Free Preparation Discussions
MENU
Amazon SCS-C02 Exam Questions
- Topic 1: Detect security threats and anomalies by using AWS services/ Respond to compromised resources and workloads
- Topic 2: Develop a strategy to centrally deploy and manage AWS accounts/ Identify security gaps through architectural reviews and cost analysis
- Topic 3: Design and implement a logging solution/ Troubleshoot security monitoring and alerting
- Topic 4: Design and implement network security controls/ Design and implement controls to manage the lifecycle of data at rest
- Topic 5: Implement a secure and consistent deployment strategy for cloud resources/ Design and implement security controls for compute workloads
- Topic 6: Design and implement monitoring and alerting to address security events/ Design and implement an incident response plan
- Topic 7: Design, implement, and troubleshoot authorization for AWS resources/ Evaluate the compliance of AWS resources
- Topic 8: Threat Detection and Incident Response/ Security Logging and Monitoring
- Topic 9: Management and Security Governance/ Design and implement security controls for edge services
Free Amazon SCS-C02 Exam Actual Questions
Note: Premium Questions for SCS-C02 were last updated On Dec. 15, 2024 (see below)
A company uses HTTP Live Streaming (HL'S) to stream live video content to paying subscribers by using Amazon CloudFront. HLS splits the video content into chunks so that the user can request the right chunk based on different conditions. Because the video events last for several hours, the total video is made up of thousands of chunks.
The origin URL is not disclosed, and every user is forced to access the CloudFront URL. The company has a web application that authenticates the paying users against an internal repository and a CloudFront key pair that is already issued.
What is the simplest and MOST effective way to protect the content?
Utilizing CloudFront signed cookies is the simplest and most effective way to protect HLS video content for paying subscribers. Signed cookies provide access control for multiple files, such as video chunks in HLS streaming, without the need to generate a signed URL for each video chunk. This method simplifies the process for long video events with thousands of chunks, enhancing user experience while ensuring content protection.
A company is running an application on Amazon EC2 instances in an Auto Scaling group. The application stores logs locally. A security engineer noticed that logs were lost after a scale-in event. The security engineer needs to recommend a solution to ensure the durability and availability of log data All logs must be kept for a minimum of 1 year for auditing purposes. What should the security engineer recommend?
Option C is the best solution to ensure the durability and availability of log data from EC2 instances in an Auto Scaling group. By using an Amazon CloudWatch agent, the logs can be sent to Amazon CloudWatch Logs, which is a fully managed service that can store, monitor, and analyze log dat
A company wants to receive automated email notifications when AWS access keys from developer AWS accounts are detected on code repository sites.
Which solution will provide the required email notifications?
The solution to receiving automated email notifications when AWS access keys are detected on code repository sites is to use Amazon EventBridge with Amazon GuardDuty findings. Specifically, creating an EventBridge rule that targets Amazon GuardDuty findings, particularly the UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration finding type, allows for the detection of potential unauthorized use or exposure of AWS credentials. When such a finding is detected, EventBridge can then trigger an action to send a notification via Amazon Simple Notification Service (Amazon SNS). By configuring an SNS topic to send emails, stakeholders can be promptly informed of such security incidents. This approach leverages AWS's native security and monitoring services to provide timely alerts with minimal operational overhead, ensuring that the company can respond quickly to potential security breaches involving exposed AWS credentials.
An Amazon API Gateway API invokes an AWS Lambda function that needs to interact with a software-as-a-service (SaaS) platform. A unique client token is generated in the SaaS platform to grant access to the Lambda function. A security engineer needs to design a solution to encrypt the access token at rest and pass the token to the Lambda function at runtime.
Which solution will meet these requirements MOST cost-effectively?
A security engineer is implementing a solution to allow users to seamlessly encrypt Amazon S3 objects without having to touch the keys directly. The solution must be highly scalable without requiring continual management. Additionally, the organization must be able to immediately delete the encryption keys.
Which solution meets these requirements?
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Leonie
3 days agoLarae
6 days agoRolland
16 days agoLorrine
19 days agoFausto
23 days agoCurtis
1 months agoBrock
1 months agoLazaro
2 months agoCasie
2 months agoGerald
2 months agoMarcos
2 months agoTawny
2 months agoClemencia
3 months agoArthur
3 months agoRashad
3 months agoRodrigo
3 months agoElvera
3 months agoDorinda
4 months agoJames
4 months agoGary
5 months agoShaniqua
5 months agoRory
6 months agoStephaine
6 months agoAmmie
6 months agoChristiane
6 months agoNu
6 months agoLamonica
8 months ago