Amazon SCS-C02 Exam Dumps - Updated Apr 2024

A company has a web-based application that runs behind an Application Load Balancer (ALB). The application is experiencing a credential stuffing attack that is producing many failed login attempts. The attack is coming from many IP addresses. The login attempts are using a user agent string of a known mobile device emulator.

A security engineer needs to implement a solution to mitigate the credential stuffing attack. The solution must still allow legitimate logins to the application.

Which solution will meet these requirements?

ACreate an Amazon CloudWatch alarm that reacts to login attempts that contain the specified user agent string. Add an Amazon Simple Notification Service (Amazon SNS) topic to the alarm.

BModify the inbound security group on the ALB to deny traffic from the IP addresses that are involved in the attack.

CCreate an AWS WAF web ACL for the ALB. Create a custom rule that blocks requests that contain the user agent string of the device emulator.

DCreate an AWS WAF web ACL for the ALB Create a custom rule that allows requests from legitimate user agent strings

Question 2

A company needs to implement DNS Security Extensions (DNSSEC) for a specific subdomain. The subdomain is already registered with Amazon Route 53. A security engineer has enabled DNSSEC signing and has created a key-signing key (KSK). When the security engineer tries to test the configuration, the security engineer receives an error for a broken trust chain.

What should the security engineer do to resolve this error?

AReplace the KSK with a zone-signing key (ZSK).

BDeactivate and then activate the KSK.

CCreate a Delegation Signer (DS) record in the parent hosted zone.

DCreate a Delegation Signer (DS) record in the subdomain.

Question 3

A company has AWS accounts in an organization in AWS Organizations. The company needs to install a corporate software package on all Amazon EC2 instances for all the accounts in the organization.

A central account provides base AMIs for the EC2 instances. The company uses AWS Systems Manager for software inventory and patching operations.

A security engineer must implement a solution that detects EC2 instances ttjat do not have the required software. The solution also must automatically install the software if the software is not present.

Which solution will meet these requirements?

AProvide new AMIs that have the required software pre-installed. Apply a tag to the AMIs to indicate that the AMIs have the required software. Configure an SCP that allows new EC2 instances to be launched only if the instances have the tagged AMIs. Tag all existing EC2 instances.

BConfigure a custom patch baseline in Systems Manager Patch Manager. Add the package name for the required software to the approved packages list. Associate the new patch baseline with all EC2 instances. Set up a maintenance window for software deployment.

CCentrally enable AWS Config. Set up the ec2-managedinstance-applications-required AWS Config rule for all accounts Create an Amazon EventBridge rule that reacts to AWS Config events. Configure the EventBridge rule to invoke an AWS Lambda function that uses Systems Manager Run Command to install the required software.

DCreate a new Systems Manager Distributor package for the required software. Specify the download location. Select all EC2 instances in the different accounts. Install the software by using Systems Manager Run Command.

Question 4

A company needs to create a centralized solution to analyze log files. The company uses an organization in AWS Organizations to manage its AWS accounts.

The solution must aggregate and normalize events from the following sources:

* The entire organization in Organizations

* All AWS Marketplace offerings that run in the company's AWS accounts

* The company's on-premises systems

Which solution will meet these requirements?

AConfigure a centralized Amazon S3 bucket for the logs Enable VPC Flow Logs, AWS CloudTrail, and Amazon Route 53 logs in all accounts. Configure all accounts to use the centralized S3 bucket. Configure AWS Glue crawlers to parse the log files Use Amazon Athena to query the log data.

BConfigure log streams in Amazon CloudWatch Logs for the sources that need monitoring. Create log subscription filters for each log stream. Forward the messages to Amazon OpenSearch Service for analysis.

CSet up a delegated Amazon Security Lake administrator account in Organizations. Enable and configure Security Lake for the organization. Add the accounts that need monitoring. Use Amazon Athena to query the log data.

DApply an SCP to configure all member accounts and services to deliver log files to a centralized Amazon S3 bucket. Use Amazon OpenSearch Service to query the centralized S3 bucket for log entries.

Question 5

A security engineer is implementing a solution to allow users to seamlessly encrypt Amazon S3 objects without having to touch the keys directly. The solution must be highly scalable without requiring continual management. Additionally, the organization must be able to immediately delete the encryption keys.

Which solution meets these requirements?

AUse AWS KMS with AWS managed keys and the ScheduleKeyDeletion API with a PendingWindowInDays set to 0 to remove the keys if necessary.

BUse KMS with AWS imported key material and then use the DeletelmportedKeyMaterial API to remove the key material if necessary.

CUse AWS CloudHSM to store the keys and then use the CloudHSM API or the PKCS11 library to delete the keys if necessary.

DUse the Systems Manager Parameter Store to store the keys and then use the service API operations to delete the keys if necessary.

Unlock All Features of Amazon SCS-C02 Dumps Software

Just have a look at the best and updated features of our SCS-C02 dumps which are described in detail in the following tabs. We are very confident that you will get the best deal on this platform.

Select Question
Types you want

Set your desired
pass percentage

Allocate Time
(Hours: Minutes)

Create Multiple
Practice test with
limited questions

Customer
Support

Latest Success Metrics For actual SCS-C02 Exam

This is the best time to verify your skills and accelerate your career. Check out last week's results, more than 90% of students passed their exam with good scores. You may be the Next successful Candidate.

95%

Average Passing Scores in final Exam

91%

Exactly Same Questions from these dumps

90%

Customers Passed Amazon SCS-C02 exam

Get Amazon SCS-C02 Exam Dumps

Amazon AWS Certified Security - Specialty Exam Dumps

This Bundle Pack includes Following 3 Formats

SCS-C02 Desktop Practice
Test Software

SCS-C02 Questions & Answers
(PDF)

SCS-C02 Web Based Self Assessment Practice Test

Following are some SCS-C02 Exam Questions for Review

Unlock All Features of Amazon SCS-C02 Dumps Software

Latest Success Metrics For actual SCS-C02 Exam

Get Amazon SCS-C02 Exam Dumps

Amazon AWS Certified Security - Specialty Exam Dumps

This Bundle Pack includes Following 3 Formats

SCS-C02 Desktop Practice Test Software

SCS-C02 Questions & Answers (PDF)

SCS-C02 Web Based Self Assessment Practice Test

Following are some SCS-C02 Exam Questions for Review

Unlock All Features of Amazon SCS-C02 Dumps Software

Latest Success Metrics For actual SCS-C02 Exam

SCS-C02 Desktop Practice
Test Software

SCS-C02 Questions & Answers
(PDF)