Free Preparation Discussions
MENU
Amazon SCS-C02 Exam Questions
- Topic 1: Detect security threats and anomalies by using AWS services/ Respond to compromised resources and workloads
- Topic 2: Develop a strategy to centrally deploy and manage AWS accounts/ Identify security gaps through architectural reviews and cost analysis
- Topic 3: Design and implement a logging solution/ Troubleshoot security monitoring and alerting
- Topic 4: Design and implement network security controls/ Design and implement controls to manage the lifecycle of data at rest
- Topic 5: Implement a secure and consistent deployment strategy for cloud resources/ Design and implement security controls for compute workloads
- Topic 6: Design and implement monitoring and alerting to address security events/ Design and implement an incident response plan
- Topic 7: Design, implement, and troubleshoot authorization for AWS resources/ Evaluate the compliance of AWS resources
- Topic 8: Threat Detection and Incident Response/ Security Logging and Monitoring
- Topic 9: Management and Security Governance/ Design and implement security controls for edge services
Free Amazon SCS-C02 Exam Actual Questions
Note: Premium Questions for SCS-C02 were last updated On Nov. 10, 2024 (see below)
A company is running an application on Amazon EC2 instances in an Auto Scaling group. The application stores logs locally. A security engineer noticed that logs were lost after a scale-in event. The security engineer needs to recommend a solution to ensure the durability and availability of log data All logs must be kept for a minimum of 1 year for auditing purposes. What should the security engineer recommend?
Option C is the best solution to ensure the durability and availability of log data from EC2 instances in an Auto Scaling group. By using an Amazon CloudWatch agent, the logs can be sent to Amazon CloudWatch Logs, which is a fully managed service that can store, monitor, and analyze log dat
A company wants to receive automated email notifications when AWS access keys from developer AWS accounts are detected on code repository sites.
Which solution will provide the required email notifications?
The solution to receiving automated email notifications when AWS access keys are detected on code repository sites is to use Amazon EventBridge with Amazon GuardDuty findings. Specifically, creating an EventBridge rule that targets Amazon GuardDuty findings, particularly the UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration finding type, allows for the detection of potential unauthorized use or exposure of AWS credentials. When such a finding is detected, EventBridge can then trigger an action to send a notification via Amazon Simple Notification Service (Amazon SNS). By configuring an SNS topic to send emails, stakeholders can be promptly informed of such security incidents. This approach leverages AWS's native security and monitoring services to provide timely alerts with minimal operational overhead, ensuring that the company can respond quickly to potential security breaches involving exposed AWS credentials.
An Amazon API Gateway API invokes an AWS Lambda function that needs to interact with a software-as-a-service (SaaS) platform. A unique client token is generated in the SaaS platform to grant access to the Lambda function. A security engineer needs to design a solution to encrypt the access token at rest and pass the token to the Lambda function at runtime.
Which solution will meet these requirements MOST cost-effectively?
A security engineer is implementing a solution to allow users to seamlessly encrypt Amazon S3 objects without having to touch the keys directly. The solution must be highly scalable without requiring continual management. Additionally, the organization must be able to immediately delete the encryption keys.
Which solution meets these requirements?
A company needs to create a centralized solution to analyze log files. The company uses an organization in AWS Organizations to manage its AWS accounts.
The solution must aggregate and normalize events from the following sources:
* The entire organization in Organizations
* All AWS Marketplace offerings that run in the company's AWS accounts
* The company's on-premises systems
Which solution will meet these requirements?
Amazon Security Lake, when configured with a delegated administrator account in AWS Organizations, provides a centralized solution for aggregating, organizing, and prioritizing security data from multiple sources including AWS services, AWS Marketplace solutions, and on-premises systems. By enabling Security Lake for the organization and adding the necessary AWS accounts, the solution centralizes the collection and analysis of log data. This setup leverages the organization's structure to streamline log aggregation and normalization, making it an efficient solution for the specified requirements. The use of Amazon Athena for querying the log data further enhances the ability to analyze and respond to security findings across the organization.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Curtis
2 days agoBrock
7 days agoLazaro
18 days agoCasie
19 days agoGerald
21 days agoMarcos
1 months agoTawny
1 months agoClemencia
2 months agoArthur
2 months agoRashad
2 months agoRodrigo
2 months agoElvera
2 months agoDorinda
3 months agoJames
3 months agoGary
4 months agoShaniqua
4 months agoRory
5 months agoStephaine
5 months agoAmmie
5 months agoChristiane
5 months agoNu
5 months agoLamonica
7 months ago