AWS SCS-C01 Certified Security Practice Specialty Test

Sample Questions:

You will be using AWS Setup to verify the configuration of the resources in your AWS account. We will be using an existing LAM role and using it for the AWS Config resource. Which of the following 0 necessary to ensure the AWS configuration service can operate as required?

Make sure there is a trust policy in place for the AWS Config service within the role

Make sure there is a concession policy in force for the AWS service in the role Conflg

Make sure there is a user policy in place for the AWS Config service within the role

Make sure there is a group policy in place for the AWS Config service within the role the answer is correct.

None

Your developer is using the Key Management Service and a spanner in their assigned Java program. They get the following erro when you run the code ARN: AWS: iam :: 1 1374538.871000 2: UserB user is not authorized to perform: km: DescribeKey Which of the following could help solve the problem? Please select:

Ensure that the user B is given the role LAM right to access the key

Ensure that the user B is given the right permissions in AML policy

Ensure that the user B is given the right permissions in Key policy

Ensure that the user B is given the right permissions in the Bucket policy

None

Does your company have an external website. This website needs to access objects in an S3 bucket. Which of the following would help the website to access objects in the safest way? Please select:

Giving the public access to the bucket with the bucket policy

Use aws Key Referer in clause provided for the bucket policy

Use the AWS Key sites in clause provided for the bucket policy

Granting a role that can be taken from the website

None

Your IT Security team has identified a number of critical vulnerabilities through EC2 instances in the company SWS account. What would be the simplest way to ensure these vulnerabilities are remediated?

Create AWS Lambda functions to download updates and patches of the server.

Use the AWS CLI commands to download updates and patches for servers.

Using AWS inspector patch servers

Use AWS Systems Manager patch servers

None

An organization has launched five cases: two for production and 3 for tests. The organization wants a particular group of Lam users should only access the test instances and not those of production. How you can set the organization as a part of politics? Please select:

Start the test instances and manufacture in separate regions and allow access to the region wise group

Define the LAM policy that allows access by the ID request

Lam Create a policy with a condition that allows access only to small instances

Define the tag on the test server and production and to add a condition to the AML policy, which allows access to specific tags

None