Free Amazon SCS-C02 Exam Questions

Question 1

A security team is working on a solution that will use Amazon EventBridge (Amazon CloudWatch Events) to monitor new Amazon S3 objects. The solution will monitor for public access and for changes to any S3 bucket policy or setting that result in public access. The security team configures EventBridge to watch for specific API calls that are logged from AWS CloudTrail. EventBridge has an action to send an email notification through Amazon Simple Notification Service (Amazon SNS) to the security team immediately with details of the API call. Specifically, the security team wants EventBridge to watch for the s3:PutObjectAcl, s3:DeleteBucketPolicy, and s3:PutBucketPolicy API invocation logs from CloudTrail. While developing the solution in a single account, the security team discovers that the s3:PutObjectAcl API call does not invoke an EventBridge event. However, the s3:DeleteBucketPolicy API call and the s3:PutBucketPolicy API call do invoke an event. The security team has enabled CloudTrail for AWS management events with a basic configuration in the AWS Region in which EventBridge is being tested. Verification of the EventBridge event pattern indicates that the pattern is set up correctly. The security team must implement a solution so that the s3:PutObjectAcl API call will invoke an EventBridge event. The solution must not generate false notifications. Which solution will meet these requirements?

A : Modify the EventBridge event pattern by selecting Amazon S3. Select All Events as the event type.

B : Modify the EventBridge event pattern by selecting Amazon S3. Select Bucket Level Operations as the event type.

C : Enable CloudTrail Insights to identify unusual API activity.

D : Enable CloudTrail to monitor data events for read and write operations to S3 buckets.

Answer: D

Question 2

A company has a new web-based account management system for an online game Players create a unique username and password to log in to the system. The company has implemented an AWS WAF web ACL for the system. The web ACL includes the core rule set (CRS) AWS managed rule group on the Application Load Balancer that serves the system. The company's security team finds that the system was the target of a credential stuffing attack Credentials that were exposed in other breaches were used to try to log in to the system The security team must implement a solution to reduce the chance of a successful credential stuffing attack in the future The solution also must minimize impact on legitimate users of the system Which combination of actions will meet these requirements? (Select TWO.)

A : Create an Amazon CloudWatch custom metric to analyze the number of successful login responses from a single IP address

B : Add the account takeover prevention (ATP) AWS managed rule group to the web ACL Configure the rule group to inspect login requests to the system Block any requests that have the awswaf managed awsatp signal credential_compromised label

C : Configure a default web ACL action that requires all users to solve a CAPTCHA puzzle when they log in

D : Implement IP-based match rules in the web ACL for any IP addresses that generate many successful login responses Block any IP addresses that generate many successful logins

E : Create a custom block response that redirects users to a secure workflow to reset their password inside the system

Answer: B,E

Question 3

A company is using AWS CloudTrail is being used to monitor API calls. An audit revealed that CloudTrail is failing to deliver events to Amazon S3 as expected. A security engineer is attempting to resolve the issue. What initial actions should be taken to allow delivery of CloudTrail events to S3? (Select TWO.)

A : rify that the S3 bucket ACL grants CloudTrail access to write objects.

B : rify that versioning is enabled for the s3 bucket.

C : rify that the S3 bucket policy grants CloudTrail the s3:PutObject permission.

D : rify that the IAM role used by CloudTrail has access to write to S3

E : rify that the S3 bucket and prefix defined in CloudTrail exists.

Answer: A,C

Question 4

A DevOps engineer has deployed several custom-built images provided by the development team using Amazon Elastic Container Service (ECS) with the Fargate launch type. The engineer now needs to aggregate the logs from all the containers into a pre-existing CloudWatch log group.Which solution will satisfy these requirements?

A : Enable the awslogs log driver by including awslogs-group and awslogs-region parameters in theLogConfiguration property.

B : Install and configure the CloudWatch agent on the running container instances.

C : Define an IAM policy that encompasses the logs:CreateLogGroup action and assign this policy to the running container instances.

D : Implement Fluent Bit and FluentD in a DaemonSet configuration to direct logs to Amazon CloudWatch Logs.

Answer: A

Question 5

A business requires a forensic logging solution for hundreds of Docker-based apps running on Amazon EC2. The solution must analyze logs in real time, provide message replay, and persist logs. Which Amazon Web Offerings (IAM) services should be employed to satisfy these requirements? (Select two.)

A : Amazon Athena

B : Amazon Kinesis

C : Amazon SQS

D : Amazon Elasticsearch

E : Amazon EMR

Answer: B,D