{"id":123070,"date":"2026-04-08T06:44:39","date_gmt":"2026-04-08T06:44:39","guid":{"rendered":"https:\/\/www.dumpsbase.com\/freedumps\/?p=123070"},"modified":"2026-04-08T06:44:42","modified_gmt":"2026-04-08T06:44:42","slug":"aws-scs-c03-free-dumps-part-2-q41-q60-of-v11-02-are-online-today-read-and-verify-the-amazon-scs-c03-dumps","status":"publish","type":"post","link":"https:\/\/www.dumpsbase.com\/freedumps\/aws-scs-c03-free-dumps-part-2-q41-q60-of-v11-02-are-online-today-read-and-verify-the-amazon-scs-c03-dumps.html","title":{"rendered":"AWS SCS-C03 Free Dumps (Part 2, Q41-Q60) of V11.02 Are Online Today &#8211; Read and Verify the Amazon SCS-C03 Dumps"},"content":{"rendered":"\n<p>The Amazon SCS-C03 dumps (V11.02) from DumpsBase serve as a reliable study guide for the AWS Certified Security &#8211; Specialty exam, helping you succeed in 2026. Verify the quality by reading our <strong><em><a href=\"https:\/\/www.dumpsbase.com\/freedumps\/aws-scs-c03-dumps-v11-02-are-the-updated-materials-for-learning-check-aws-certified-security-specialty-scs-c03-free-dumps-part-1-q1-q40-today.html\">SCS-C03 free dumps (Part 1, Q1-Q40) of V11.02<\/a><\/em><\/strong>\u2014you&#8217;ll find real exam questions with verified answers and detailed explanations that ensure a thorough understanding of all key topics. The SCS-C03 exam dumps (V11.02) are regularly updated to reflect the latest syllabus changes and exam patterns, and include one year of free updates. Using these current materials will boost your confidence and provide a reliable pathway to passing the challenging AWS Certified Security &#8211; Specialty (SCS-C03) certification exam on your first attempt. Today, we will continue to share more AWS SCS-C03 free dumps to help you verify again.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">AWS SCS-C03 free dumps (Part 2, Q41-Q60) of V11.02 are below to help you verify again:<\/h2>\n\n\n<script>\n\t  window.fbAsyncInit = function() {\n\t    FB.init({\n\t      appId            : '622169541470367',\n\t      autoLogAppEvents : true,\n\t      xfbml            : true,\n\t      version          : 'v3.1'\n\t    });\n\t  };\n\t\n\t  (function(d, s, id){\n\t     var js, fjs = d.getElementsByTagName(s)[0];\n\t     if (d.getElementById(id)) {return;}\n\t     js = d.createElement(s); js.id = id;\n\t     js.src = \"https:\/\/connect.facebook.net\/en_US\/sdk.js\";\n\t     fjs.parentNode.insertBefore(js, fjs);\n\t   }(document, 'script', 'facebook-jssdk'));\n\t<\/script><script type=\"text\/javascript\" >\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \nif(!window.jQuery) alert(\"The important jQuery library is not properly loaded in your site. Your WordPress theme is probably missing the essential wp_head() call. You can switch to another theme and you will see that the plugin works fine and this notice disappears. If you are still not sure what to do you can contact us for help.\");\n});\n<\/script>  \n  \n<div  id=\"watupro_quiz\" class=\"quiz-area single-page-quiz\">\n<p id=\"submittingExam11861\" style=\"display:none;text-align:center;\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\"><\/p>\n\n<div class=\"watupro-exam-description\" id=\"description-quiz-11861\"><\/div>\n\n<form action=\"\" method=\"post\" class=\"quiz-form\" id=\"quiz-11861\"  enctype=\"multipart\/form-data\" >\n<div class='watu-question ' id='question-1' style=';'><div id='questionWrap-1'  class='   watupro-question-id-464741'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>1. <\/span>A company recently experienced a malicious attack on its cloud-based environment. The company successfully contained and eradicated the attack. A security engineer is performing incident response work. The security engineer needs to recover an Amazon RDS database cluster to the last known good version. The database cluster is configured to generate automated backups with a retention period of 14 days. The initial attack occurred 5 days ago at exactly 3:15 PM. <br \/>\r<br>Which solution will meet this requirement?<\/div><input type='hidden' name='question_id[]' id='qID_1' value='464741' \/><input type='hidden' id='answerType464741' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464741[]' id='answer-id-1796201' class='answer   answerof-464741 ' value='1796201'   \/><label for='answer-id-1796201' id='answer-label-1796201' class=' answer'><span>Identify the Regional cluster ARN for the database. Use the ARN to restore the Regional cluster by using the restore to point in time feature. Set a target time 5 days ago at 3:14 P<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464741[]' id='answer-id-1796202' class='answer   answerof-464741 ' value='1796202'   \/><label for='answer-id-1796202' id='answer-label-1796202' class=' answer'><span>Identify the Regional cluster ARN for the database. List snapshots that have been taken of the cluster. Restore the database by using the snapshot that has a creation time that is closest to 5 days ago at 3:14 P<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464741[]' id='answer-id-1796203' class='answer   answerof-464741 ' value='1796203'   \/><label for='answer-id-1796203' id='answer-label-1796203' class=' answer'><span>List all snapshots that have been taken of all the company's RDS databases. Identify the snapshot that was taken closest to 5 days ago at 3:14 PM and restore it.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464741[]' id='answer-id-1796204' class='answer   answerof-464741 ' value='1796204'   \/><label for='answer-id-1796204' id='answer-label-1796204' class=' answer'><span>Identify the Regional cluster ARN for the database. Use the ARN to restore the Regional cluster by using the restore to point in time feature. Set a target time 14 days ago.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-2' style=';'><div id='questionWrap-2'  class='   watupro-question-id-464742'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>2. <\/span>A company\u2019s developers are using AWS Lambda function URLs to invoke functions directly. Thecompany must ensure that developers cannot configure or deploy unauthenticated functions in production accounts. The company wants to meet this requirement by using AWS Organizations. The solution must not require additional work for the developers. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_2' value='464742' \/><input type='hidden' id='answerType464742' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464742[]' id='answer-id-1796205' class='answer   answerof-464742 ' value='1796205'   \/><label for='answer-id-1796205' id='answer-label-1796205' class=' answer'><span>Require the developers to configure all function URLs to support cross-origin resource sharing (CORS) when the functions are called from a different domain.