Newest Amazon SCS-C02 Practice Questions at Zero Cost

Get a glimpse of the real SCS-C02 certification exam challenges with our free Amazon SCS-C02 practice test questions.

Question 1

An Amazon EC2 Auto Scaling group launches Amazon Linux EC2 instances and installs the Amazon CloudWatch agent to publish logs to Amazon CloudWatch Logs. The EC2 instances launch with an IAM role that has an IAM policy attached. The policy provides access to publish custom metrics to CloudWatch. The EC2 instances run in a private subnet inside a VPC. The VPC provides ^ccess to the internet for private subnets through a NAT gateway.

A security engineer notices that no logs are being published to CloudWatch Logs for the EC2 instances that the Auto Scaling group launches. The security engineer validates that the CloudWatch Logs agent is running and is configured properly on the EC2 instances. In addition, the security engineer validates that network communications are working properly to AWS services.

What can the security engineer do to ensure that the logs are published to CloudWatch Logs?

AConfigure the IAM policy in use by the IAM role to have access to the required cloudwatch: API actions thatwill publish logs.

BAdjust the Amazon EC2 Auto Scaling service-linked role to have permissions to write to CloudWatch Logs.

CConfigure the IAM policy in use by the IAM role to have access to the required AWS logs: API actions that willpublish logs.

DAdd an interface VPC endpoint to provide a route to CloudWatch Logs.

Correct Answer: 1

Question 2

A security team is responsible for reviewing AWS API call activity in the cloud environment for security violations. These events must be recorded and retained in a centralized location for both current and future AWS regions.

What is the SIMPLEST way to meet these requirements?

AEnable AWS Trusted Advisor security checks in the AWS Console, tsnd report all security incidents for all regions.

BEnable AWS CloudTrail by creating individual trails for each region, and specify a single Amazon S3 bucket to receive log files for later analysis.

CEnable AWS CloudTrail by creating a new trail and applying the trail to all regions. Specify a single Amazon S3 bucket as the storage location.

DEnable Amazon CloudWatch logging for all AWS services across all regions, and aggregate them to a single Amazon S3 bucket for later analysis.

Correct Answer: 2

Question 3

A company has public certificates that are managed by AWS Certificate Manager (ACM). The certificates are either imported certificates or managed certificates from ACM with mixed validation methods. A security engineer needs to design a monitoring solution to provide alerts by email when a certificate is approaching its expiration date.

What is the MOST operationally efficient way to meet this requirement?

ACreate an AWS Lambda function to list all certificates and to go through each certificate to describe the certificate by using the AWS SDK. Filter on the NotAfter attribute and send an email notification. Use an Amazon EventBridge rate expression to schedule the Lambda function to run daily.

BCreate an Amazon CloudWatch alarm Add all the certificate ARNs in the AWS/CertificateManager namespace to the DaysToExpiry metnc. Configure the alarm to publish a notification to an Amazon Simple Notification Service (Amazon SNS) topic when the value for the DaysToExpiry metric is less than or equal to 31.

CSet up AWS Security Hub. Turn on the AWS Foundational Security Best Practices standard with integrated ACM to send findings. Configure and use a custom action by creating a rule to match the pattern from the ACM findings on the NotBefore attribute as the event source Create an Amazon Simple Notification Service (Amazon SNS) topic as the target

DCreate an Amazon EventBridge rule by using a predefined pattern for ACM Choose the metric in the ACM Certificate Approaching Expiration event as the event pattern. Create an Amazon Simple Notification Service (Amazon SNS) topic as the target

Correct Answer: 3

Question 4

A company has two AWS accounts: Account A and Account B Each account has a VPC. An application that runs in the VPC in Account A needs to write to an Amazon S3 bucket in Account B. The application in Account A already has permission to write to the S3 bucket in Account B.

The application and the S3 bucket are in the same AWS Region. The company cannot send network traffic over the public internet.

Which solution will meet these requirements? b

AIn both accounts, create a transit gateway and VPC attachments in a subnet in each Availability Zone. Update the VPC route tables.

BDeploy a software VPN appliance in Account A. Create a VPN connection between the software VPN appliance and a virtual private gateway in Account B

CCreate a VPC peering connection between the VPC in Account A and the VPC in Account B. Update the VPC route tables, network ACLs, and security groups to allow network traffic between the peered IP ranges.

DIn Account A. create a gateway VPC endpoint for Amazon S3. Update the VPC route table in Account A.

Correct Answer: 4

Question 5

AWS CloudTrail is being used to monitor API calls in an organization. An audit revealed that CloudTrail is failing to deliver events to Amazon S3 as expected.

What initial actions should be taken to allow delivery of CloudTrail events to S3? (Select TWO.)

AVerify thattheS3 bucket policy allows CloudTrail to write objects.

BVerify thatthe1AM role used by CloudTrail has access to write to Amazon CloudWatch Logs.

CRemove any lifecycle policies on the S3 bucket that are archiving objects to S3 Glacier Flexible Retrieval.

DVerify thattheS3 bucket defined in CloudTrail exists.

EVerify that the log file prefix defined in CloudTrail exists in the S3 bucket.

Correct Answer: 5

A, D

Master the AWS Certified Security - Specialty SCS-C02 exam like never before! You’ve reviewed the free SCS-C02 practice questions, but the actual Amazon Specialty certification exam demands more. Elevate your preparation with Certsmarket premium Amazon Specialty SCS-C02 practice exam questions.

Explore Free Amazon Specialty SCS-C02 Practice Questions for Exam Mastery

Our Community

What our students say about us?