Pre-Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bigdisc65

Passed Exam Today SCS-C02

Page: 23 / 24
Question 92

A company is running an application in The eu-west-1 Region. The application uses an IAM Key Management Service (IAM KMS) CMK to encrypt sensitive data. The company plans to deploy the application in the eu-north-1 Region.

A security engineer needs to implement a key management solution for the application deployment in the new Region. The security engineer must minimize changes to the application code.

Which change should the security engineer make to the IAM KMS configuration to meet these requirements?

Options:

A.

Update the key policies in eu-west-1. Point the application in eu-north-1 to use the same CMK as the application in eu-west-1.

B.

Allocate a new CMK to eu-north-1 to be used by the application that is deployed in that Region.

C.

Allocate a new CMK to eu-north-1. Create the same alias name for both keys. Configure the application deployment to use the key alias.

D.

Allocate a new CMK to eu-north-1. Create an alias for eu-'-1. Change the application code to point to the alias for eu-'-1.

Question 93

Auditors for a health care company have mandated that all data volumes be encrypted at rest Infrastructure is deployed mainly via IAM CloudFormation however third-party frameworks and manual deployment are required on some legacy systems

What is the BEST way to monitor, on a recurring basis, whether all EBS volumes are encrypted?

Options:

A.

On a recurring basis, update an IAM user policies to require that EC2 instances are created with an encrypted volume

B.

Configure an IAM Config rule lo run on a recurring basis 'or volume encryption

C.

Set up Amazon Inspector rules tor volume encryption to run on a recurring schedule

D.

Use CloudWatch Logs to determine whether instances were created with an encrypted volume

Question 94

A company is evaluating the use of AWS Systems Manager Session Manager to gam access to the company's Amazon EC2 instances. However, until the company implements the change, the company must protect the key file for the EC2 instances from read and write operations by any other users.

When a security administrator tries to connect to a critical EC2 Linux instance during an emergency, the security administrator receives the following error. "Error Unprotected private key file - Permissions for' ssh/my_private_key pern' are too open".

Which command should the security administrator use to modify the private key Me permissions to resolve this error?

Options:

A.

chmod 0040 ssh/my_private_key pern

B.

chmod 0400 ssh/my_private_key pern

C.

chmod 0004 ssh/my_private_key pern

D.

chmod 0777 ssh/my_private_key pern

Question 95

Your company uses IAM to host its resources. They have the following requirements

1) Record all API calls and Transitions

2) Help in understanding what resources are there in the account

3) Facility to allow auditing credentials and logins Which services would suffice the above requirements

Please select:

Options:

A.

IAM Inspector, CloudTrail, IAM Credential Reports

B.

CloudTrail. IAM Credential Reports, IAM SNS

C.

CloudTrail, IAM Config, IAM Credential Reports

D.

IAM SQS, IAM Credential Reports, CloudTrail

Page: 23 / 24
Exam Code: SCS-C02
Exam Name: AWS Certified Security - Specialty
Last Update: Oct 10, 2024
Questions: 327
SCS-C02 pdf

SCS-C02 PDF

$28  $80
SCS-C02 Engine

SCS-C02 Testing Engine

$33.25  $95
SCS-C02 PDF + Engine

SCS-C02 PDF + Testing Engine

$45.5  $130