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464742[]' id='answer-id-1796206' class='answer   answerof-464742 ' value='1796206'   \/><label for='answer-id-1796206' id='answer-label-1796206' class=' answer'><span>Use an AWS WAF delegated administrator account to view and block unauthenticated access to function URLs in production accounts, based on the OU of accounts that are using the functions.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464742[]' id='answer-id-1796207' class='answer   answerof-464742 ' value='1796207'   \/><label for='answer-id-1796207' id='answer-label-1796207' class=' answer'><span>Use SCPs to allow all lambda:CreateFunctionUrlConfig and lambda:UpdateFunctionUrlConfig actions that have a lambda:FunctionUrlAuthType condition key value of AWS_IA<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464742[]' id='answer-id-1796208' class='answer   answerof-464742 ' value='1796208'   \/><label for='answer-id-1796208' id='answer-label-1796208' class=' answer'><span>Use SCPs to deny all lambda:CreateFunctionUrlConfig and lambda:UpdateFunctionUrlConfig actions that have a lambda:FunctionUrlAuthType condition key value of NON<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-3' style=';'><div id='questionWrap-3'  class='   watupro-question-id-464743'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>3. <\/span>A company needs centralized log monitoring with automatic detection across hundreds of AWS accounts. <br \/>\r<br>Which solution meets these requirements with the LEAST operational effort?<\/div><input type='hidden' name='question_id[]' id='qID_3' value='464743' \/><input type='hidden' id='answerType464743' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464743[]' id='answer-id-1796209' class='answer   answerof-464743 ' value='1796209'   \/><label for='answer-id-1796209' id='answer-label-1796209' class=' answer'><span>Designate a GuardDuty administrator account and enable protections.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464743[]' id='answer-id-1796210' class='answer   answerof-464743 ' value='1796210'   \/><label for='answer-id-1796210' id='answer-label-1796210' class=' answer'><span>Centralize CloudWatch logs and use Inspector.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464743[]' id='answer-id-1796211' class='answer   answerof-464743 ' value='1796211'   \/><label for='answer-id-1796211' id='answer-label-1796211' class=' answer'><span>Centralize CloudTrail logs and query with Athena.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464743[]' id='answer-id-1796212' class='answer   answerof-464743 ' value='1796212'   \/><label for='answer-id-1796212' id='answer-label-1796212' class=' answer'><span>Stream logs to Kinesis and process with Lambda.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-4' style=';'><div id='questionWrap-4'  class='   watupro-question-id-464744'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>4. <\/span>A company has a single AWS account and uses an Amazon EC2 instance to test application code. The company recently discovered that the instance was compromised and was serving malware. Analysis showed that the instance was compromised 35 days ago. A security engineer must implement a continuous monitoring solution that automatically notifies the security team by email for high severity findings as soon as possible. <br \/>\r<br>Which combination of steps should the security engineer take to meet these requirements? (Select THREE.)<\/div><input type='hidden' name='question_id[]' id='qID_4' value='464744' \/><input type='hidden' id='answerType464744' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464744[]' id='answer-id-1796213' class='answer   answerof-464744 ' value='1796213'   \/><label for='answer-id-1796213' id='answer-label-1796213' class=' answer'><span>Enable AWS Security Hub in the AWS account.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464744[]' id='answer-id-1796214' class='answer   answerof-464744 ' value='1796214'   \/><label for='answer-id-1796214' id='answer-label-1796214' class=' answer'><span>Enable Amazon GuardDuty in the AWS account.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464744[]' id='answer-id-1796215' class='answer   answerof-464744 ' value='1796215'   \/><label for='answer-id-1796215' id='answer-label-1796215' class=' answer'><span>Create an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security team's email distribution list to the topic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464744[]' id='answer-id-1796216' class='answer   answerof-464744 ' value='1796216'   \/><label for='answer-id-1796216' id='answer-label-1796216' class=' answer'><span>Create an Amazon Simple Queue Service (Amazon SQS) queue. Subscribe the security team's email distribution list to the queue.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464744[]' id='answer-id-1796217' class='answer   answerof-464744 ' value='1796217'   \/><label for='answer-id-1796217' id='answer-label-1796217' class=' answer'><span>Create an Amazon EventBridge rule for GuardDuty findings of high severity. Configure the rule to publish a message to the topic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464744[]' id='answer-id-1796218' class='answer   answerof-464744 ' value='1796218'   \/><label for='answer-id-1796218' id='answer-label-1796218' class=' answer'><span>Create an Amazon EventBridge rule for Security Hub findings of high severity. Configure the rule to publish a message to the queue.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-5' style=';'><div id='questionWrap-5'  class='   watupro-question-id-464745'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>5. <\/span>A company hosts its public website on Amazon EC2 instances behind an Application Load Balancer (ALB). The website is experiencing a global DDoS attack from a specific IoT device brand that uses a unique user agent. A security engineer is creating an AWS WAF web ACL and will associate it with the ALB. <br \/>\r<br>Which rule statement will mitigate the current attack and future attacks from these IoT devices without blocking legitimate customers?