a policy that allows only the actions required by the SaaS application.
5. E. Create an IAM role for EC2 instances, assign it a policy that allows only the actions required tor the Saas application to work, provide the role ARN to the SaaS provider to use when launching their application instances.

Correct Answer: C
The below diagram from an AWS blog shows how access is given to other accounts for the services in your own account
C:\Users\wk\Desktop\mudassar\Untitled.jpg

Options A and B are invalid because you should not user IAM users or IAM Access keys Options D is invalid because you need to create a role for cross account access
For more information on Allowing access to external accounts, please visit the below URL:
|https://aws.amazon.com/blogs/apn/how-to-best-architect-your-aws-marketplace-saas-subscription-across-multip
The correct answer is: Create an IAM role for cross-account access allows the SaaS provider's account to assume the role and assign it a policy that allows only the actions required by the SaaS application.
Submit your Feedback/Queries to our Experts

- (Exam Topic 2)
Your company has a requirement to monitor all root user activity by notification. How can this best be achieved? Choose 2 answers from the options given below. Each answer forms part of the solution
Please select:

1. A. Create a Cloudwatch Events Rule s
2. B. Create a Cloudwatch Logs Rule
3. C. Use a Lambda function
4. D. Use Cloudtrail API call

Correct Answer: AC
Below is a snippet from the AWS blogs on a solution C:\Users\wk\Desktop\mudassar\Untitled.jpg

Option B is invalid because you need to create a Cloudwatch Events Rule and there is such thing as a Cloudwatch Logs Rule Option D is invalid because Cloud Trail API calls can be recorded but cannot be used to send across notifications For more information on this blog article, please visit the following URL:
https://aws.amazon.com/blogs/mt/monitor-and-notify-on-aws-account-root-user-activityy The correct answers are: Create a Cloudwatch Events Rule, Use a Lambda function Submit your Feedback/Queries to our Experts

- (Exam Topic 3)
A company has an application that uses an Amazon RDS PostgreSQL database. The company is developing an application feature that will store sensitive information for an individual in the database.
During a security review of the environment, the company discovers that the RDS DB instance is not encrypting data at rest. The company needs a solution that will provide encryption at rest for all the existing data and for any new data that is entered for an individual.
Which combination of options can the company use to meet these requirements? (Select TWO.)

1. A. Create a snapshot of the DB instanc
2. B. Copy the snapshot to a new snapshot, and enable encryption for the copy proces
3. C. Use the new snapshot to restore the DB instance.
4. D. Modify the configuration of the DB instance by enabling encryptio
5. E. Create a snapshot of the DB instanc
6. F. Use the snapshot to restore the DB instance.
7. G. Use AWS Key Management Service (AWS KMS) to create a new default AWS managed awa/rds key.Select this key as the encryption key for operations with Amazon RDS.
8. H. Use AWS Key Management Service (AWS KMS] to create a new CM
9. I. Select this key as the encryption key for operations with Amazon RDS.
10. J. Create a snapshot of the DB instanc
11. K. Enable encryption on the snapshoVUse the snapshot to restore the DB instance.

Correct Answer: CE