Free Amazon SCS-C02 Exam Questions

Become Amazon Certified with updated SCS-C02 exam questions and correct answers

Page: 1 / 114

Total 569 Questions | Updated On: Jan 12, 2026

Add To Cart

Question 1

A company is deploying a solution that will allow users to encrypt Amazon S3 objects seamlessly. The solution must be cost effective, highly scalable, and use a managed service. The company must also be able to immediately delete the encryption keys if necessary.Which solution is suitable and will allow immediate deletion of encryption keys?

A : Use AWS CloudHSM to store the keys and then use the CloudHSM API for key deletion.

B : Use AWS KMS with AWS imported key material and then use the DeletelmportedKeyMaterial API to remove the key material.

C : Use AWS KMS with AWS imported key material and then use the DeletelmportedKeyMaterial API to remove the key material.

D : Use AWS CloudHSM with the importPrivateKey API and then use the deleteKey API for key deletion.

Answer: B

Question 2

A company manages multiple IAM accounts using IAM Organizations. The company's security team notices that some member accounts are not sending IAM CloudTrail logs to a centralized Amazon S3 logging bucket. The security team wants to ensure there is at least one trail configured (or all existing accounts and for any account that is created in the future. Which set of actions should the security team implement to accomplish this?

A : Create a new trail and configure it to send CloudTrail logs to Amazon S3. Use Amazon EventBridge (Amazon CloudWatch Events) to send notification if a trail is deleted or stopped.

B : Deploy an IAM Lambda function in every account to check if there is an existing trail and create a new trail, if needed.

C : Edit the existing trail in the Organizations master account and apply it to the organization.

D : Create an SCP to deny the cloudtrail:Delete" and cloudtrail:Stop' actions. Apply the SCP to all accounts.

Answer: C

Question 3

A company's security engineer receives an abuse notification from AWS. The notification indicates that malware is being hosted in the AWS account. The security engineer investigated the issue and found an unauthorized Amazon S3 bucket.

Which combination of steps should the security engineer take to MINIMIZE the consequences of this compromise? (Select THREE.)

A : ke a snapshot of all Amazon EBS volumes.

B : able the AWS Shield Advanced service.

C : lete any unauthorized IAM users.

D : lete any unauthorized resources.

E : tate and delete all root and IAM access keys.

F : gin as root and delete all IAM users.

Answer: A,C,D

Question 4

A new application requires an AWS KMS key for encrypting sensitive data. The security policy requires that separate keys are used for different AWS services.How can the AWS KMS key be constrained to work with only Amazon S3?

A : Configure the key policy with a kms:CallerAccount condition key that limits use of the KMS key to identities in the specific AWS account.

B : Configure the key policy with a kms:RequestAlias condition key that limits use of the KMS key to requests that use a specific alias.

C : Configure the key policy with a kms:ViaService condition key that limits use of the KMS key to the Amazon S3 service name.

D : Configure the key policy with a kms:ViaService condition key that limits use of the KMS key to the Amazon S3 service name.

Answer: C

Question 5

An AWS Lambda function has started to cause errors in an application and a security engineer must check the output of the function. The engineer checked Amazon CloudWatch Logs but could not find any log files for the Lambda function.What is the best explanation for why the logs are not available?

A : The Lambda function does not have monitoring enabled to execution output is not being logged.

B : The log output is stored in AWS X-Ray so the security engineer must check there instead

C : The Lambda function execution role does not have permissions to write to Amazon S3.

D : The Lambda function execution role does not have permissions to write to CloudWatch Logs.

Answer: D

Page: 1 / 114

Total 569 Questions | Updated On: Jan 12, 2026

Add To Cart