<\/div><input type='hidden' name='question_id[]' id='qID_5' value='464745' \/><input type='hidden' id='answerType464745' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464745[]' id='answer-id-1796219' class='answer   answerof-464745 ' value='1796219'   \/><label for='answer-id-1796219' id='answer-label-1796219' class=' answer'><span>Use an IP set match rule statement.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464745[]' id='answer-id-1796220' class='answer   answerof-464745 ' value='1796220'   \/><label for='answer-id-1796220' id='answer-label-1796220' class=' answer'><span>Use a geographic match rule statement.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464745[]' id='answer-id-1796221' class='answer   answerof-464745 ' value='1796221'   \/><label for='answer-id-1796221' id='answer-label-1796221' class=' answer'><span>Use a rate-based rule statement.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464745[]' id='answer-id-1796222' class='answer   answerof-464745 ' value='1796222'   \/><label for='answer-id-1796222' id='answer-label-1796222' class=' answer'><span>Use a string match rule statement on the user agent.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-6' style=';'><div id='questionWrap-6'  class='   watupro-question-id-464746'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>6. <\/span>A company has security requirements for Amazon Aurora MySQL databases regarding encryption, deletion protection, public access, and audit logging. The company needs continuous monitoring and real-time visibility into compliance status. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_6' value='464746' \/><input type='hidden' id='answerType464746' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464746[]' id='answer-id-1796223' class='answer   answerof-464746 ' value='1796223'   \/><label for='answer-id-1796223' id='answer-label-1796223' class=' answer'><span>Use AWS Audit Manager with a custom framework.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464746[]' id='answer-id-1796224' class='answer   answerof-464746 ' value='1796224'   \/><label for='answer-id-1796224' id='answer-label-1796224' class=' answer'><span>Enable AWS Config and use managed rules to monitor Aurora MySQL compliance.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464746[]' id='answer-id-1796225' class='answer   answerof-464746 ' value='1796225'   \/><label for='answer-id-1796225' id='answer-label-1796225' class=' answer'><span>Use AWS Security Hub configuration policies.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464746[]' id='answer-id-1796226' class='answer   answerof-464746 ' value='1796226'   \/><label for='answer-id-1796226' id='answer-label-1796226' class=' answer'><span>Use EventBridge and Lambda with custom metrics.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-7' style=';'><div id='questionWrap-7'  class='   watupro-question-id-464747'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>7. <\/span>A company uses AWS IAM Identity Center with SAML 2.0 federation. The company decides to change its federation source from one identity provider (IdP) to another. The underlying directory for both IdPs is Active Directory. <br \/>\r<br>Which solution will meet this requirement?<\/div><input type='hidden' name='question_id[]' id='qID_7' value='464747' \/><input type='hidden' id='answerType464747' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464747[]' id='answer-id-1796227' class='answer   answerof-464747 ' value='1796227'   \/><label for='answer-id-1796227' id='answer-label-1796227' class=' answer'><span>Disable all existing users and groups within IAM Identity Center that were part of the federation with the original Id<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464747[]' id='answer-id-1796228' class='answer   answerof-464747 ' value='1796228'   \/><label for='answer-id-1796228' id='answer-label-1796228' class=' answer'><span>Modify the attribute mappings within the IAM Identity Center trust relationship to match information that the new IdP sends.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464747[]' id='answer-id-1796229' class='answer   answerof-464747 ' value='1796229'   \/><label for='answer-id-1796229' id='answer-label-1796229' class=' answer'><span>Reconfigure all existing IAM roles in the company's AWS accounts to explicitly trust the new IdP as the principal.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464747[]' id='answer-id-1796230' class='answer   answerof-464747 ' value='1796230'   \/><label for='answer-id-1796230' id='answer-label-1796230' class=' answer'><span>Confirm that the Network Time Protocol (NTP) clock skew is correctly set between IAM Identity Center and the new IdP endpoints.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-8' style=';'><div id='questionWrap-8'  class='   watupro-question-id-464748'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>8. <\/span>A company uses AWS IAM Identity Center to manage access to its AWS accounts. The accounts are in an organization in AWS Organizations. A security engineer needs to set up delegated administration of IAM Identity Center in the organization\u2019s management account. <br \/>\r<br>Which combination of steps should the security engineer perform in IAM Identity Center before configuring delegated administration? (Select THREE.)<\/div><input type='hidden' name='question_id[]' id='qID_8' value='464748' \/><input type='hidden' id='answerType464748' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464748[]' id='answer-id-1796231' class='answer   answerof-464748 ' value='1796231'   \/><label for='answer-id-1796231' id='answer-label-1796231' class=' answer'><span>Grant least privilege access to the organization's management account.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464748[]' id='answer-id-1796232' class='answer   answerof-464748 ' value='1796232'   \/><label for='answer-id-1796232' id='answer-label-1796232' class=' answer'><span>Create a new IAM Identity Center directory in the organization's management account.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464748[]' id='answer-id-1796233' class='answer   answerof-464748 ' value='1796233'   \/><label for='answer-id-1796233' id='answer-label-1796233' class=' answer'><span>Set up a second AWS Region in the organization\u2019s management account.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464748[]' id='answer-id-1796234' class='answer   answerof-464748 ' value='1796234'   \/><label for='answer-id-1796234' id='answer-label-1796234' class=' answer'><span>Create permission sets for use only in the organization's management account.