Free SCS-C01 Exam Braindumps

- (Exam Topic 3)
You have a set of 100 EC2 Instances in an AWS account. You need to ensure that all of these instances are patched and kept to date. All of the instances are in a private subnet. How can you achieve this. Choose 2 answers from the options given below
Please select:

1. A. Ensure a NAT gateway is present to download the updates
2. B. Use the Systems Manager to patch the instances
3. C. Ensure an internet gateway is present to download the updates
4. D. Use the AWS inspector to patch the updates

Correct Answer: AB
Option C is invalid because the instances need to remain in the private: Option D is invalid because AWS inspector can only detect the patches
One of the AWS Blogs mentions how patching of Linux servers can be accomplished. Below is the diagram representation of the architecture setup
C:\Users\wk\Desktop\mudassar\Untitled.jpg

For more information on patching Linux workloads in AWS, please refer to the Lin. https://aws.amazon.com/blogs/security/how-to-patch-linux-workloads-on-awsj
The correct answers are: Ensure a NAT gateway is present to download the updates. Use the Systems Manager to patch the instances
Submit your Feedback/Queries to our Experts

- (Exam Topic 2)
A Systems Administrator has written the following Amazon S3 bucket policy designed to allow access to an S3 bucket for only an authorized AWS IAM user from the IP address range 10.10.10.0/24:

When trying to download an object from the S3 bucket from 10.10.10.40, the IAM user receives an access denied message.
What does the Administrator need to change to grant access to the user?

1. A. Change the “Resource” from “arn: aws:s3:::Bucket” to “arn:aws:s3:::Bucket/*”.
2. B. Change the “Principal” from “*” to {AWS:”arn:aws:iam: : account-number: user/username”}
3. C. Change the “Version” from “2012-10-17” to the last revised date of the policy
4. D. Change the “Action” from [“s3:*”] to [“s3:GetObject”, “s3:ListBucket”]

Correct Answer: A

- (Exam Topic 2)
The AWS Systems Manager Parameter Store is being used to store database passwords used by an AWS Lambda function. Because this is sensitive data, the parameters are stored as type SecureString and protected by an AWS KMS key that allows access through IAM. When the function executes, this parameter cannot be retrieved as the result of an access denied error.
Which of the following actions will resolve the access denied error?

1. A. Update the ssm.amazonaws.com principal in the KMS key policy to allow kms: Decrypt.
2. B. Update the Lambda configuration to launch the function in a VPC.
3. C. Add a policy to the role that the Lambda function uses, allowing kms: Decrypt for the KMS key.
4. D. Add lambda.amazonaws.com as a trusted entity on the IAM role that the Lambda function uses.

Correct Answer: C
https://docs.amazonaws.cn/en_us/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.Authorizing

- (Exam Topic 1)
A company's Security Engineer has been asked to monitor and report all AWS account root user activities. Which of the following would enable the Security Engineer to monitor and report all root user activities?
(Select TWO)

1. A. Configuring AWS Organizations to monitor root user API calls on the paying account
2. B. Creating an Amazon CloudWatch Events rule that will trigger when any API call from the root user isreported
3. C. Configuring Amazon Inspector to scan the AWS account for any root user activity
4. D. Configuring AWS Trusted Advisor to send an email to the Security team when the root user logs in to the console
5. E. Using Amazon SNS to notify the target group

Correct Answer: BE

- (Exam Topic 3)
A windows machine in one VPC needs to join the AD domain in another VPC. VPC Peering has been established. But the domain join is not working. What is the other step that needs to be followed to ensure that the AD domain join can work as intended
Please select:

1. A. Change the VPC peering connection to a VPN connection
2. B. Change the VPC peering connection to a Direct Connect connection
3. C. Ensure the security groups for the AD hosted subnet has the right rule for relevant subnets
4. D. Ensure that the AD is placed in a public subnet

Correct Answer: C
In addition to VPC peering and setting the right route tables, the security groups for the AD EC2 instance needs to ensure the right rules are put in place for allowing incoming traffic.
Option A and B is invalid because changing the connection type will not help. This is a problem with the Security Groups.
Option D is invalid since the AD should not be placed in a public subnet
For more information on allowing ingress traffic for AD, please visit the following url
|https://docs.aws.amazon.com/quickstart/latest/active-directory-ds/ingress.html|
The correct answer is: Ensure the security groups for the AD hosted subnet has the right rule for relevant subnets Submit your Feedback/Queries to our Experts