9
null

AWS Certified Security - Specialty (SCS-C02) Exam Questions

Are you looking for ways to prepare for your upcoming AWS Certified Security - Specialty (SCS-C02) Exam? PassQuestion team of experts has put together the latest and most comprehensive AWS Certified Security - Specialty (SCS-C02) Exam Questions which cover all of the key topics and concepts that you will need to know in order to successfully pass your exam. With PassQuestion AWS Certified Security - Specialty (SCS-C02) Exam Questions, you can rest assured that you are getting the most up-to-date and accurate information available. So why wait? Sign up for PassQuestion today and start preparing for your AWS Certified Security - Specialty (SCS-C02) Exam with confidence. 

AWS Certified Security - Specialty (SCS-C02) Exam

The AWS Certified Security - Specialty certification validates your expertise in creating and implementing security solutions in the AWS Cloud. It also confirms your understanding of specialized data classifications, AWS data protection mechanisms, data-encryption methods, and AWS mechanisms to implement them, as well as secure internet protocols and AWS mechanisms to implement them.

The AWS Certified Security - Specialty (SCS-C02) exam is designed for individuals who work in a security role. It validates a candidate's ability to effectively demonstrate knowledge about securing AWS products and services. The target candidate should have 3-5 years of experience designing and implementing security solutions and at least 2 years of hands-on experience in securing AWS workloads.


Exam Information

Category: Specialty

Exam duration: 170 minutes

Number of Questions: 65 questions

Exam format: multiple choice or multiple response

Cost: 300 USD

Test in-person or online

Testing center: Pearson VUE

Languages offered: English, French (France), Italian, Japanese, Korean, Portuguese (Brazil), Simplified Chinese, and Spanish (Latin America)

Exam Topics   

Threat Detection and Incident Response   14% 

Security Logging and Monitoring   18% 

Infrastructure Security   20% 

Identity and Access Management   16%

Data Protection   18%

Management and Security Governance   14%

Benefits of AWS Certified Security - Specialty (SCS-C02) Exam

The benefits of passing the AWS Certified Security - Specialty (SCS-C02) exam include validating your expertise in creating and implementing security solutions in the AWS Cloud, as well as confirming your understanding of specialized data classifications, AWS data protection mechanisms, data-encryption methods, and AWS mechanisms to implement them, as well as secure internet protocols and AWS mechanisms to implement them. Additionally, passing the exam can help demonstrate your ability to effectively demonstrate knowledge about securing AWS products and services, which can lead to career advancement opportunities and increased earning potential.


View Online AWS Certified Security - Specialty (SCS-C02) Free Questions

1. A Security Engineer has been informed that a user’s access key has been found on GitHub. The Engineer must ensure that this access key cannot continue to be used, and must assess whether the access key was used to perform any unauthorized activities.

Which steps must be taken to perform these tasks?

A. Review the user's IAM permissions and delete any unrecognized or unauthorized resources.

B. Delete the user, review Amazon CloudWatch Logs in all regions, and report the abuse.

C. Delete or rotate the user’s key, review the AWS CloudTrail logs in all regions, and delete any unrecognized or unauthorized resources.

D. Instruct the user to remove the key from the GitHub submission, rotate keys, and re-deploy any instances that were launched.

Answer: C

2. A company is building a data lake on Amazon S3. The data consists of millions of small files containing sensitive information.

The Security team has the following requirements for the architecture:

● Data must be encrypted in transit.

● Data must be encrypted at rest.

● The bucket must be private, but if the bucket is accidentally made public, the data must remain confidential.

Which combination of steps would meet the requirements? (Select TWO.)

A. Enable AES-256 encryption using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) on the S3 bucket.

B. Enable default encryption with server-side encryption with AWS KMS-managed keys (SSE-KMS) on the S3 bucket.

C. Add a bucket policy that includes a deny if a PutObject request does not include aws:SecureTransport.

D. Add a bucket policy with aws:SourceIp to allow uploads and downloads from the corporate intranet only.

E. Enable Amazon Macie to monitor and act on changes to the data lake's S3 bucket.

Answer: B, C

3. A Security Engineer must ensure that all API calls are collected across all company accounts, and that they are preserved online and are instantly available for analysis for 90 days. For compliance reasons, this data must be restorable for 7 years.

Which steps must be taken to meet the retention needs in a scalable, cost-effective way?

A. Enable AWS CloudTrail logging across all accounts to a centralized Amazon S3 bucket with versioning enabled. Set a lifecycle policy to move the data to Amazon Glacier daily, and expire the data after 90 days.

B. Enable AWS CloudTrail logging across all accounts to S3 buckets. Set a lifecycle policy to expire the data in each bucket after 7 years.

C. Enable AWS CloudTrail logging across all accounts to Amazon Glacier. Set a lifecycle policy to expire the data after 7 years.

D. Enable AWS CloudTrail logging across all accounts to a centralized Amazon S3 bucket. Set a lifecycle policy to move the data to Amazon Glacier after 90 days, and expire the data after 7 years.

Answer: D

4. A company decides to place database hosts in its own VPC, and to set up VPC peering to different VPCs containing the application and web tiers. The application servers are unable to connect to the database.

Which network troubleshooting steps should be taken to resolve the issue? (Select TWO.)

A. Check to see if the application servers are in a private subnet or public subnet.

B. Check the route tables for the application server subnets for routes to the VPC peering connection.

C. Check the NACLs for the database subnets for rules that allow traffic from the internet.

D. Check the database security groups for rules that allow traffic from the application servers.

E. Check to see if the database VPC has an internet gateway

Answer: B, D

5. Why is it important to scan network logs?

A. To keep an eye on what the employees on your network are doing.

B. To ensure there are no dropped packets or high latency.

C. To be alerted to unusual traffic entering and exiting your network as a potential security event.

D. To know if access has been made to your private S3 buckets.

Answer: C

Related Articles