SCS-C02 Exam Dumps - Amazon Web Services AWS Certified Specialty Questions and Answers

Use the IAM Systems Manager Parameter Store to generate database credentials. Use an IAM profile for ECS tasks to restrict access to database credentials to specific containers only.

Use IAM Secrets Manager to store database credentials. Use an IAM inline policy for ECS tasks to restrict access to database credentials to specific containers only.

Use the IAM Systems Manager Parameter Store to store database credentials. Use IAM rolesfor ECS tasks to restrict access to database credentials lo specific containers only

Use IAM Secrets Manager to store database credentials. Use IAM roles for ECS tasks to restrict access to database credentials to specific containers only.

Add an aws:MultiFactorAuthPresent condition to therole's permissions policy.

Add an aws:MultiFactorAuthPresent condition to therole's trust policy.

Add an aws:MultiFactorAuthPresent condition to thesession policy.

Add an aws:MultiFactorAuthPresent condition to theS3 bucket policies.

Create a Security Hub custom action to assess the log group retention period.

Create a data protection policy in CloudWatch Logs to assess the log group retention period.

Create a Security Hub automation rule Configure the automation rule to assess the log group retention period.

Use the AWS Config managed rule that assesses the log group retention period Ensure that AWS Config integration is enabled in Security Hub.

Create a dedicated AWS Key Management Service (AWS KMS) customer managed key for each retail store Use the S3 Put operation to upload the objects to Amazon S3 Specify server-side encryption with AWS KMS keys (SSE-KMS) and the key ID of the store's key

Create a new AWS Key Management Service (AWS KMS) customer managed key every day for each retail store Use the KMS Encrypt operation to encrypt objects Then upload the objects to Amazon S3

Run the AWS Key Management Service (AWS KMS) GenerateDataKey operation every day for each retail store Use the data key and client-side encryption to encrypt the objects Then upload the objects to Amazon S3

Use the AWS Key Management Service (AWS KMS) ImportKeyMaterial operation to import new key material to AWS KMS every day for each retail store Use a customer managed key and the KMS Encrypt operation to encrypt the objects Then upload the objects to Amazon S3

Edit the S3 bucket policies to require requests to include the s3 x-amz-server-side-encryption header.

Edit the S3 bucket policies to require requests to include the s3 x-amz-server-side-encryption-aws-kms-key-id header.

Create an SCP that requires requests to include the s3 x-amz-server-side-encryption header Attach the SCP to the root OU.

Create an SCP that requires requests to include the s3 x-amz-server-side-encryption-customer-algorithm header Attach the SCP to the root OU.

Create a new customer managed key Add a key rotation schedule to the key Invoke the key rotation schedule every time the security team requests a key change

Create a new AWS managed key Add a key rotation schedule to the key Invoke the key rotation schedule every time the security team requests a key change

Create a key alias Create a new customer managed key every time the security team requests a key change Associate the alias with the new key

Create a key alias Create a new AWS managed key every time the security team requests a key change Associate the alias with the new key

Create a new Amazon S3 bucket. Use EBS lifecycle policies to move EBS snapshots to the new S3 bucket. Move snapshots to Amazon S3 Glacier using lifecycle policies, and apply Glacier Vault Lock policies to prevent deletion.

Use AWS Systems Manager to distribute a configuration that performs local backups of all attached disks to Amazon S3.

Create a new AWS account with limited privileges. Allow the new account to access the AWS KMS key used to encrypt the EBS snapshots, and copy the encrypted snapshots to the new account on a recurring basis.

Use AWS Backup to copy EBS snapshots to Amazon S3.

Analyze an IAM Identity and Access Management (IAM) use report from IAM Trusted Advisor to see when the access key was last used.

Analyze Amazon CloudWatch Logs for activity by searching for the access key.

Analyze VPC flow logs for activity by searching for the access key

Analyze a credential report in IAM Identity and Access Management (IAM) to see when the access key was last used.

Use a dynamic reference in the CloudFormation template to reference the database credentials in Secrets Manager.

Use a parameter in the CloudFormation template to reference the database credentials. Encrypt the CloudFormation template by using AWS KMS.

Use a SecureString parameter in the CloudFormation template to reference the database credentials in Secrets Manager.

Use a SecureString parameter in the CloudFormation template to reference an encrypted value in AWS KMS

Deploy an AWS Config aggregator with organization-wide resource data aggregation. Create an AWS Lambda function that responds to AWS Config findings of noncompliant S3 buckets by deleting or reconfiguring the S3 buckets.

Deploy an AWS Config aggregator with organization-wide resource data aggregation. Create an SCP that contains a Deny statement that prevents the creation of new noncompliant S3 buckets. Apply the SCP to all OUs in the organization.

Deploy an AWS Config aggregator that scopes only the accounts and Regions that the company currently uses. Create an AWS Lambda function that responds to AWS Config findings of noncompliant S3 buckets by deleting or reconfiguring the S3 buckets.

Deploy an AWS Config aggregator that scopes only the accounts and Regions that the company currently uses. Create an SCP that contains a Deny statement that prevents the creation of new noncompliant S3 buckets. Apply the SCP to all OUs in the organization.