Free Amazon SCS-C02 Exam Questions
Absolute Free SCS-C02 Exam Practice for Comprehensive Preparation
-
Amazon SCS-C02 Exam Questions
-
Provided By: Amazon
- Exam: AWS Certified Security Specialty
- Certification: AWS Certified Specialty
-
Total Questions: 522
-
Updated On: May 25, 2025
-
Rated: 4.9 |
-
Online Users: 1044
-
Question 1
-
A company needs to delect unauthenticated access to its Amazon Elastic Kubernetes Service (Amazon EKS)
clusters. The company needs a solution that requires no additional configuration ot the existing EKS
deployment.
Which solution will meet these requirements with the LEAST operational effort?
Answer: D
-
A company needs to delect unauthenticated access to its Amazon Elastic Kubernetes Service (Amazon EKS)
clusters. The company needs a solution that requires no additional configuration ot the existing EKS
deployment.
Which solution will meet these requirements with the LEAST operational effort?
-
Question 2
-
A security engineer has created an Amazon GuardDuty detector in several AWS accounts. The accounts are
in an organization in AWS Organizations. The security engineer needs centralized visibility of the security
findings from the detectors.
Answer: C
-
A security engineer has created an Amazon GuardDuty detector in several AWS accounts. The accounts are
in an organization in AWS Organizations. The security engineer needs centralized visibility of the security
findings from the detectors.
-
Question 3
-
A new application runs on Amazon EC2 instances behind an Application Load Balancer. Some of the company’s other applications have recently seen attacks with high rates of requests from single IP addresses. A security engineer wants to ensure the new application is protected from such attacks.How can the security engineer add protection to the application without permanently blocking the IP address?
Answer: C
-
-
Question 4
-
A security engineer has created an Amazon GuardDuty detector in several AWS accounts. The accounts are
in an organization in AWS Organizations. The security engineer needs centralized visibility of the security
findings from the detectors.
Answer: C
-
A security engineer has created an Amazon GuardDuty detector in several AWS accounts. The accounts are
in an organization in AWS Organizations. The security engineer needs centralized visibility of the security
findings from the detectors.
-
Question 5
-
A security engineer is investigating a malware infection that has spread across a set of Amazon EC2
instances. A key indicator of the compromise is outbound traffic on TCP port 2905 to a set of command and
control hosts on the internet.
The security engineer creates a network ACL rule that denies the identified outbound traffic. The security
engineer applies the network ACL rule to the subnet of the EC2 instances. The security engineer must identify
any EC2 instances that are trying to communtcate on TCP port 2905.
Which solution will identify the affected EC2 instances with the LEAST operational effort?
Answer: B
-
A security engineer is investigating a malware infection that has spread across a set of Amazon EC2
instances. A key indicator of the compromise is outbound traffic on TCP port 2905 to a set of command and
control hosts on the internet.
The security engineer creates a network ACL rule that denies the identified outbound traffic. The security
engineer applies the network ACL rule to the subnet of the EC2 instances. The security engineer must identify
any EC2 instances that are trying to communtcate on TCP port 2905.
Which solution will identify the affected EC2 instances with the LEAST operational effort?