ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 259 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 259
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company is planning to migrate its applications to AWS in a single AWS Region. The company’s applications will use a combination of Amazon EC2 instances, Elastic Load Balancing (ELB) load balancers, and Amazon S3 buckets. The company wants to complete the migration as quickly as possible. All the applications must meet the following requirements:

• Data must be encrypted at rest.
• Data must be encrypted in transit.
• Endpoints must be monitored for anomalous network traffic.

Which combination of steps should a security engineer take to meet these requirements with the LEAST effort? (Choose three.)

  • A. Install the Amazon Inspector agent on EC2 instances by using AWS Systems Manager Automation.
  • B. Enable Amazon GuardDuty in all AWS accounts.
  • C. Create VPC endpoints for Amazon EC2 and Amazon S3. Update VPC route tables to use only the secure VPC endpoints.
  • D. Configure AWS Certificate Manager (ACM). Configure the load balancers to use certificates from ACM.
  • E. Use AWS Key Management Service (AWS KMS) for key management. Create an S3 bucket policy to deny any PutObject command with a condition for x-amz-meta-side-encryption.
  • F. Use AWS Key Management Service (AWS KMS) for key management. Create an S3 bucket policy to deny any PutObject command with a condition for x-amz-server-side-encryption.
Show Suggested Answer Hide Answer
Suggested Answer: BDF 🗳️
by Bachhu at Jan. 6, 2025, 2:59 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
phmeeeee
3 weeks, 2 days ago
Selected Answer: BDF
Agree with BDF
upvoted 1 times
...
Bachhu
3 months, 3 weeks ago
Selected Answer: BDF
Seems like: • Data must be encrypted at rest ==> F • Data must be encrypted in transit ==> D • Endpoints must be monitored for anomalous network traffic ==> B
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago