Pass SCS-C01 Exam Questions ~ 100% success in initial try

Question No 1

A global company that deals with International finance is investing heavily in cryptocurrencies and wants to experiment with mining technologies using AWS. The company's security team has enabled Amazon GuardDuty and is concerned by the number of findings being generated by the accounts. The security team wants to minimize the possibility of GuardDuty finding false negatives for compromised instances that are performing mining How can the security team continue using GuardDuty while meeting these requirements?

Choose the Choices:

In the GuardDuty console, select the CryptoCurrency:EC2/BitcoinTool B'DNS finding and use the suppress findings option

Create a custom AWS Lambda function to process newly detected GuardDuty alerts Process the CryptoCurrency EC2/BitcoinTool BIDNS alert and filter out the high - severity finding types only.

When creating a new Amazon EC2 Instance, provide the instance with a specific tag that indicates it is performing mining operations Create a custom AWS Lambda function to process newly detected GuardDuty alerts and filter for the presence of this tag

When GuardDuty produces a cryptocurrency finding, process the finding with a custom AWS Lambda function to extract the instance ID from the finding Then use the AWS Systems Manager Run Command to check for a running process performing mining operations

Question No 2

A security engineer must develop an encryption tool for a company. The company requires a cryptographic solution that supports the ability to perform cryptographic erasure on all resources protected by the key material in 15 minutes or less Which AWS Key Management Service (AWS KMS) key solution will allow the security engineer to meet these requirements?

Choose the Choices:

Question No 3

A security engineer is designing a solution that will provide end - to - end encryption between clients and Docker containers running In Amazon Elastic Container Service (Amazon ECS). This solution will also handle volatile traffic patterns Which solution would have the MOST scalability and LOWEST latency?

Choose the Choices:

Configure a Network Load Balancer to terminate the TLS traffic and then re - encrypt the traffic to the containers

Configure an Application Load Balancer to terminate the TLS traffic and then re - encrypt the traffic to the containers

Configure a Network Load Balancer with a TCP listener to pass through TLS traffic to the containers

Configure Amazon Route 53 to use multivalue answer routing to send traffic to the containers

Question No 4

A company has an application hosted in an Amazon EC2 instance and wants the application to access secure strings stored in AWS Systems Manager Parameter Store When the application tries to access the secure string key value, it fails Which factors could be the cause of this failure? (Select TWO.)

Choose the Choices:

The EC2 instance role does not have decrypt permissions on the AWS Key Management Sen/ice (AWS KMS) key used to encrypt the secret

The EC2 instance role does not have read permissions to read the parameters In Parameter Store

Parameter Store does not have permission to use AWS Key Management Service (AWS KMS) to decrypt the parameter

The EC2 instance role does not have encrypt permissions on the AWS Key Management Service (AWS KMS) key associated with the secret

The EC2 instance does not have any tags associated.

Question No 5

A company is running an application on Amazon EC2 instances in an Auto Scaling group. The application stores logs locally A security engineer noticed that logs were lost after a scale - in event. The security engineer needs to recommend a solution to ensure the durability and availability of log data All logs must be kept for a minimum of 1 year for auditing purposes What should the security engineer recommend?

Choose the Choices:

Within the Auto Scaling lifecycle, add a hook to create and attach an Amazon Elastic Block Store (Amazon EBS) log volume each time an EC2 instance is created. When the instance is terminated, the EBS volume can be reattached to another instance for log review.

Create an Amazon Elastic File System (Amazon EFS) file system and add a command in the user data section of the Auto Scaling launch template to mount the EFS file system during EC2 instance creation Configure a process on the instance to copy the logs once a day from an instance Amazon Elastic Block Store (Amazon EBS) volume to a directory in the EFS file system.

Build the Amazon CloudWatch agent into the AMI used in the Auto Scaling group. Configure the CloudWatch agent to send the logs to Amazon CloudWatch Logs for review.

Within the Auto Scaling lifecycle, add a lifecycle hook at the terminating state transition and alert the engineering team by using a lifecycle notification to Amazon Simple Notification Service (Amazon SNS). Configure the hook to remain in the Terminating:Wait state for 1 hour to allow manual review of the security logs prior to instance termination.

Practice Amazon SCS-C01 Exam Questions

Question No 1

Question No 2

Question No 3

Question No 4

Question No 5

SCS-C01 Exam Features

SCS-C01 PDF Dumps