Summer Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

SCS-C03 Exam Dumps - AWS Certified Security – Specialty

Searching for workable clues to ace the Amazon Web Services SCS-C03 Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s SCS-C03 PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 4

A company uses AWS to run a web application that manages ticket sales in several countries. The company recently migrated the application to an architecture that includes Amazon API Gateway, AWS Lambda, and Amazon Aurora Serverless. The company needs the application to comply with Payment Card Industry Data Security Standard (PCI DSS) v4.0. A security engineer must generate a report that shows the effectiveness of the PCI DSS v4.0 controls that apply to the application. The company ' s compliance team must be able to add manual evidence to the report.

Which solution will meet these requirements?

A.

Enable AWS Trusted Advisor. Configure all the Trusted Advisor checks. Manually map the checks against the PCI DSS v4.0 standard to generate the report.

B.

Enable and configure AWS Config. Deploy the Operational Best Practices for PCI DSS conformance pack in AWS Config. Use AWS Config to generate the report.

C.

Enable AWS Security Hub. Enable the Security Hub PCI DSS security standard. Use the AWS Management Console to download the report from the security standard.

D.

Create an AWS Audit Manager assessment that uses the AWS managed PCI DSS v4.0 standard framework. Add all evidence to the assessment. Generate the report in Audit Manager for download.

Full Access
Question # 5

A company’s developers are using AWS Lambda function URLs to invoke functions directly. Thecompany must ensure that developers cannot configure or deploy unauthenticated functions in production accounts. The company wants to meet this requirement by using AWS Organizations. The solution must not require additional work for the developers.

Which solution will meet these requirements?

A.

Require the developers to configure all function URLs to support cross-origin resource sharing (CORS) when the functions are called from a different domain.

B.

Use an AWS WAF delegated administrator account to view and block unauthenticated access to function URLs in production accounts, based on the OU of accounts that are using the functions.

C.

Use SCPs to allow all lambda:CreateFunctionUrlConfig and lambda:UpdateFunctionUrlConfig actions that have a lambda:FunctionUrlAuthType condition key value of AWS_IAM.

D.

Use SCPs to deny all lambda:CreateFunctionUrlConfig and lambda:UpdateFunctionUrlConfig actions that have a lambda:FunctionUrlAuthType condition key value of NONE.

Full Access
Question # 6

A company uses SAML federation with IAM to provide internal users with SSO for their AWS accounts. The company’s identity provider certificate was rotated as part of its normal lifecycle. Shortly after, users started receiving the following error when attempting to log in:

“Error: Response Signature Invalid (Service: AWSSecurityTokenService; Status Code: 400; Error Code: InvalidIdentityToken)”

A security engineer needs to address the immediate issue and ensure that it will not occur again.

Which combination of steps should the security engineer take to accomplish this? (Select TWO.)

A.

Download a new copy of the SAML metadata file from the identity provider. Create a new IAM identity provider entity. Upload the new metadata file to the new IAM identity provider entity.

B.

During the next certificate rotation period and before the current certificate expires, add a new certificate as the secondary certificate to the identity provider. Generate a new metadata file and upload it to the IAM identity provider entity. Perform automated or manual rotation of the certificate when required.

C.

Download a new copy of the SAML metadata file from the identity provider. Upload the new metadata to the IAM identity provider entity configured for the SAML integration in question.

D.

During the next certificate rotation period and before the current certificate expires, add a new certificate as the secondary certificate to the identity provider. Generate a new copy of the metadata file and create a new IAM identity provider entity. Upload the metadata file to the new IAM identity provider entity. Perform automated or manual rotation of the certificate when required.

E.

Download a new copy of the SAML metadata file from the identity provider. Create a new IAM identity provider entity. Upload the new metadata file to the new IAM identity provider entity. Update the identity provider configurations to pass a new IAM identity provider entity name in the SAML assertion.

Full Access
Question # 7

A company needs to identify the root cause of security findings and investigate IAM roles involved in those findings. The company has enabled VPC Flow Logs, Amazon GuardDuty, and AWS CloudTrail.

Which solution will meet these requirements?

A.

Use Amazon Detective to investigate IAM roles and visualize findings.

B.

Use Amazon Inspector and CloudWatch dashboards.

C.

Export GuardDuty findings to S3 and analyze with Athena.

D.

Use Security Hub custom actions to investigate IAM roles.

Full Access
Question # 8

A company has an organization with all features enabled in AWS Organizations. In the management account, the company configures AWS IAM Identity Center for the organization in the eu-west-2 Region. The company configures IAM Identity Center with a SAML-based identity provider.

The company needs to configure an AWS managed application that integrates with IAM Identity Center in a new AWS account in the us-east-1 Region. Most of the users that will authenticate to the AWS managed application are external third-party users who cannot be added to the company’s identity provider.

A security engineer needs to configure authentication for the third-party users. The solution must provide isolation from the company’s identity provider.

Which solution will meet these requirements?

A.

Create a SAML identity provider in IAM in the management account that connects to the third-party users’ identity provider. Create IAM roles in the management account that allow access to the AWS managed application.

B.

Deploy Amazon Cognito into the new AWS account in us-east-1. Configure an identity pool for a SAML-based identity provider. Configure an IAM role that uses the sts:AssumeRole action to allow access to the AWS managed application from Amazon Cognito.

C.

Enable account instances in IAM Identity Center. Deploy an IAM Identity Center account instance in the new AWS account in us-east-1. Configure the AWS managed application to use the new instance. Configure users in the new account instance directory.

D.

Create a new identity provider for the third-party users. Configure a second identity source in IAM Identity Center in the organization’s management account to use the new identity provider. Create a new permission set that gives access to the AWS managed application in the new account.

Full Access
Go to page: