【免费】AWSCertifiedSecurity-Specialty安全专家题库ExamShoot公开版资源-CSDN文库

需积分: 0 101 浏览量 2024-03-04 10:02:11 上传评论收藏 572KB PDF 举报

资源推荐

资源详情

资源评论

Wish You PASS The Exam \(@^O^@)/

1/50Thank you for choosing ExamShoot.com product!

AWS SCS C02 Exam Questions

Question: 1

Company A has an AWS account that is named Account A. Company A recently acquired Company B, which has

an AWS account that is named Account B. Company B stores its files in an Amazon S3 bucket. The administrators

need to give a user from Account A full access to the S3 bucket in Account B.

After the administrators adjust the IAM permissions for the user in Account A to access the S3 bucket in Account

B, the user still cannot access any files in the S3 bucket.

Which solution will resolve this issue?

Answer: C

A: In Account B, create a bucket ACL to allow the user from Account A to access the S3 bucket in Account B.

B: In Account B, create an object ACL to allow the user from Account A to access all the objects in the S3

bucket in Account B.

C: In Account B, create a bucket policy to allow the user from Account A to access the S3 bucket in Account B.

D: In Account B, create a user policy to allow the user from Account A to access the S3 bucket in Account B.

Question: 2

A company has a guideline that mandates the encryption of all Amazon S3 bucket data in transit. A security

engineer must implement an S3 bucket policy that denies any S3 operations if data is not encrypted.

Which S3 bucket policy will meet this requirement?

Answer: B

A: <img src="https://cache.madadm.com/wx_madadm_com/images/2024/1/31/img_17067290832270.png">

<br>

B: <img src="https://cache.madadm.com/wx_madadm_com/images/2024/1/31/img_17067290833611.png">

<br>

C: <img src="https://cache.madadm.com/wx_madadm_com/images/2024/1/31/img_17067290834432.png">

<br>

D: <img src="https://cache.madadm.com/wx_madadm_com/images/2024/1/31/img_17067290836613.png">

Question: 3

A security engineer wants to use Amazon Simple Notification Service (Amazon SNS) to send email alerts to a

company's security team for Amazon GuardDuty findings that have a High severity level. The security engineer

also wants to deliver these findings to a visualization tool for further examination.

Which solution will meet these requirements?

A: Set up GuardDuty to send notifications to an Amazon CloudWatch alarm with two targets in CloudWatch.

From CloudWatch, stream the findings through Amazon Kinesis Data Streams into an Amazon Open Search

Service domain as the first target for delivery. Use Amazon QuickSight to visualize the findings. Use

OpenSearch queries for further analysis. Deliver email alerts to the security team by configuring an SNS topic

as a second target for the CloudWatch alarm. Use event pattern matching with an Amazon EventBridge event

rule to send only High severity findings in the alerts.

Wish You PASS The Exam \(@^O^@)/

2/50Thank you for choosing ExamShoot.com product!

Answer: C

B: Set up GuardDuty to send notifications to AWS CloudTrail with two targets in CloudTrail. From CloudTrail,

stream the findings through Amazon Kinesis Data Firehose into an Amazon OpenSearch Service domain as

the first target for delivery. Use OpenSearch Dashboards to visualize the findings. Use OpenSearch queries

for further analysis. Deliver email alerts to the security team by configuring an SNS topic as a second target

for CloudTrail. Use event pattern matching with a CloudTrail event rule to send only High severity findings in

the alerts.

C: Set up GuardDuty to send notifications to Amazon EventBridge with two targets. From EventBridge, stream

the findings through Amazon Kinesis Data Firehose into an Amazon OpenSearch Service domain as the first

target for delivery. Use OpenSearch Dashboards to visualize the findings. Use OpenSearch queries for further

analysis. Deliver email alerts to the security team by configuring an SNS topic as a second target for

EventBridge. Use event pattern matching with an EventBridge event rule to send only High severity findings

in the alerts.

D: Set up GuardDuty to send notifications to Amazon EventBridge with two targets. From EventBridge,

stream the findings through Amazon Kinesis Data Streams into an Amazon OpenSearch Service domain as

the first target for delivery. Use Amazon QuickSight to visualize the findings. Use OpenSearch queries for

further analysis. Deliver email alerts to the security team by configuring an SNS topic as a second target for

EventBridge. Use event pattern matching with an EventBridge event rule to send only High severity findings

in the alerts.

Question: 4

A security engineer needs to implement a write-once-read-many (WORM) model for data that a company will

store in Amazon S3 buckets. The company uses the S3 Standard storage class for all of its S3 buckets. The

security engineer must ensure that objects cannot be overwritten or deleted by any user, including the AWS

account root user.

Which solution will meet these requirements?

Answer: A

A: Create new S3 buckets with S3 Object Lock enabled in compliance mode. Place objects in the S3 buckets.

B: Use S3 Glacier Vault Lock to attach a Vault Lock policy to new S3 buckets. Wait 24 hours to complete the

Vault Lock process. Place objects in the S3 buckets.

C: Create new S3 buckets with S3 Object Lock enabled in governance mode. Place objects in the S3 buckets.

