Preparing for your SCS-C01 AWS Certified Security - Specialty Exam? Passquestion provides SCS-C01 Practice Test Questions which cover over 95% of the questions and answers that may be appeared in your SCS-C01 exam. Every point from Passquestion SCS-C01 Practice Test Questions will help you take SCS-C01 Certification Exam much easier and become certified in a short time.

SCS-C01 AWS Certified Security - Specialty

AWS Certified Security – Specialty is intended for individuals who perform a security role with at least two years of hands-on experience securing AWS workloads.This exam validates an examinee's ability to effectively demonstrate knowledge about securing the AWS platform.It validate your technical skills and expertise with an industry-recognized credential and grow your career.

SCS-C01 Exam Format and Information

Exam Name AWS Certified Security - Specialty
Exam Code SCS-C01
Exam Duration 170 Minutes
Exam Format Multiple Choice and Multiple Answer Type Exam
Exam Type Specialty
Number of Questions 65 Questions
Passing Score 75%-80%
Exam Fee $300
Exam Languages English and Japanese, Korean, Simplified Chinese

Recommended Knowledge

At least two years of hands-on experience securing AWS workloads
Security controls for workloads on AWS
A minimum of five years of IT security experience designing and implementing security solutions

Exam Layout In SCS-C01 AWS Certified Security - Specialty

Download AWS SCS-C01 Practice Test Questions:

1.The Security team believes that a former employee may have gained unauthorized access to AWS resources sometime in the past 3 months by using an identified access key.
What approach would enable the Security team to find out what the former employee may have done within AWS?
A. Use the AWS CloudTrail console to search for user activity.
B. Use the Amazon CloudWatch Logs console to filter CloudTrail data by user.
C. Use AWS Config to see what actions were taken by the user.
D. Use Amazon Athena to query CloudTrail logs stored in Amazon S3.
Answer: A

2.The Security Engineer implemented a new vault lock policy for 10TB of data and called initiate¬vault-lock12 hours ago. The Audit team identified a typo that is allowing incorrect access to the vault.
What is the MOST cost-effective way to correct this?
A. Call the abort-vault-lock operation, fix the typo, and call the initiate-vault-lockagain.
B. Copy the vault data to Amazon S3, delete the vault, and create a new vault with the data.
C. Update the policy, keeping the vault lock in place.
D. Update the policy and call initiate-vault-lock again to apply the new policy.
Answer: A

3.A company wants to control access to its AWS resources by using identities and groups that are defined in its existing Microsoft Active Directory.
What must the company create in its AWS account to map permissions for AWS services to Active Directory user attributes?
A. AWS IAM groups
B. AWS IAM users
C. AWS IAM roles
D. AWS IAM access keys
Answer: C

4.A company has contracted with a third party to audit several AWS accounts. To enable the audit, cross-account IAM roles have been created in each account targeted for audit. The Auditor is having trouble accessing some of the accounts.
Which of the following may be causing this problem? (Choose three.)
A. The external ID used by the Auditor is missing or incorrect.
B. The Auditor is using the incorrect password.
C. The Auditor has not been granted sts:AssumeRolefor the role in the destination account.
D. The Amazon EC2 role used by the Auditor must be set to the destination account role.
E. The secret key used by the Auditor is missing or incorrect.
F. The role ARN used by the Auditor is missing or incorrect.
Answer: CEF

5.Compliance requirements state that all communications between company on-premises hosts and EC2 instances be encrypted in transit. Hosts use custom proprietary protocols for their communication, and EC2 instances need to be fronted by a load balancer for increased availability.
Which of the following solutions will meet these requirements?
A. Offload SSL termination onto an SSL listener on a Classic Load Balancer, and use a TCP connection between the load balancer and the EC2 instances.
B. Route all traffic throughout a TCP listener on a Classic Load Balancer, and terminate the TLS connection on the EC2 instances.
C. Create an HTTPS listener using an Application Load Balancer, and route all of the communication through that load balancer.
D. Offload SSL termination onto an SSL listener using an Application Load Balancer, and re-spawn and SSL connection between the load balancer and the EC2 instances.
Answer: C