Free SCS-C01 Exam Braindumps

- (Exam Topic 3)
A company is planning on using AWS for hosting their applications. They want complete separation and isolation of their production , testing and development environments. Which of the following is an ideal way to design such a setup?
Please select:

1. A. Use separate VPCs for each of the environments
2. B. Use separate IAM Roles for each of the environments
3. C. Use separate IAM Policies for each of the environments
4. D. Use separate AWS accounts for each of the environments

Correct Answer: D
A recommendation from the AWS Security Best practices highlights this as well C:\Users\wk\Desktop\mudassar\Untitled.jpg

option A is partially valid, you can segregate resources, but a best practise is to have multiple accounts for this setup.
Options B and C are invalid because from a maintenance perspective this could become very difficult For more information on the Security Best practices, please visit the following URL:
https://dl.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf
The correct answer is: Use separate AWS accounts for each of the environments Submit your Feedback/Queries to our Experts

- (Exam Topic 2)
A Security Engineer is defining the logging solution for a newly developed product. Systems Administrators and Developers need to have appropriate access to event log files in AWS CloudTrail to support and troubleshoot the product.
Which combination of controls should be used to protect against tampering with and unauthorized access to log files? (Choose two.)

1. A. Ensure that the log file integrity validation mechanism is enabled.
2. B. Ensure that all log files are written to at least two separate Amazon S3 buckets in the same account.
3. C. Ensure that Systems Administrators and Developers can edit log files, but prevent any other access.
4. D. Ensure that Systems Administrators and Developers with job-related need-to-know requirements only are capable of viewing—but not modifying—the log files.
5. E. Ensure that all log files are stored on Amazon EC2 instances that allow SSH access from the internalcorporate network only.

Correct Answer: AD

- (Exam Topic 2)
The Security Engineer for a mobile game has to implement a method to authenticate users so that they can save their progress. Because most of the users are part of the same OpenID-Connect compatible social media website, the Security Engineer would like to use that as the identity provider.
Which solution is the SIMPLEST way to allow the authentication of users using their social media identities?

1. A. Amazon Cognito
2. B. AssumeRoleWithWebIdentity API
3. C. Amazon Cloud Directory
4. D. Active Directory (AD) Connector

Correct Answer: A

- (Exam Topic 1)
A city is implementing an election results reporting website that will use Amazon GoudFront The website runs on a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB) in an Auto Scaling group. Election results are updated hourly and are stored as .pdf tiles in an Amazon S3 bucket. A Security Engineer needs to ensure that all external access to the website goes through CloudFront.
Which solution meets these requirements?

1. A. Create an IAM role that allows CloudFront to access the specific S3 bucke
2. B. Modify the S3 bucket policy to allow only the new IAM role to access its content
3. C. Create an interface VPC endpoint for CloudFront to securely communicate with the ALB.
4. D. Create an IAM role that allows CloudFront to access the specific S3 bucke
5. E. Modify the S3 bucket policy to allow only the new IAM role to access its content
6. F. Associate the ALB with a security group that allows only incoming traffic from the CloudFront service to communicate with the ALB.
7. G. Create an origin access identity (OAI) in CloudFron
8. H. Modify the S3 bucket policy to allow only the new OAI to access the bucket content
9. I. Create an interface VPC endpoint for CloudFront to securely communicate with the ALB.
10. J. Create an origin access identity (OAI) in CloudFron
11. K. Modify the S3 bucket policy to allow only the new OAI to access the bucket content
12. L. Associate the ALB with a security group that allows onlyincoming traffic from the CloudFront service to communicate with the ALB.

Correct Answer: C

- (Exam Topic 3)
Company policy requires that all insecure server protocols, such as FTP, Telnet, HTTP, etc be disabled on all servers. The security team would like to regularly check all servers to ensure compliance with this requirement by using a scheduled CloudWatch event to trigger a review of the current infrastructure. What process will check compliance of the company's EC2 instances?
Please select:

1. A. Trigger an AWS Config Rules evaluation of the restricted-common-ports rule against every EC2 instance.
2. B. Query the Trusted Advisor API for all best practice security checks and check for "action recommened" status.
3. C. Enable a GuardDuty threat detection analysis targeting the port configuration on every EC2 instance.
4. D. Run an Amazon inspector assessment using the Runtime Behavior Analysis rules package against every EC2 instance.

Correct Answer: D
Option B is incorrect because querying Trusted Advisor API's are not possible
Option C is incorrect because GuardDuty should be used to detect threats and not check the compliance of security protocols.
Option D states that Run Amazon Inspector using runtime behavior analysis rules which will analyze the behavior of your instances during an assessment run, and provide guidance about how to make your EC2 instances more secure.
Insecure Server Protocols
This rule helps determine whether your EC2 instances allow support for insecure and unencrypted ports/services such as FTP, Telnet HTTP, IMAP, POP version 3, SMTP, SNMP versions 1 and 2, rsh, and rlogin.
For more information, please refer to below URL: https://docs.aws.amazon.eom/mspector/latest/userguide/inspector_runtime-behavior-analysis.html#insecure-prot
(
The correct answer is: Run an Amazon Inspector assessment using the Runtime Behavior Analysis rules package against every EC2 instance.
Submit your Feedback/Queries to our Experts