D: Create new S3 buckets with S3 Object Lock enabled in governance mode. Add a legal hold to the S3

buckets. Place objects in the S3 buckets.<br>

Question: 5

A company needs complete encryption of the traffic between external users and an application. The company

hosts the application on a fleet of Amazon EC2 instances that run in an Auto Scaling group behind an Application

Load Balancer (ALB).

How can a security engineer meet these requirements?

A: Create a new Amazon-issued certificate in AWS Secrets Manager. Export the certificate from Secrets

Manager. Import the certificate into the ALB and the EC2 instances.

B: Create a new Amazon-issued certificate in AWS Certificate Manager (ACM). Associate the certificate with

the ALExport the certificate from ACM. Install the certificate on the EC2 instances.

C: Import a new third-party certificate into AWS Identity and Access Management (IAM). Export the certificate

from IAM. Associate the certificate with the ALB and the EC2 instances.

Wish You PASS The Exam \(@^O^@)/

4/50Thank you for choosing ExamShoot.com product!

Answer: BC

E: Allow port 443 from 10.0.1.0/24.

Question: 8

A security engineer wants to forward custom application-security logs from an Amazon EC2 instance to Amazon

CloudWatch. The security engineer installs the CloudWatch agent on the EC2 instance and adds the path of the

logs to the CloudWatch configuration file.

However, CloudWatch does not receive the logs. The security engineer verifies that the awslogs service is

running on the EC2 instance.

What should the security engineer do next to resolve the issue?

Answer: D

A: Add AWS CloudTrail to the trust policy of the EC2 in stance. Send the custom logs to CloudTrail instead of

CloudWatch.

B: Add Amazon S3 to the trust policy of the EC2 instance. Configure the application to write the custom logs

to an S3 bucket that CloudWatch can use to ingest the logs.

C: Add Amazon Inspector to the trust policy of the EC2 instance. Use Amazon Inspector instead of the

CloudWatch agent to collect the custom logs.

D: Attach the CloudWatchAgentServerPolicy AWS managed policy to the EC2 instance role.

Question: 9

A systems engineer is troubleshooting the connectivity of a test environment that includes a virtual security

appliance deployed inline. In addition to using the virtual security appliance, the development team wants to use

security groups and network ACLs to accomplish various security requirements in the environment.

What configuration is necessary to allow the virtual security appliance to route the traffic?

Answer: C

A: Disable network ACLs.

B: Configure the security appliance's elastic network interface for promiscuous mode.

C: Disable the Network Source/Destination check on the security appliance's elastic network interface.

D: Place the security appliance in the public subnet with the internet gateway.

Question: 10

A security engineer needs to create an Amazon S3 bucket policy to grant least privilege read access to IAM user

accounts that are named User1, User2, and User3. These IAM user accounts are members of the

AuthorizedPeople IAM group. The security engineer drafts the following S3 bucket policy:

剩余22页未读，继续阅读

评论收藏

内容反馈

customservice

粉丝: 225
资源: 12

AWS Certified Security - Specialty 安全专家题库ExamShoot 公开版

最新资源

AWS Certified Security - Specialty 安全专家 题库ExamShoot 公开版

AWS Certified Advanced Networking - Specialty ANS题库ExamShoot公开版

AWS Certified Machine Learning - Specialty 机器学习专家题库Examshoot公开版

AWS Certified Database - Specialty

AWS Certified SAP on AWS - Specialty (PAS-C01) 题库ExamShoot 公开版

AWS Certified Database – Specialty (DBS-C01) 题库ExamShoot 公开版

AWS Certified Solutions Architect-Associate SAA考试题库ExamShoot公开版

AWS Certified Solutions Architect-Professional SAP题库ExamShoot公开版

AWS-Security-Specialty.pdf

AWS Certified SysOps Administrator–Associate SOA题库ExamShoot公开版

AWS Certified Solutions Architect - Associate题库

AWS Certified Cloud Practitioner CLF考试题库ExamShoot公开版

AWS-Certified-Cloud-Practitioner 301-589题.docx

AWS Certified Advanced Networking - Specialty - ANS - C00 .pdf

aws-java-sdk-core-1.11.939-API文档-中文版.zip

AWS-Certified-Security-Speciality_Sample-Questions.pdf

aws-java-sdk-core-1.12.160-API文档-中英对照版.zip

aws-sdk-cpp-1.11.4（x86-windows）

aws-java-sdk-s3-1.11.939-API文档-中文版.zip

AWS Data Engineer Associate DEA 题库ExamShoot 公开版

计算机组成原理课后习题答案

《科研伦理与学术规范》期末考试及答案2023

Latex中文论文模板A4双栏，适用课程论文

哈尔滨工业大学ppt模板

2024北森题库（含答案）

北京科技大学研究生英语科技论文写作MOOC参考答案

DATA数据治理工程师(CDGA)资料【电子书+学习要点+题库+真题】

火热！！cfa一级2024最新notes下载

NOC指导教师认证真题

最新资源

AWS Certified Security - Specialty 安全专家题库ExamShoot 公开版