Free Amazon SCS-C03 Exam Questions

Question 1

A company has several Amazon S3 buckets that do not enforce encryption in transit. A security engineer must implement a solution that enforces encryption in transit for all the company's existing and future S3 buckets. Which solution will meet these requirements?

A : Enable AWS Config. Create a proactive AWS Config Custom Policy rule. Create a Guard clause to evaluate the S3 bucket policies to check for a value of True for the aws:SecureTransport condition key. If the AWS Config rule evaluates to NON_COMPLIANT, block resource creation.

B : Enable AWS Config. Configure the s3-bucket-ssl-requests-only AWS Config managed rule and set the rule trigger type to Hybrid. Create an AWS Systems Manager Automation runbook that applies a bucket policy to deny requests when the value of the aws:SecureTransport condition key is False. Configure automatic remediation. Set the runbook as the target of the rule.

C : Enable Amazon Inspector. Create a custom AWS Lambda rule. Create a Lambda function that applies a bucket policy to deny requests when the value of the aws:SecureTransport condition key is False. Set the Lambda function as the target of the rule.

D : Create an AWS CloudTrail trail. Enable S3 data events on the trail. Create an AWS Lambda function that applies a bucket policy to deny requests when the value of the aws:SecureTransport condition key is False. Configure the CloudTrail trail to invoke the Lambda function.

Answer: B

Question 2

A company uses an organization in AWS Organizations to manage multiple AWS accounts. The company wants to centrally give users the ability to access Amazon Q Developer. Which solution will meet this requirement?

A : Enable AWS IAM Identity Center and set up Amazon Q Developer as an AWS managed application.

B : Enable Amazon Cognito and create a new identity pool for Amazon Q Developer.

C : Enable Amazon Cognito and set up Amazon Q Developer as an AWS managed application.

D : Enable AWS IAM Identity Center and create a new identity pool for Amazon Q Developer.

Answer: A

Question 3

During the schematic design phase, a contingency line item in the estimate would be included to cover which of the following?

A : Allowances

B : Unit prices

C : Unknown factors

D : Alternates

Answer: C

Question 4

A company hosts its public website on Amazon EC2 instances behind an Application Load Balancer (ALB). The website is experiencing a global DDoS attack by a specific IoT device brand that has a unique user agent. A security engineer is creating an AWS WAF web ACL and will associate the web ACL with the ALB. The security engineer must implement a rule statement as part of the web ACL to block the requests. The rule statement must mitigate the current attack and future attacks from these IoT devices without blocking requests from customers. Which rule statement will meet these requirements?

A : Use an IP set match rule statement that includes the IP address for IoT devices from the user agent.

B : Use a geographic match rule statement. Configure the statement to block countries that the IoT devices are located in.

C : Use a rate-based rule statement. Set a rate limit that is equal to the number of requests that are coming from the IoT devices.

D : Use a string match rule statement that includes details of the IoT device brand from the user agent.

Answer: D

Question 5