Amazon AWS Certified Security - Specialty SCS-C01
Prev

There are 254 results

Next
#251 (Accuracy: 100% / 3 votes)
A company wants to implement a content delivery network for an upcoming product launch. The origin for distribution is an object store outside of AWS and requires the Authorization header from the request to be passed to it.

How can a security engineer meet this requirement in the LEAST amount of time?
  • A. Migrate the objects to Amazon S3. Create a new AWS Global Accelerator accelerator that has a listener on port 443 and an endpoint group that points to the origin distribution.
  • B. Create a new Amazon CloudFront distribution. Create a new CloudFront custom header for X-Amz-Authorization. Attach the header to the distribution.
  • C. Create a new Amazon CloudFront distribution. Create a new CloudFront cache policy with a header whitelist for the Authorization header. Attach the policy to the distribution.
  • D. Migrate the objects to Amazon S3. Create a new Amazon CloudFront distribution. Create a new CloudFront cache policy with a header whitelist for the Authorization header. Attach the policy to the distribution.
#252 (Accuracy: 100% / 4 votes)
A company’s security engineer receives an abuse notification from AWS. The notification indicates that someone is hosting malware from the company’s AWS account. After investigation, the security engineer finds a new Amazon S3 bucket that an IAM user created without authorization.

Which combination of steps should the security engineer take to MINIMIZE the consequences of this compromise? (Choose three.)
  • A. Encrypt all AWS CloudTrail logs.
  • B. Turn on Amazon GuardDuty.
  • C. Change the password for all IAM users.
  • D. Rotate or delete all AWS access keys.
  • E. Take snapshots of all Amazon Elastic Block Store (Amazon EBS) volumes.
  • F. Delete any resources that are unrecognized or unauthorized.
#253 (Accuracy: 100% / 2 votes)
A company has two web applications that run on Amazon EC2 and Amazon S3. The applications failed an HTTP security audit, and users are reporting latency issues.

The applications need to deliver web content at low latencies while improving security and privacy for users and content providers. The company must implement a solution that does not require changes to the application code.

Which combination of actions should the company take to meet these requirements? (Choose two.)
  • A. Deploy Amazon API Gateway. Cache the endpoint’s responses.
  • B. Configure Amazon API Gateway with a request parameter-based AWS Lambda authorizer to add HTTP security headers on origin responses.
  • C. Write a Lambda@Edge function to add HTTP security headers on origin responses.
  • D. Configure Amazon CloudFront. Create a distribution for the EC2 and S3 origins.
  • E. Implement an Application Load Balancer (ALB) to honor the connection header from the incoming client request after forwarding the response back to the client.
#254 (Accuracy: 91% / 5 votes)
A company wants to prevent public exposure of data that is stored in Amazon S3.

Which combination of steps should a security engineer take to meet this requirement? (Choose two.)
  • A. Turn on S3 Block Public Access.
  • B. Enforce S3 bucket encryption by using server-side encryption with AWS KMS managed keys (SSE-KMS).
  • C. Enforce S3 bucket encryption by using server-side encryption with Amazon S3 managed encryption keys (SSE-S3).
  • D. Use S3 Storage Lens.
  • E. Use Amazon Macie.