New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

SCS-C02 Questions Bank

Page: 16 / 24
Question 64

A company wants to protect its website from man in-the-middle attacks by using Amazon CloudFront. Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Use the SimpleCORS managed response headers policy.

B.

Use a Lambda@Edge function to add the Strict-Transport-Security response header.

C.

Use the SecurityHeadersPolicy managed response headers policy.

D.

Include the X-XSS-Protection header in a custom response headers policy.

Question 65

To meet regulatory requirements, a Security Engineer needs to implement an IAM policy that restricts the use of AWS services to the us-east-1 Region.

What policy should the Engineer implement?

Options:

A.

Option A

B.

Option BA computer code with black text Description automatically generated

C.

Option CA computer code with black text Description automatically generated

D.

Option DA computer code with text Description automatically generated

Question 66

Your company has a set of EC2 Instances defined in IAM. These Ec2 Instances have strict security groups attached to them. You need to ensure that changes to the Security groups are noted and acted on accordingly. How can you achieve this?

Please select:

Options:

A.

Use Cloudwatch logs to monitor the activity on the Security Groups. Use filters to search for the changes and use SNS for the notification.

B.

Use Cloudwatch metrics to monitor the activity on the Security Groups. Use filters to search for the changes and use SNS for the notification.

C.

Use IAM inspector to monitor the activity on the Security Groups. Use filters to search for the changes and use SNS f the notification.

D.

Use Cloudwatch events to be triggered for any changes to the Security Groups. Configure the Lambda function for email notification as well.

Question 67

A company has deployed servers on Amazon EC2 instances in a VPC. External vendors access these servers over the internet. Recently, the company deployed a new application on EC2 instances in a new CIDR range. The company needs to make the application available to the vendors.

A security engineer verified that the associated security groups and network ACLs are allowing the required ports in the inbound diction. However, the vendors cannot connect to the application.

Which solution will provide the vendors access to the application?

Options:

A.

Modify the security group that is associated with the EC2 instances to have the same outbound rules as inbound rules.

B.

Modify the network ACL that is associated with the CIDR range to allow outbound traffic to ephemeral ports.

C.

Modify the inbound rules on the internet gateway to allow the required ports.

D.

Modify the network ACL that is associated with the CIDR range to have the same outbound rules as inbound rules.

Page: 16 / 24
Exam Code: SCS-C02
Exam Name: AWS Certified Security - Specialty
Last Update: Dec 27, 2024
Questions: 338
SCS-C02 pdf

SCS-C02 PDF

$25.5  $84.99
SCS-C02 Engine

SCS-C02 Testing Engine

$28.5  $94.99
SCS-C02 PDF + Engine

SCS-C02 PDF + Testing Engine

$40.5  $134.99