Free Access Amazon Web Services SCS-C01 New Release

Option B is incorrect because querying Trusted Advisor API's are not possible

Option C is incorrect because GuardDuty should be used to detect threats and not check the compliance of security protocols.

Option D states that Run Amazon Inspector using runtime behavior analysis rules which will analyze the behavior of your instances during an assessment run, and provide guidance about how to make your EC2 instances more secure.

Insecure Server Protocols

This rule helps determine whether your EC2 instances allow support for insecure and unencrypted ports/services such as FTP, Telnet HTTP, IMAP, POP version 3, SMTP, SNMP versions 1 and 2, rsh, and rlogin.

For more information, please refer to below URL: https://docs.IAM.amazon.eom/mspector/latest/userguide/inspector_runtime-behavior-analysis.html#insecure-protocols

(

The correct answer is: Run an Amazon Inspector assessment using the Runtime Behavior Analysis rules package against every EC2 instance.

Submit your Feedback/Queries to our Experts

Since the database should not be hosted on the cloud all other options are invalid.

The best option is to create a VPN connection for securing traffic as shown below.

C:\Users\wk\Desktop\mudassar\Untitled.jpg

Option B is invalid because this is the incorrect use of the Storage gateway Option C is invalid since this is the incorrect use of the NAT instance Option D is invalid since this is an incorrect configuration For more information on VPN connections, please visit the below URL

http://docs.IAM.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.htmll

The correct answer is: Build the application server on a public subnet and the database at the client's data center. Connect them with a VPN connection which uses IPsec

Submit your Feedback/Queries to our Experts

In order to use your own DNS server, you need to ensure that you create a new custom DHCP options set with the IP of th custom DNS server. You cannot modify the existing set, so you need to create a new one.

Option A is invalid because you cannot make changes to an existing DHCP options Set.

Option C is invalid because this can only be used to work with Routes and not with a custom DNS solution.

Option D is invalid because this needs to be done at the VPC level and not at the Subnet level

For more information on DHCP options set, please visit the following url

https://docs.IAM.amazon.com/AmazonVPC/latest/UserGuideA/PC DHCP Options.html

The correct answer is: Create a new DHCP options set and replace the existing one. Submit your Feedback/Queries to our Experts

The best secure option is to place the database in a private subnet. The below diagram from the IAM Documentation shows this setup. Also ensure that access is not allowed from all sources but just from the web servers.

C:\Users\wk\Desktop\mudassar\Untitled.jpg

Option A is invalid because databases should not be placed in the public subnet

Option D is invalid because the database security group should not allow traffic from the internet For more information on this type of setup, please refer to the below URL:

https://docs.IAM.amazon.com/AmazonVPC/latest/UserGuideA/PC Scenario2.

The correct answers are: Place the EC2 Instance with the Oracle database in a separate private subnet Create a database security group and ensure the web security group to allowed incoming access

Submit your Feedback/Queries to our Experts