Free SCS-C01 Exam Braindumps

- (Exam Topic 3)
A security engineer needs to create an AWS Key Management Service server-side encryption. Usage of the key must be limited to requests coming from Amazon S3 within the company's account.
Which statement in the KMS key policy will meet these requirements?
A)

B)

C)

1. A. Option A
2. B. Option B
3. C. Option C

Correct Answer: C

- (Exam Topic 3)
A company has a requirement to create a DynamoDB table. The company's software architect has provided the following CLI command for the DynamoDB table

Which of the following has been taken of from a security perspective from the above command?
Please select:

1. A. Since the ID is hashed, it ensures security of the underlying table.
2. B. The above command ensures data encryption at rest for the Customer table
3. C. The above command ensures data encryption in transit for the Customer table
4. D. The right throughput has been specified from a security perspective

Correct Answer: B
The above command with the "-sse-specification Enabled=true" parameter ensures that the data for the DynamoDB table is encrypted at rest.
Options A,C and D are all invalid because this command is specifically used to ensure data encryption at rest For more information on DynamoDB encryption, please visit the URL: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/encryption.tutorial.html
The correct answer is: The above command ensures data encryption at rest for the Customer table

- (Exam Topic 3)
Your company has a hybrid environment, with on-premise servers and servers hosted in the AWS cloud. They are planning to use the Systems Manager for patching servers. Which of the following is a pre-requisite for this to work;
Please select:

1. A. Ensure that the on-premise servers are running on Hyper-V.
2. B. Ensure that an IAM service role is created
3. C. Ensure that an IAM User is created
4. D. Ensure that an IAM Group is created for the on-premise servers

Correct Answer: B
You need to ensure that an IAM service role is created for allowing the on-premise servers to communicate with the AWS Systems Manager.
Option A is incorrect since it is not necessary that servers should only be running Hyper-V Options C and D are incorrect since it is not necessary that IAM users and groups are created For more information on the Systems Manager role please refer to the below URL: com/systems-rnanaeer/latest/usereuide/sysman-!
The correct answer is: Ensure that an IAM service role is created Submit your Feedback/Queries to our Experts

- (Exam Topic 3)
An Application team has requested a new AWS KMS master key for use with Amazon S3, but the organizational security policy requires separate master keys for different AWS services to limit blast radius.
How can an AWS KMS customer master key (CMK) be constrained to work with only Amazon S3?

1. A. Configure the CMK key policy to allow only the Amazon S3 service to use the kms Encrypt action
2. B. Configure the CMK key policy to allow AWS KMS actions only when the kms ViaService condition matches the Amazon S3 service name.
3. C. Configure the IAM user's policy lo allow KMS to pass a rote lo Amazon S3
4. D. Configure the IAM user's policy to allow only Amazon S3 operations when they are combined with the CMK

Correct Answer: B

- (Exam Topic 3)
A company deploys a distributed web application on a fleet of Amazon EC2 instances. The fleet is behind an Application Load Balancer (ALB) that will be configured to terminate the TLS connection. All TLS traffic to the ALB must stay secure, even if the certificate private key is compromised.
How can a security engineer meet this requirement?

1. A. Create an HTTPS listener that uses a certificate that is managed by AWS Certificate Manager (ACM).
2. B. Create an HTTPS listener that uses a security policy that uses a cipher suite with perfect toward secrecy (PFS).
3. C. Create an HTTPS listener that uses the Server Order Preference security feature.
4. D. Create a TCP listener that uses a custom security policy that allows only cipher suites with perfect forward secrecy (PFS).

Correct Answer: A