Free Amazon SCS-C03 Exam Questions

Become Amazon Certified with updated SCS-C03 exam questions and correct answers

Page: 1 / 36

Total 178 Questions | Updated On: Apr 16, 2026

Add To Cart

Question 1

A company is building a secure solution that relies on an AWS Key Management Service (AWS KMS) customer managed key. The company wants to allow AWS Lambda to use the KMS key. However, the company wants to prevent Amazon EC2 from using the key. Which solution will meet these requirements?

A : Use IAM explicit deny for EC2 instance profiles and allow for Lambda roles.

B : Use a KMS key policy with kms:ViaService conditions to allow Lambda usage and deny EC2 usage.

C : Use aws:SourceIp and aws:AuthorizedService condition keys in the KMS key policy.

D : Use an SCP to deny EC2 and allow Lambda.

Answer: B

Question 2

Who is responsible for job site security?

A : Owner

B : Architect/engineer

C : Contractor

D : Construction manager

Answer: D

Question 3

A development team is creating an open source toolset to manage a companys software as a service(SaaS) application. The company stores the code in a public repository so that anyone can view anddownload the toolsets code. The company discovers that the code contains an IAM access key andsecret key that provide access to internal resources in the company's AWS environment. A securityengineer must implement a solution to identify whether unauthorized usage of the exposedcredentials has occurred. The solution also must prevent any additional usage of the exposedcredentials.Which combination of steps will meet these requirements? (Select TWO.)

A : Use AWS Identity and Access Management Access Analyzer to determine which resources theexposed credentials accessed and who used them.

B : Deactivate the exposed IAM access key from the user's IAM account.

C : Create a rule in Amazon GuardDuty to block the access key in the source code from being used.

D : Create a new IAM access key and secret key for the user whose credentials were exposed.

E : Generate an IAM credential report. Check the report to determine when the user that owns theaccess key last logged in.

Answer: B,E

Question 4

An AWS Lambda function was misused to alter data, and a security engineer must identify who invoked the function and what output was produced. The engineer cannot find any logs created by the Lambda function in Amazon CloudWatch Logs. Which of the following explains why the logs are not available?

A : The execution role for the Lambda function did not grant permissions to write log data to CloudWatch Logs.

B : The Lambda function was invoked by using Amazon API Gateway, so the logs are not stored in CloudWatch Logs.

C : The execution role for the Lambda function did not grant permissions to write to the Amazon S3 bucket where CloudWatch Logs stores the logs.

D : The version of the Lambda function that was invoked was not current.

Answer: A

Question 5

A company is using AWS to run a long-running analysis process on data that is stored in Amazon S3 buckets. The process runs on a fleet of Amazon EC2 instances in an Auto Scaling group. The EC2 instances are deployed in a private subnet that does not have internet access. The EC2 instances access Amazon S3 through an S3 gateway endpoint that has the default access policy. Each EC2 instance uses an instance profile role that allows s3:GetObject and s3:PutObject only for required S3 buckets. The company learns that one or more EC2 instances are compromised and are exfiltrating data to an S3 bucket that isoutside the company’s AWS Organization. The processing job must continue to function. Which solution will meet these requirements?

A : Update the policy on the S3 gateway endpoint to allow S3 actions only if aws:ResourceOrgId and aws: PrincipalOrgId match the company’s organization.

B : Update the instance profile role policy to require aws:ResourceOrgId.

C : Add a network ACL rule to block outbound traffic on port 443.

D : Apply an SCP that restricts S3 actions using organization condition keys.

Answer: A

Page: 1 / 36

Total 178 Questions | Updated On: Apr 16, 2026

Add To Cart