Free SCS-C01 Exam Braindumps

- (Exam Topic 2)
A security team is responsible for reviewing AWS API call activity in the cloud environment for security violations. These events must be recorded and retained in a centralized location for both current and future AWS regions.
What is the SIMPLEST way to meet these requirements?

1. A. Enable AWS Trusted Advisor security checks in the AWS Console, and report all security incidents for all regions.
2. B. Enable AWS CloudTrail by creating individual trails for each region, and specify a single Amazon S3 bucket to receive log files for later analysis.
3. C. Enable AWS CloudTrail by creating a new trail and applying the trail to all region
4. D. Specify a single Amazon S3 bucket as the storage location.
5. E. Enable Amazon CloudWatch logging for all AWS services across all regions, and aggregate them to a single Amazon S3 bucket for later analysis.

Correct Answer: C

- (Exam Topic 2)
The Information Technology department has stopped using Classic Load Balancers and switched to Application Load Balancers to save costs. After the switch, some users on older devices are no longer able to connect to the website.
What is causing this situation?

1. A. Application Load Balancers do not support older web browsers.
2. B. The Perfect Forward Secrecy settings are not configured correctly.
3. C. The intermediate certificate is installed within the Application Load Balancer.
4. D. The cipher suites on the Application Load Balancers are blocking connections.

Correct Answer: D
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html

- (Exam Topic 3)
Your company has many AWS accounts defined and all are managed via AWS Organizations. One AWS account has a S3 bucket that has critical data. How can we ensure that all the users in the AWS organisation have access to this bucket?
Please select:

1. A. Ensure the bucket policy has a condition which involves aws:PrincipalOrglD
2. B. Ensure the bucket policy has a condition which involves aws:AccountNumber
3. C. Ensure the bucket policy has a condition which involves aws:PrincipaliD
4. D. Ensure the bucket policy has a condition which involves aws:OrglD

Correct Answer: A
The AWS Documentation mentions the following
AWS Identity and Access Management (IAM) now makes it easier for you to control access to your AWS resources by using the AWS organization of IAM principals (users and roles). For some services, you grant permissions using resource-based policies to specify the accounts and principals that can access the resource and what actions they can perform on it. Now, you can use a new condition key, aws:PrincipalOrglD, in these policies to require all principals accessing the resource to be from an account in the organization
Option B.C and D are invalid because the condition in the bucket policy has to mention aws:PrincipalOrglD For more information on controlling access via Organizations, please refer to the below Link:
https://aws.amazon.com/blogs/security/control-access-to-aws-resources-by-usins-the-aws-organization-of-iam-p (
The correct answer is: Ensure the bucket policy has a condition which involves aws:PrincipalOrglD Submit your Feedback/Queries to our Experts

- (Exam Topic 1)
A security engineer has created an Amazon Cognito user pool. The engineer needs to manually verify the ID and access token sent by the application for troubleshooting purposes
What is the MOST secure way to accomplish this?

1. A. Extract the subject (sub), audience (aud), and cognito:username from the ID token payload Manually check the subject and audience for the user name In the user pool
2. B. Search for the public key with a key ID that matches the key ID In the header of the toke
3. C. Then use a JSON Web Token (JWT) library to validate the signature of the token and extract values, such as the expiry date
4. D. Verify that the token is not expire
5. E. Then use the token_use claim function In Amazon Cognito to validate the key IDs
6. F. Copy the JSON Web Token (JWT) as a JSON document Obtain the public JSON Web Key (JWK) and convert It to a pem fil
7. G. Then use the file to validate the original JWT.

Correct Answer: A

- (Exam Topic 1)
A company is outsourcing its operational support 1o an external company. The company’s security officer must implement an access solution fen delegating operational support that minimizes overhead.
Which approach should the security officer take to meet these requirements?

1. A. implement Amazon Cognito identity pools with a role that uses a policy that denies the actions related to Amazon Cognito API management Allow the external company to federate through its identity provider
2. B. Federate AWS identity and Access Management (IAM) with the external company's identity provider Create an IAM role and attach a policy with the necessary permissions
3. C. Create an IAM group for me external company Add a policy to the group that denies IAM modifications Securely provide the credentials to the eternal company.
4. D. Use AWS SSO with the external company's identity provide
5. E. Create an IAM group to map to the identity provider user group, and attach a policy with the necessary permissions.

Correct Answer: B