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464748[]' id='answer-id-1796235' class='answer   answerof-464748 ' value='1796235'   \/><label for='answer-id-1796235' id='answer-label-1796235' class=' answer'><span>Create IAM users for use only in the organization's management account.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464748[]' id='answer-id-1796236' class='answer   answerof-464748 ' value='1796236'   \/><label for='answer-id-1796236' id='answer-label-1796236' class=' answer'><span>Create user assignments only in the organization's management account.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-9' style=';'><div id='questionWrap-9'  class='   watupro-question-id-464749'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>9. <\/span>A company uses AWS Organizations to manage an organization that consists of three workload OUs: Production, Development, and Testing. The company uses AWS CloudFormation templates to define and deploy workload infrastructure in AWS accounts that are associated with the OUs. Different SCPs are attached to each workload OU. <br \/>\r<br>The company successfully deployed a CloudFormation stack update to workloads in the Development OU and the Testing OU. When the company uses the same CloudFormation template to deploy the stack update in an account in the Production OU, the update fails. The error message reports insufficient IAM permissions. <br \/>\r<br>What is the FIRST step that a security engineer should take to troubleshoot this issue?<\/div><input type='hidden' name='question_id[]' id='qID_9' value='464749' \/><input type='hidden' id='answerType464749' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464749[]' id='answer-id-1796237' class='answer   answerof-464749 ' value='1796237'   \/><label for='answer-id-1796237' id='answer-label-1796237' class=' answer'><span>Review the AWS CloudTrail logs in the account in the Production O<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464749[]' id='answer-id-1796238' class='answer   answerof-464749 ' value='1796238'   \/><label for='answer-id-1796238' id='answer-label-1796238' class=' answer'><span>Search for any failed API calls from CloudFormation during the deployment attempt.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464749[]' id='answer-id-1796239' class='answer   answerof-464749 ' value='1796239'   \/><label for='answer-id-1796239' id='answer-label-1796239' class=' answer'><span>Remove all the SCPs that are attached to the Production O<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464749[]' id='answer-id-1796240' class='answer   answerof-464749 ' value='1796240'   \/><label for='answer-id-1796240' id='answer-label-1796240' class=' answer'><span>Rerun the CloudFormation stack update to determine if the SCPs were preventing the CloudFormation API calls.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464749[]' id='answer-id-1796241' class='answer   answerof-464749 ' value='1796241'   \/><label for='answer-id-1796241' id='answer-label-1796241' class=' answer'><span>Confirm that the role used by CloudFormation has sufficient permissions to create, update, and delete the resources that are referenced in the CloudFormation template.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464749[]' id='answer-id-1796242' class='answer   answerof-464749 ' value='1796242'   \/><label for='answer-id-1796242' id='answer-label-1796242' class=' answer'><span>Make all the SCPs that are attached to the Production OU the same as the SCPs that are attached to the Testing O<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-10' style=';'><div id='questionWrap-10'  class='   watupro-question-id-464750'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>10. <\/span>A company has a web application that reads from and writes to an Amazon S3 bucket. The company needs to authenticate all S3 API calls with AWS credentials. <br \/>\r<br>Which solution will provide the application with AWS credentials?<\/div><input type='hidden' name='question_id[]' id='qID_10' value='464750' \/><input type='hidden' id='answerType464750' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464750[]' id='answer-id-1796243' class='answer   answerof-464750 ' value='1796243'   \/><label for='answer-id-1796243' id='answer-label-1796243' class=' answer'><span>Use Amazon Cognito identity pools and the GetId AP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464750[]' id='answer-id-1796244' class='answer   answerof-464750 ' value='1796244'   \/><label for='answer-id-1796244' id='answer-label-1796244' class=' answer'><span>Use Amazon Cognito identity pools and AssumeRoleWithWebIdentity.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464750[]' id='answer-id-1796245' class='answer   answerof-464750 ' value='1796245'   \/><label for='answer-id-1796245' id='answer-label-1796245' class=' answer'><span>Use Amazon Cognito user pools with ID tokens.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464750[]' id='answer-id-1796246' class='answer   answerof-464750 ' value='1796246'   \/><label for='answer-id-1796246' id='answer-label-1796246' class=' answer'><span>Use Amazon Cognito user pools with access tokens.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-11' style=';'><div id='questionWrap-11'  class='   watupro-question-id-464751'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>11. <\/span>An application is running on an Amazon EC2 instance that has an IAM role attached. The IAM role provides access to an AWS Key Management Service (AWS KMS) customer managed key and an Amazon S3 bucket. The key is used to access 2 TB of sensitive data that is stored in the S3 bucket. A security engineer discovers a potential vulnerability on the EC2 instance that could result in the compromise of the sensitive data. Due to other critical operations, the security engineer cannot immediately shut down the EC2 instance for vulnerability patching. <br \/>\r<br>What is the FASTEST way to prevent the sensitive data from being exposed?<\/div><input type='hidden' name='question_id[]' id='qID_11' value='464751' \/><input type='hidden' id='answerType464751' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464751[]' id='answer-id-1796247' class='answer   answerof-464751 ' value='1796247'   \/><label for='answer-id-1796247' id='answer-label-1796247' class=' answer'><span>Download the data from the existing S3 bucket to a new EC2 instance. Then delete the data from the S3 bucket. Re-encrypt the data with a client-based key. Upload the data to a new S3 bucket.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464751[]' id='answer-id-1796248' class='answer   answerof-464751 ' value='1796248'   \/><label for='answer-id-1796248' id='answer-label-1796248' class=' answer'><span>Block access to the public range of S3 endpoint IP addresses by using a host-based firewall. Ensure that internet-bound traffic from the affected EC2 instance is routed through the host-based firewall.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464751[]' id='answer-id-1796249' class='answer   answerof-464751 ' value='1796249'   \/><label for='answer-id-1796249' id='answer-label-1796249' class=' answer'><span>Revoke the IAM role\u2019s active session permissions. Update the S3 bucket policy to deny access to the IAM role. Remove the IAM role from the EC2 instance profile.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464751[]' id='answer-id-1796250' class='answer   answerof-464751 ' value='1796250'   \/><label for='answer-id-1796250' id='answer-label-1796250' class=' answer'><span>Disable the current key. Create a new KMS key that the IAM role does not have access to, and re-encrypt all the data with the new key. Schedule the compromised key for deletion.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-12' style=';'><div id='questionWrap-12'  class='   watupro-question-id-464752'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>12. <\/span>A company is using AWS CloudTrail and Amazon CloudWatch to monitor resources in an AWS account. The company\u2019s developers have been using an IAM role in the account for the last 3 months. <br \/>\r<br>A security engineer needs to refine the customer managed IAM policy attached to the role to ensure that the role provides least privilege access. <br \/>\r<br>Which solution will meet this requirement with the LEAST effort?<\/div><input type='hidden' name='question_id[]' id='qID_12' value='464752' \/><input type='hidden' id='answerType464752' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464752[]' id='answer-id-1796251' class='answer   answerof-464752 ' value='1796251'   \/><label for='answer-id-1796251' id='answer-label-1796251' class=' answer'><span>Implement AWS IAM Access Analyzer policy generation on the role.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464752[]' id='answer-id-1796252' class='answer   answerof-464752 ' value='1796252'   \/><label for='answer-id-1796252' id='answer-label-1796252' class=' answer'><span>Implement AWS IAM Access Analyzer policy validation on the role.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464752[]' id='answer-id-1796253' class='answer   answerof-464752 ' value='1796253'   \/><label for='answer-id-1796253' id='answer-label-1796253' class=' answer'><span>Search CloudWatch logs to determine the actions the role invoked and to evaluate the permissions.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464752[]' id='answer-id-1796254' class='answer   answerof-464752 ' value='1796254'   \/><label for='answer-id-1796254' id='answer-label-1796254' class=' answer'><span>Use AWS Trusted Advisor to compare the policies assigned to the role against AWS best practices.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-13' style=';'><div id='questionWrap-13'  class='   watupro-question-id-464753'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>13. <\/span>A company runs a public web application on Amazon EKS behind Amazon CloudFront and an Application Load Balancer (ALB). A security engineer must send a notification to an existing Amazon SNS topic when the application receives 10,000 requests from the same end-user IP address within any 5-minute period. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_13' value='464753' \/><input type='hidden' id='answerType464753' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464753[]' id='answer-id-1796255' class='answer   answerof-464753 ' value='1796255'   \/><label for='answer-id-1796255' id='answer-label-1796255' class=' answer'><span>Configure CloudFront standard logging and CloudWatch Logs metric filters.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464753[]' id='answer-id-1796256' class='answer   answerof-464753 ' value='1796256'   \/><label for='answer-id-1796256' id='answer-label-1796256' class=' answer'><span>Configure VPC Flow Logs and CloudWatch Logs metric filters.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464753[]' id='answer-id-1796257' class='answer   answerof-464753 ' value='1796257'   \/><label for='answer-id-1796257' id='answer-label-1796257' class=' answer'><span>Configure an AWS WAF web ACL with an ASN match rule and CloudWatch alarms.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464753[]' id='answer-id-1796258' class='answer   answerof-464753 ' value='1796258'   \/><label for='answer-id-1796258' id='answer-label-1796258' class=' answer'><span>Configure an AWS WAF web ACL with a rate-based rule. Associate it with CloudFront. Create a CloudWatch alarm to notify SN<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-14' style=';'><div id='questionWrap-14'  class='   watupro-question-id-464754'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>14. <\/span>A security engineer needs to prepare Amazon EC2 instances for quarantine during a security incident. AWS Systems Manager Agent (SSM Agent) is installed, and a script exists to install and update forensic tools. <br \/>\r<br>Which solution will quarantine EC2 instances during a security incident?<\/div><input type='hidden' name='question_id[]' id='qID_14' value='464754' \/><input type='hidden' id='answerType464754' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464754[]' id='answer-id-1796259' class='answer   answerof-464754 ' value='1796259'   \/><label for='answer-id-1796259' id='answer-label-1796259' class=' answer'><span>Track SSM Agent versions with AWS Config.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464754[]' id='answer-id-1796260' class='answer   answerof-464754 ' value='1796260'   \/><label for='answer-id-1796260' id='answer-label-1796260' class=' answer'><span>Configure Session Manager to deny external connections.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464754[]' id='answer-id-1796261' class='answer   answerof-464754 ' value='1796261'   \/><label for='answer-id-1796261' id='answer-label-1796261' class=' answer'><span>Store the script in Amazon S3 and grant read access.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464754[]' id='answer-id-1796262' class='answer   answerof-464754 ' value='1796262'   \/><label for='answer-id-1796262' id='answer-label-1796262' class=' answer'><span>Configure IAM permissions for the SSM Agent to run the script as a Systems Manager Run Command document.