SCS-C02 Exam Dumps - Amazon Web Services AWS Certified Specialty Questions and Answers

In the statement block that contains the Sid "Allow use of the key", under the "Condition" block, change StringEquals to StringLike.

In the policy document, remove the statement Dlock that contains the Sid "Enable IAM User Permissions". Add key management policies to the KMS policy.

In the statement block that contains the Sid "Allow use of the Key", under the "Condition" block, change the Kms:ViaService value to ec2.us-east-1 .amazonIAM com.

In the policy document, add a new statement block that grants the kms:Disable' permission to the security engineer's IAM role.

Use IPv6 addresses that are configured for hostnames.

Configure external DNS resolvers as internal resolvers that are visible only to IAM.

Use IAM DNS resolvers for all EC2 instances.

Configure a third-party DNS resolver with logging for all EC2 instances.

Scan the EC2 instances by using Amazon Inspector. Apply security patches and updates by using AWS Systems Manager Patch Manager.

Install host-based firewall and antivirus software on each EC2 instance. Use AWS Systems Manager Run Command to update the firewall and antivirus software.

Install the Amazon CloudWatch agent on the EC2 instances. Enable detailed logging. Use Amazon EventBridge to review the software logs for anomalies.

Scan the EC2 instances by using Amazon GuardDuty Malware Protection. Apply security patches and updates by using AWS Systems Manager Patch Manager.

Use the aws kms encrypt command to encrypt the file by using the existing KMS key.

Use the aws kms create-grant command to generate a grant for the existing KMS key.

Use the aws kms encrypt command to generate a data key. Use the plaintext data key to encrypt the file.

Use the aws kms generate-data-key command to generate a data key. Use the encrypted data key to encrypt the file.

Configure read-only access to the object by using a bucket ACL. Remove the access after a set time has elapsed.

Implement an IAM policy to give the user read access to the S3 bucket.

Create an S3 presigned URL Provide the S3 presigned URL to the user through the application.

Create an Amazon CloudFront signed URL. Provide the CloudFront signed URL to the user through the application.

Provide new AMIs that have the required software pre-installed. Apply a tag to the AMIs to indicate that the AMIs have the required software. Configure an SCP that allows new EC2 instances to be launched only if the instances have the tagged AMIs. Tag all existing EC2 instances.

Configure a custom patch baseline in Systems Manager Patch Manager. Add the package name for the required software to the approved packages list. Associate the new patch baseline with all EC2 instances. Set up a maintenance window for software deployment.

Centrally enable AWS Config. Set up the ec2-managedinstance-applications-required AWS Config rule for all accounts Create an Amazon EventBridge rule that reacts to AWS Config events. Configure the EventBridge rule to invoke an AWS Lambda function that uses Systems Manager Run Command to install the required software.

Create a new Systems Manager Distributor package for the required software. Specify the download location. Select all EC2 instances in the different accounts. Install the software by using Systems Manager Run Command.

Create one IAM user in the production account. Grant the appropriate permissions to the resources that are needed. Share the password only with the users that need access.

Create cross-account access with an IAM role in the developer account. Grant the appropriate permissions to this role. Allow users in the developer account to assume this role to access the production resources.

Create cross-account access with an IAM user account in the production account. Grant the appropriate permissions to this user account. Allow users in the developer account to use this user account to access the production resources.

Create cross-account access with an IAM role in the production account. Grant the appropriate permissions to this role. Allow users in the developer account to assume this role to access the production resources.

Update the EC2 instance security group to add a rule that allows outbound traffic on port 443 for 0.0.0.0/0.

Update the EC2 instance security group to add a rule that allows inbound traffic on port 443 to the VPC's CIDR range.

Create an EC2 key pair. Associate the key pair with the EC2 instance.

Create a VPC interface endpoint for Systems Manager in the VPC where the EC2 instance islocated.

Attach a security group to the VPC interface endpoint. Allow inbound traffic on port 443 to the VPC's CIDR range.

Create a VPC interface endpoint for the EC2 instance in the VPC where the EC2 instance is located.

Option

Option

Option

Option D

Create an AWS WAF web ACL. Add the AWSManagedRulesACFPRuleSet rule group to the web ACL. Associate the web ACL with the CloudFront distribution.

Create an AWS WAF web ACL. Add a rate limit rule to the web ACL. Include a RateBasedStatement entry that has a SearchString value that points to /store/registration

Specify /store/registration as the registration page path Specify /store/newaccount as the account creation path

Enable AWS Shield Advanced for the account that hosts the CloudFront distribution Configure a DNS-specific custom mitigation that uses the Shield Response Team (SRT) for /store/newaccount.

Enable Amazon GuardOuty for the account that hosts the CloudFront distribution. Enable Lambda Protection for the Lambda functions that answer calls to /store/registration and /store/newaccount.