aws SCS-C01 practice test

Welcome to your aws SCS-C01 practice test

QUESTION 1

A recent security audit found that AWS CloudTrail logs are insufficiently protected from tampering and unauthorized
access. Which actions must the Security Engineer take to access these audit findings? (Choose three.)

QUESTION 2

One of your company\\’s EC2 Instances has been compromised. The company has strict po thorough investigation on
finding the culprit for the security breach. What would you do in from the options given below? Please select:(Choose three.)

QUESTION 3

A Security Engineer is trying to determine whether the encryption keys used in an AWS service are in compliance with
certain regulatory standards. Which of the following actions should the Engineer perform to get further guidance?

QUESTION 4

A corporate cloud security policy states that communications between the company\\’s VPC and KMS must travel
entirely within the AWS network and not use public service endpoints. Which combination of the following actions MOST
satisfies this requirement? (Choose two.)

QUESTION 5

Some highly sensitive analytics workloads are to be moved to Amazon EC2 hosts. Threat modeling has found that a risk
exists where a subnet could be maliciously or accidentally exposed to the internet. Which of the following mitigations
should be recommended?

QUESTION 6

A company wants to use Cloudtrail for logging all API activity. They want to segregate the logging of data events and
management events. How can this be achieved? Choose 2 answers from the options given below Please select: (Choose two.)

QUESTION 7

A Web Administrator for the website example.com has created an Amazon CloudFront distribution for
dev.example.com, with a requirement to configure HTTPS using a custom TLS certificate imported to AWS Certificate
Manager. Which combination of steps is required to ensure the availability of the certificate in the CloudFront console?
(Choose two.)

QUESTION 8

Your company has an EC2 Instance hosted in AWS. This EC2 Instance hosts an application. Currently, this application
is experiencing a number of issues. Do you need to inspect the network packets to see what type of error that is
occurring? Which one of the below steps can help address this issue?
Please select:

QUESTION 9

Your company has mandated that all data in AWS be encrypted at rest. How can you achieve this for EBS volumes?
Choose 2 answers from the options given below Please select: (Choose two.)

QUESTION 10

Company policy requires that all insecure server protocols, such as FTP, Telnet, HTTP, etc be disabled on all servers.
The security team would like to regularly check all servers to ensure compliance with this requirement by using a
scheduled CloudWatch event to trigger a review of the current infrastructure. What process will check compliance of the
company\\’s EC2 instances?
Please select:

QUESTION 11

You have an Amazon VPC that has a private subnet and a public subnet in which you have a NAT instance server. You
have created a group of EC2 instances that configure themselves at startup by downloading a bootstrapping script from
S3 that deploys an application via GIT.
Which one of the following setups would give us the highest level of security?
Choose the correct answer from the options given below.
Please select:

QUESTION 12

An Application Developer is using an AWS Lambda function that must use AWS KMS to perform encrypt and decrypt
operations for API keys that are less than 2 KB.
Which key policy would allow the application to do this while granting the least privilege?lead4pass scs-c01 practice test q12

QUESTION 13

Your company has a requirement to monitor all root user activity by notification. How can this best be achieved? Choose
2 answers from the options given below. Each answer forms part of the solution Please select: (Choose two.)