AWS Certified Specialty SCS-C01 Exam Dumps

Page: 38 / 43

Question 152

A company is operating an open-source software platform that is internet facing. The legacy software platform no longer receives security updates. The software platform operates using Amazon route 53 weighted load balancing to send traffic to two Amazon EC2 instances that connect to an Amazon POS cluster a recent report suggests this software platform is vulnerable to SQL injection attacks. with samples of attacks provided. The company's security engineer must secure this system against SQL injection attacks within 24 hours. The secure, engineer's solution involve the least amount of effort and maintain normal operations during implementation.

What should the security engineer do to meet these requirements?

Options:

Create an Application Load Balancer with the existing EC2 instances as a target group Create an IAM WAF web ACL containing rules mat protect the application from this attach. then apply it to the ALB Test to ensure me vulnerability has been mitigated, then redirect thee Route 53 records to point to the ALB Update security groups on the EC 2 instances to prevent direct access from the internet

Create an Amazon CloudFront distribution specifying one EC2 instance as an origin Create an IAM WAF web ACL containing rules that protect the application from this attack, then apply it to me distribution Test to ensure the vulnerability has mitigated, then redirect the Route 53 records to point to CloudFront

Obtain me latest source code for the platform and make ire necessary updates Test me updated code to ensure that the vulnerability has been irrigated, then deploy me patched version of the platform to the EC2 instances

Update the security group mat is attached to the EC2 instances, removing access from the internet to the TCP port used by the SQL database Create an IAM WAF web ACL containing rules mat protect me application from this attack, men apply it to the EC2 instances Test to ensure me vulnerability has been mitigated. then restore the security group to me onginal setting

Question 153

A company had one of its Amazon EC2 key pairs compromised. A Security Engineer must identify which current Linux EC2 instances were deployed and used the compromised key pair.

How can this task be accomplished?

Options:

Obtain the list of instances by directly querying Amazon EC2 using: IAM ec2 describe-instances --fi1ters "Name=key-name,Values=KEYNAMEHERE".

Obtain the fingerprint for the key pair from the IAM Management Console, then search for the fingerprint in the Amazon Inspector logs.

Obtain the output from the EC2 instance metadata using: curl http: //169.254.169.254/latest/meta-data/public- keys/0/.

Obtain the fingerprint for the key pair from the IAM Management Console, then search for the fingerprint in Amazon CloudWatch Logs using: IAM logs filter-log-events.

Question 154

A security engineer must use IAM Key Management Service (IAM KMS) to design a key management solution for a set of Amazon Elastic Block Store (Amazon EBS) volumes that contain sensitive data. The solution needs to ensure that the key material automatically expires in 90 days.

Which solution meets these criteria?

Options:

A customer managed CMK that uses customer provided key material

A customer managed CMK that uses IAM provided key material

An IAM managed CMK

Operating system-native encryption that uses GnuPG

Question 155

A Security Engineer has been asked to troubleshoot inbound connectivity to a web server. This single web server is not receiving inbound connections from the internet, whereas all other web servers are functioning properly.

The architecture includes network ACLs, security groups, and a virtual security appliance. In addition, the Development team has implemented Application Load Balancers (ALBs) to distribute the load across all web servers. It is a requirement that traffic between the web servers and the internet flow through the virtual security appliance.

The Security Engineer has verified the following:

1. The rule set in the Security Groups is correct

2. The rule set in the network ACLs is correct

3. The rule set in the virtual appliance is correct

Which of the following are other valid items to troubleshoot in this scenario? (Choose two.)

Options:

Verify that the 0.0.0.0/0 route in the route table for the web server subnet points to a NAT gateway.

Verify which Security Group is applied to the particular web server’s elastic network interface (ENI).

Verify that the 0.0.0.0/0 route in the route table for the web server subnet points to the virtual security appliance.

Verify the registered targets in the ALB.

Verify that the 0.0.0.0/0 route in the public subnet points to a NAT gateway.

Page: 38 / 43

Exam Code: SCS-C01

Exam Name: AWS Certified Security - Specialty

Last Update: Sep 13, 2023

Questions: 589

SCS-C01 PDF

$28 ~~$80~~

Add to Cart

SCS-C01 Testing Engine

$33.25 ~~$95~~

Add to Cart

SCS-C01 PDF + Testing Engine

$45.5 ~~$130~~

Add to Cart

Labour Day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bigdisc65

certsboard certification exams

Navigation:

AWS Certified Specialty SCS-C01 Exam Dumps

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

SCS-C01 PDF

SCS-C01 Testing Engine

SCS-C01 PDF + Testing Engine

Quick Links

Recently New Released Certification Exams

Site Secure