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-15' style=';'><div id='questionWrap-15'  class='   watupro-question-id-464755'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>15. <\/span>A consultant agency needs to perform a security audit for a company's production AWS account. Several consultants need access to the account. The consultant agency already has its own AWS account. The company requires multi-factor authentication (MFA) for all access to its production account. The company also forbids the use of long-term credentials. <br \/>\r<br>Which solution will provide the consultant agency with access that meets these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_15' value='464755' \/><input type='hidden' id='answerType464755' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464755[]' id='answer-id-1796263' class='answer   answerof-464755 ' value='1796263'   \/><label for='answer-id-1796263' id='answer-label-1796263' class=' answer'><span>Create an IAM group. Create an IAM user for each consultant. Add each user to the group. Turn on MFA for each consultant.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464755[]' id='answer-id-1796264' class='answer   answerof-464755 ' value='1796264'   \/><label for='answer-id-1796264' id='answer-label-1796264' class=' answer'><span>Configure Amazon Cognito on the company\u2019s production account to authenticate against the consultant agency's identity provider (IdP). Add MFA to a Cognito user pool.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464755[]' id='answer-id-1796265' class='answer   answerof-464755 ' value='1796265'   \/><label for='answer-id-1796265' id='answer-label-1796265' class=' answer'><span>Create an IAM role in the consultant agency's AWS account. Define a trust policy that requires MF<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464755[]' id='answer-id-1796266' class='answer   answerof-464755 ' value='1796266'   \/><label for='answer-id-1796266' id='answer-label-1796266' class=' answer'><span>In the trust policy, specify the company's production account as the principal. Attach the trust policy to the role.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464755[]' id='answer-id-1796267' class='answer   answerof-464755 ' value='1796267'   \/><label for='answer-id-1796267' id='answer-label-1796267' class=' answer'><span>Create an IAM role in the company\u2019s production account. Define a trust policy that requires MF<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464755[]' id='answer-id-1796268' class='answer   answerof-464755 ' value='1796268'   \/><label for='answer-id-1796268' id='answer-label-1796268' class=' answer'><span>In the trust policy, specify the consultant agency's AWS account as the principal. Attach the trust policy to the role.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-16' style=';'><div id='questionWrap-16'  class='   watupro-question-id-464756'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>16. <\/span>A company is implementing new compliance requirements to meet customer needs. According to the new requirements, the company must not use any Amazon RDS DB instances or DB clusters that lack encryption of the underlying storage. The company needs a solution that will generate an email alert when an unencrypted DB instance or DB cluster is created. The solution also must terminate the unencrypted DB instance or DB cluster. <br \/>\r<br>Which solution will meet these requirements in the MOST operationally efficient manner?<\/div><input type='hidden' name='question_id[]' id='qID_16' value='464756' \/><input type='hidden' id='answerType464756' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464756[]' id='answer-id-1796269' class='answer   answerof-464756 ' value='1796269'   \/><label for='answer-id-1796269' id='answer-label-1796269' class=' answer'><span>Create an AWS Config managed rule to detect unencrypted RDS storage. Configure an automatic remediation action to publish messages to an Amazon Simple Notification Service (Amazon SNS) topic that includes an AWS Lambda function and an email delivery target as subscribers. Configure the Lambda function to delete the unencrypted resource.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464756[]' id='answer-id-1796270' class='answer   answerof-464756 ' value='1796270'   \/><label for='answer-id-1796270' id='answer-label-1796270' class=' answer'><span>Create an AWS Config managed rule to detect unencrypted RDS storage. Configure a manual remediation action to invoke an AWS Lambda function. Configure the Lambda function to publish messages to an Amazon Simple Notification Service (Amazon SNS) topic and to delete the unencrypted resource.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464756[]' id='answer-id-1796271' class='answer   answerof-464756 ' value='1796271'   \/><label for='answer-id-1796271' id='answer-label-1796271' class=' answer'><span>Create an Amazon EventBridge rule that evaluates RDS event patterns and is initiated by the creation of DB instances or DB clusters. Configure the rule to publish messages to an Amazon Simple Notification Service (Amazon SNS) topic that includes an AWS Lambda function and an email delivery target as subscribers. Configure the Lambda function to delete the unencrypted resource.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464756[]' id='answer-id-1796272' class='answer   answerof-464756 ' value='1796272'   \/><label for='answer-id-1796272' id='answer-label-1796272' class=' answer'><span>Create an Amazon EventBridge rule that evaluates RDS event patterns and is initiated by the creation of DB instances or DB clusters. Configure the rule to invoke an AWS Lambda function. Configure the Lambda function to publish messages to an Amazon Simple Notification Service (Amazon SNS) topic and to delete the unencrypted resource.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-17' style=';'><div id='questionWrap-17'  class='   watupro-question-id-464757'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>17. <\/span>A company is planning to migrate its applications to AWS in a single AWS Region. The company\u2019s applications will use a combination of Amazon EC2 instances, Elastic Load Balancing (ELB) load balancers, and Amazon S3 buckets. The company wants to complete the migration as quickly as possible. All the applications must meet the following requirements: <br \/>\r<br>&#8226; Data must be encrypted at rest. <br \/>\r<br>&#8226; Data must be encrypted in transit. <br \/>\r<br>&#8226; Endpoints must be monitored for anomalous network traffic. <br \/>\r<br>Which combination of steps should a security engineer take to meet these requirements with the LEAST effort? (Select THREE.)