Summer Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dealsixty

AWS Certified Specialty SCS-C02 Exam Dumps

Page: 18 / 24
Question 72

A company manages multiple AWS accounts using AWS Organizations. The company's security team notices that some member accounts are not sending AWS CloudTrail logs to a centralized Amazon S3 logging bucket. The security team wants to ensure there is at least one trail configured for all existing accounts and for any account that is created in the future.

Which set of actions should the security team implement to accomplish this?

Options:

A.

Create a new trail and configure it to send CloudTraiI logs to Amazon S3. Use Amazon EventBridge to send notification if a trail is deleted or stopped.

B.

Deploy an AWS Lambda function in every account to check if there is an existing trail and create a new trail, if needed.

C.

Edit the existing trail in the Organizations management account and apply it to the organization.

D.

Create an SCP to deny the cloudtraiI:DeIete• and cloudtraiI:Stop• actbns. Apply the SCP to all accounts.

Question 73

An ecommerce website was down for 1 hour following a DDoS attack Users were unable to connect to the website during the attack period. The ecommerce company's security team is worried about future potential attacks and wants to prepare for such events The company needs to minimize downtime in its response to similar attacks in the future.

Which steps would help achieve this9 (Select TWO )

Options:

A.

Enable Amazon GuardDuty to automatically monitor for malicious activity and block unauthorized access.

B.

Subscribe to IAM Shield Advanced and reach out to IAM Support in the event of an attack.

C.

Use VPC Flow Logs to monitor network: traffic and an IAM Lambda function to automatically block an attacker's IP using security groups.

D.

Set up an Amazon CloudWatch Events rule to monitor the IAM CloudTrail events in real time use IAM Config rules to audit the configuration, and use IAM Systems Manager for remediation.

E.

Use IAM WAF to create rules to respond to such attacks

Question 74

An Incident Response team is investigating an IAM access key leak that resulted in Amazon EC2 instances being launched. The company did not discover the incident until many months later The Director of Information Security wants to implement new controls that will alert when similar incidents happen in the future

Which controls should the company implement to achieve this? {Select TWO.)

Options:

A.

Enable VPC Flow Logs in all VPCs Create a scheduled IAM Lambda function that downloads and parses the logs, and sends an Amazon SNS notification for violations.

B.

Use IAM CloudTrail to make a trail, and apply it to all Regions Specify an Amazon S3 bucket to receive all the CloudTrail log files

C.

Add the following bucket policy to the company's IAM CloudTrail bucket to prevent log tampering

{

"Version": "2012-10-17-,

"Statement": {

"Effect": "Deny",

"Action": "s3:PutObject",

"Principal": "-",

"Resource": "arn:IAM:s3:::cloudtrail/IAMLogs/111122223333/*"

}

}

Create an Amazon S3 data event for an PutObject attempts, which sends notifications to an Amazon SNS topic.

D.

Create a Security Auditor role with permissions to access Amazon CloudWatch Logs m all Regions Ship the logs to an Amazon S3 bucket and make a lifecycle policy to ship the logs to Amazon S3 Glacier.

E.

Verify that Amazon GuardDuty is enabled in all Regions, and create an Amazon CloudWatch Events rule for Amazon GuardDuty findings Add an Amazon SNS topic as the rule's target

Question 75

A company's Chief Security Officer has requested that a Security Analyst review and improve the security posture of each company IAM account The Security Analyst decides to do this by Improving IAM account root user security.

Which actions should the Security Analyst take to meet these requirements? (Select THREE.)

Options:

A.

Delete the access keys for the account root user in every account.

B.

Create an admin IAM user with administrative privileges and delete the account root user in every account.

C.

Implement a strong password to help protect account-level access to the IAM Management Console by the account root user.

D.

Enable multi-factor authentication (MFA) on every account root user in all accounts.

E.

Create a custom IAM policy to limit permissions to required actions for the account root user and attach the policy to the account root user.

F.

Attach an IAM role to the account root user to make use of the automated credential rotation in IAM STS.

Page: 18 / 24
Exam Code: SCS-C02
Exam Name: AWS Certified Security - Specialty
Last Update: Apr 15, 2024
Questions: 327
SCS-C02 pdf

SCS-C02 PDF

$32  $80
SCS-C02 Engine

SCS-C02 Testing Engine

$38  $95
SCS-C02 PDF + Engine

SCS-C02 PDF + Testing Engine

$52  $130