Free Amazon SCS-C02 Exam Questions

A new application requires an AWS KMS key for encrypting sensitive data. The security policy requires that separate keys are used for different AWS services.How can the AWS KMS key be constrained to work with only Amazon S3?

An administrative user accidentally exposed an access key ID and secret access key to a public support forum. The user notified the security team about the incident after removing the exposed credentials from the forum.Which initial steps should a security engineer take to mitigate the exposure without interrupting operations? (Select TWO.) 

A security engineer is attempting to setup automatic notifications that alert administrators about any changes that are made to an Amazon S3 bucket. The engineer has configured AWS Config and created an SNS topic. Changes have been made to the S3 bucket, but the SNS notifications have not been sent.Which combination of steps should the security engineer take to resolve the issue? (Select THREE.) 

A company has a critical web application running on a fleet of auto scaling Amazon EC2 instances behind an Application Load Balancer (ALB). The ALB is associated with an AWS WAF web ACL. The security team has identified suspicious port scans coming from a specific range of internet IP addresses. A security engineer needs to block access from the identified addresses.Which solution meets these requirements?

A company stores sensitive data in an Amazon S3 bucket. The company encrypts the data at rest by using server-side encryption with Amazon S3 managed keys (SSE-S3). A security engineer must prevent any modifications to the data in the S3 bucket. Which solution will meet this requirement?