<\/div><input type='hidden' name='question_id[]' id='qID_17' value='464757' \/><input type='hidden' id='answerType464757' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464757[]' id='answer-id-1796273' class='answer   answerof-464757 ' value='1796273'   \/><label for='answer-id-1796273' id='answer-label-1796273' class=' answer'><span>Install the Amazon Inspector agent on EC2 instances by using AWS Systems Manager Automation.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464757[]' id='answer-id-1796274' class='answer   answerof-464757 ' value='1796274'   \/><label for='answer-id-1796274' id='answer-label-1796274' class=' answer'><span>Enable Amazon GuardDuty in all AWS accounts.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464757[]' id='answer-id-1796275' class='answer   answerof-464757 ' value='1796275'   \/><label for='answer-id-1796275' id='answer-label-1796275' class=' answer'><span>Create VPC endpoints for Amazon EC2 and Amazon S3. Update VPC route tables to use only the secure VPC endpoints.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464757[]' id='answer-id-1796276' class='answer   answerof-464757 ' value='1796276'   \/><label for='answer-id-1796276' id='answer-label-1796276' class=' answer'><span>Configure AWS Certificate Manager (ACM). Configure the load balancers to use certificates from AC<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464757[]' id='answer-id-1796277' class='answer   answerof-464757 ' value='1796277'   \/><label for='answer-id-1796277' id='answer-label-1796277' class=' answer'><span>Use AWS Key Management Service (AWS KMS) for key management. Create an S3 bucket policy to deny any PutObject command with a condition for x-amz-meta-side-encryption.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464757[]' id='answer-id-1796278' class='answer   answerof-464757 ' value='1796278'   \/><label for='answer-id-1796278' id='answer-label-1796278' class=' answer'><span>Use AWS Key Management Service (AWS KMS) for key management. Create an S3 bucket policy to deny any PutObject command with a condition for x-amz-server-side-encryption.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-18' style=';'><div id='questionWrap-18'  class='   watupro-question-id-464758'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>18. <\/span>A company stores sensitive data in an Amazon S3 bucket. The company encrypts the data at rest by using server-side encryption with Amazon S3 managed keys (SSE-S3). A security engineer must prevent any modifications to the data in the S3 bucket. <br \/>\r<br>Which solution will meet this requirement?<\/div><input type='hidden' name='question_id[]' id='qID_18' value='464758' \/><input type='hidden' id='answerType464758' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464758[]' id='answer-id-1796279' class='answer   answerof-464758 ' value='1796279'   \/><label for='answer-id-1796279' id='answer-label-1796279' class=' answer'><span>Configure S3 bucket policies to deny DELETE and PUT object permissions.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464758[]' id='answer-id-1796280' class='answer   answerof-464758 ' value='1796280'   \/><label for='answer-id-1796280' id='answer-label-1796280' class=' answer'><span>Configure S3 Object Lock in compliance mode with S3 bucket versioning enabled.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464758[]' id='answer-id-1796281' class='answer   answerof-464758 ' value='1796281'   \/><label for='answer-id-1796281' id='answer-label-1796281' class=' answer'><span>Change the encryption on the S3 bucket to use AWS Key Management Service (AWS KMS) customer managed keys.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464758[]' id='answer-id-1796282' class='answer   answerof-464758 ' value='1796282'   \/><label for='answer-id-1796282' id='answer-label-1796282' class=' answer'><span>Configure the S3 bucket with multi-factor authentication (MFA) delete protection.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-19' style=';'><div id='questionWrap-19'  class='   watupro-question-id-464759'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>19. <\/span>A security engineer discovers that a company's user passwords have no required minimum length. <br \/>\r<br>The company uses the following identity providers (IdPs): <br \/>\r<br>&#8226; AWS Identity and Access Management (IAM) federated with on-premises Active Directory <br \/>\r<br>&#8226; Amazon Cognito user pools that contain the user database for an AWS Cloud application <br \/>\r<br>Which combination of actions should the security engineer take to implement a required minimum password length? (Select TWO.)<\/div><input type='hidden' name='question_id[]' id='qID_19' value='464759' \/><input type='hidden' id='answerType464759' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464759[]' id='answer-id-1796283' class='answer   answerof-464759 ' value='1796283'   \/><label for='answer-id-1796283' id='answer-label-1796283' class=' answer'><span>Update the password length policy in the IAM configuration.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464759[]' id='answer-id-1796284' class='answer   answerof-464759 ' value='1796284'   \/><label for='answer-id-1796284' id='answer-label-1796284' class=' answer'><span>Update the password length policy in the Amazon Cognito configuration.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464759[]' id='answer-id-1796285' class='answer   answerof-464759 ' value='1796285'   \/><label for='answer-id-1796285' id='answer-label-1796285' class=' answer'><span>Update the password length policy in the on-premises Active Directory configuration.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464759[]' id='answer-id-1796286' class='answer   answerof-464759 ' value='1796286'   \/><label for='answer-id-1796286' id='answer-label-1796286' class=' answer'><span>Create an SCP in AWS Organizations to enforce minimum password length.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-464759[]' id='answer-id-1796287' class='answer   answerof-464759 ' value='1796287'   \/><label for='answer-id-1796287' id='answer-label-1796287' class=' answer'><span>Create an IAM policy with a minimum password length condition.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-20' style=';'><div id='questionWrap-20'  class='   watupro-question-id-464760'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>20. <\/span>A security engineer needs to implement a solution to identify any sensitive data that is stored in an Amazon S3 bucket. The solution must report on sensitive data in the S3 bucket by using an existing Amazon Simple Notification Service (Amazon SNS) topic. <br \/>\r<br>Which solution will meet these requirements with the LEAST implementation effort?<\/div><input type='hidden' name='question_id[]' id='qID_20' value='464760' \/><input type='hidden' id='answerType464760' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464760[]' id='answer-id-1796288' class='answer   answerof-464760 ' value='1796288'   \/><label for='answer-id-1796288' id='answer-label-1796288' class=' answer'><span>Enable AWS Config. Configure AWS Config to monitor for sensitive data in the S3 bucket and to send notifications to the SNS topic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464760[]' id='answer-id-1796289' class='answer   answerof-464760 ' value='1796289'   \/><label for='answer-id-1796289' id='answer-label-1796289' class=' answer'><span>Create an AWS Lambda function to scan the S3 bucket for sensitive data that matches a pattern. \r\nProgram the Lambda function to send notifications to the SNS topic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464760[]' id='answer-id-1796290' class='answer   answerof-464760 ' value='1796290'   \/><label for='answer-id-1796290' id='answer-label-1796290' class=' answer'><span>Configure Amazon Macie to use managed data identifiers to identify and categorize sensitive data. \r\nCreate an Amazon EventBridge rule to send notifications to the SNS topic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-464760[]' id='answer-id-1796291' class='answer   answerof-464760 ' value='1796291'   \/><label for='answer-id-1796291' id='answer-label-1796291' class=' answer'><span>Enable Amazon GuardDuty. Configure AWS CloudTrail S3 data events. Create an Amazon \r\nCloudWatch alarm that reacts to GuardDuty findings and sends notifications to the SNS topic.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div style='display:none' id='question-21'>\n\t<div class='question-content'>\n\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\" alt=\"Loading...\" title=\"Loading...\" \/>&nbsp;Loading...\t<\/div>\n<\/div>\n\n<br \/>\n\t\n\t\t\t<div class=\"watupro_buttons flex \" id=\"watuPROButtons11861\" >\n\t\t  <div id=\"prev-question\" style=\"display:none;\"><input type=\"button\" value=\"&lt; Previous\" onclick=\"WatuPRO.nextQuestion(event, 'previous');\"\/><\/div>\t\t  \t\t  \t\t   \n\t\t   \t  \t\t<div><input type=\"button\" name=\"action\" class=\"watupro-submit-button\" onclick=\"WatuPRO.submitResult(event)\" id=\"action-button\" value=\"View Results\"  \/>\n\t\t<\/div>\n\t\t<\/div>\n\t\t\n\t<input type=\"hidden\" name=\"quiz_id\" value=\"11861\" id=\"watuPROExamID\"\/>\n\t<input type=\"hidden\" name=\"start_time\" id=\"startTime\" value=\"2026-05-25 04:15:41\" \/>\n\t<input type=\"hidden\" name=\"start_timestamp\" id=\"startTimeStamp\" value=\"1779682541\" \/>\n\t<input type=\"hidden\" name=\"question_ids\" value=\"\" \/>\n\t<input type=\"hidden\" name=\"watupro_questions\" value=\"464741:1796201,1796202,1796203,1796204 | 464742:1796205,1796206,1796207,1796208 | 464743:1796209,1796210,1796211,1796212 | 464744:1796213,1796214,1796215,1796216,1796217,1796218 | 464745:1796219,1796220,1796221,1796222 | 464746:1796223,1796224,1796225,1796226 | 464747:1796227,1796228,1796229,1796230 | 464748:1796231,1796232,1796233,1796234,1796235,1796236 | 464749:1796237,1796238,1796239,1796240,1796241,1796242 | 464750:1796243,1796244,1796245,1796246 | 464751:1796247,1796248,1796249,1796250 | 464752:1796251,1796252,1796253,1796254 | 464753:1796255,1796256,1796257,1796258 | 464754:1796259,1796260,1796261,1796262 | 464755:1796263,1796264,1796265,1796266,1796267,1796268 | 464756:1796269,1796270,1796271,1796272 | 464757:1796273,1796274,1796275,1796276,1796277,1796278 | 464758:1796279,1796280,1796281,1796282 | 464759:1796283,1796284,1796285,1796286,1796287 | 464760:1796288,1796289,1796290,1796291\" \/>\n\t<input type=\"hidden\" name=\"no_ajax\" value=\"0\">\t\t\t<\/form>\n\t<p>&nbsp;<\/p>\n<\/div>\n\n<script type=\"text\/javascript\">\n\/\/jQuery(document).ready(function(){\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \t\nvar question_ids = \"464741,464742,464743,464744,464745,464746,464747,464748,464749,464750,464751,464752,464753,464754,464755,464756,464757,464758,464759,464760\";\nWatuPROSettings[11861] = {};\nWatuPRO.qArr = question_ids.split(',');\nWatuPRO.exam_id = 11861;\t    \nWatuPRO.post_id = 123070;\nWatuPRO.store_progress = 0;\nWatuPRO.curCatPage = 1;\nWatuPRO.requiredIDs=\"0\".split(\",\");\nWatuPRO.hAppID = \"0.82520500 1779682541\";\nvar url = \"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/show_exam.php\";\nWatuPRO.examMode = 1;\nWatuPRO.siteURL=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-admin\/admin-ajax.php\";\nWatuPRO.emailIsNotRequired = 0;\nWatuPROIntel.init(11861);\nWatuPRO.inCategoryPages=1;});    \t \n<\/script>\n","protected":false},"excerpt":{"rendered":"<p>The Amazon SCS-C03 dumps (V11.02) from DumpsBase serve as a reliable study guide for the AWS Certified Security &#8211; Specialty exam, helping you succeed in 2026. Verify the quality by reading our SCS-C03 free dumps (Part 1, Q1-Q40) of V11.02\u2014you&#8217;ll find real exam questions with verified answers and detailed explanations that ensure a thorough understanding [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[175,15758],"tags":[20735],"class_list":["post-123070","post","type-post","status-publish","format-standard","hentry","category-amazon","category-aws-certified-specialty","tag-scs-c03"],"_links":{"self":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/123070","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/comments?post=123070"}],"version-history":[{"count":2,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/123070\/revisions"}],"predecessor-version":[{"id":123072,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/123070\/revisions\/123072"}],"wp:attachment":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/media?parent=123070"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/categories?post=123070"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/tags?post=123070"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}