AWS Certified Security Specialty SCS-C03 Questions And Answers.
A managed service that makes it easy for you to create and control the encryption keys
used to encrypt your data. - Answer -AWS KMS
A paid service that provides detailed attack diagnostics and the ability to detect and
mitigate sophisticated DDoS attacks. - Answer -AWS Shield Advanced
A service that provides intelligent threat detection for your AWS infrastructure and
resources. It identifies threats by continuously monitoring the network activity and
account behavior within your AWS environment. - Answer -Amazon GuardDuty
A service that collects log data from your AWS resources and uses machine learning,
statistical analysis, and graph theory to build a linked set of data that enables you to
easily conduct faster and more efficient security investigations. - Answer -Amazon
Detective
A CMK that is created and managed by AWS services integrated with KMS. - Answer -
AWS Managed CMK
A service that provides a comprehensive view of your security posture within AWS as
well as your compliance with security industry standards and best practices. - Answer -
AWS Security Hub
A process that converts highly sensitive data such as credit card numbers or health care
data into a token - Answer -Tokenization
Which Amazon EC2 feature allows customers to run a tokenization process that
securely converts highly sensitive data such as credit card numbers or health care
data? - Answer -Nitro Enclaves
Which CloudTrail feature can you enable to protect your CloudTrail Logs from being
tampered and from unauthorized access? - Answer -CloudTrail log file validation
A feature that identifies unintended network access to your resources on AWS - Answer
-Network Access Analyzer
A service that helps you to continuously audit your AWS usage to simplify how you
assess risk and compliance with regulations and industry standards. - Answer -AWS
Audit Manager
Which service can you use to automate the detection of common vulnerabilities and
exposures (CVE), software vulnerabilities and unintended network exposure by
continually scanning your Amazon EC2 instances, AWS Lambda functions, and
container workloads? - Answer -Amazon Inspector
Generates IAM policies based on access activity in your AWS CloudTrail logs.
Identifying resources shared with an external entity. - Answer -IAM Access Analyzer
, AWS Certified Security Specialty SCS-C03 Questions And Answers.
Helps you detect and receive alerts on abnormal or sudden spending increases in your
AWS account. - Answer -AWS Cost Anomaly Detection
An SCP named ________ is attached by default to every organization root, OU, and
account in AWS Organizations which allows all actions and all services. - Answer -
FullAWSAccess
A service that allows you to securely create or connect your workforce identities and
manage their access centrally across AWS accounts and application - Answer -AWS
IAM Identity Center
A feature in Amazon S3 that allows you to store objects using a write-once-read-many
(WORM) model. - Answer -S3 Object Lock
A type of S3 Object Lock where the lock has a fixed period of time. - Answer -Retention
Period
A type of S3 Object Lock where the lock remains in place until you explicitly remove it. -
Answer -Legal Hold
A CloudFront feature that allows customers to easily secure their S3 origins by
permitting only designated CloudFront distributions to access their S3 buckets using
short-term credentials. - Answer -Origin Access Control
It is a unified tool to manage your AWS services. With just one tool to download and
configure, you can control multiple AWS services from the command line and automate
them through scripts. - Answer -AWS Command Line Interface
It is a set of platform-specific building tools for developers. You require components like
debuggers, compilers, and libraries to create code that runs on a specific platform,
operating system, or programming language. - Answer -AWS Software Development
Kits (SDKs)
It is a web application that comprises and refers to a broad collection of service
consoles for managing AWS resources. - Answer -AWS Management Console
An AWS service that helps you enable operational and risk auditing, governance, and
compliance of your AWS account. - Answer -AWS CloudTrail
A service that monitors applications, responds to performance changes, optimizes
resource use, and provides insights into operational health. - Answer -Amazon
CloudWatch
Provides a detailed view of the configuration of AWS resources in your AWS account. -
Answer -AWS Config
A managed service that makes it easy for you to create and control the encryption keys
used to encrypt your data. - Answer -AWS KMS
A paid service that provides detailed attack diagnostics and the ability to detect and
mitigate sophisticated DDoS attacks. - Answer -AWS Shield Advanced
A service that provides intelligent threat detection for your AWS infrastructure and
resources. It identifies threats by continuously monitoring the network activity and
account behavior within your AWS environment. - Answer -Amazon GuardDuty
A service that collects log data from your AWS resources and uses machine learning,
statistical analysis, and graph theory to build a linked set of data that enables you to
easily conduct faster and more efficient security investigations. - Answer -Amazon
Detective
A CMK that is created and managed by AWS services integrated with KMS. - Answer -
AWS Managed CMK
A service that provides a comprehensive view of your security posture within AWS as
well as your compliance with security industry standards and best practices. - Answer -
AWS Security Hub
A process that converts highly sensitive data such as credit card numbers or health care
data into a token - Answer -Tokenization
Which Amazon EC2 feature allows customers to run a tokenization process that
securely converts highly sensitive data such as credit card numbers or health care
data? - Answer -Nitro Enclaves
Which CloudTrail feature can you enable to protect your CloudTrail Logs from being
tampered and from unauthorized access? - Answer -CloudTrail log file validation
A feature that identifies unintended network access to your resources on AWS - Answer
-Network Access Analyzer
A service that helps you to continuously audit your AWS usage to simplify how you
assess risk and compliance with regulations and industry standards. - Answer -AWS
Audit Manager
Which service can you use to automate the detection of common vulnerabilities and
exposures (CVE), software vulnerabilities and unintended network exposure by
continually scanning your Amazon EC2 instances, AWS Lambda functions, and
container workloads? - Answer -Amazon Inspector
Generates IAM policies based on access activity in your AWS CloudTrail logs.
Identifying resources shared with an external entity. - Answer -IAM Access Analyzer
, AWS Certified Security Specialty SCS-C03 Questions And Answers.
Helps you detect and receive alerts on abnormal or sudden spending increases in your
AWS account. - Answer -AWS Cost Anomaly Detection
An SCP named ________ is attached by default to every organization root, OU, and
account in AWS Organizations which allows all actions and all services. - Answer -
FullAWSAccess
A service that allows you to securely create or connect your workforce identities and
manage their access centrally across AWS accounts and application - Answer -AWS
IAM Identity Center
A feature in Amazon S3 that allows you to store objects using a write-once-read-many
(WORM) model. - Answer -S3 Object Lock
A type of S3 Object Lock where the lock has a fixed period of time. - Answer -Retention
Period
A type of S3 Object Lock where the lock remains in place until you explicitly remove it. -
Answer -Legal Hold
A CloudFront feature that allows customers to easily secure their S3 origins by
permitting only designated CloudFront distributions to access their S3 buckets using
short-term credentials. - Answer -Origin Access Control
It is a unified tool to manage your AWS services. With just one tool to download and
configure, you can control multiple AWS services from the command line and automate
them through scripts. - Answer -AWS Command Line Interface
It is a set of platform-specific building tools for developers. You require components like
debuggers, compilers, and libraries to create code that runs on a specific platform,
operating system, or programming language. - Answer -AWS Software Development
Kits (SDKs)
It is a web application that comprises and refers to a broad collection of service
consoles for managing AWS resources. - Answer -AWS Management Console
An AWS service that helps you enable operational and risk auditing, governance, and
compliance of your AWS account. - Answer -AWS CloudTrail
A service that monitors applications, responds to performance changes, optimizes
resource use, and provides insights into operational health. - Answer -Amazon
CloudWatch
Provides a detailed view of the configuration of AWS resources in your AWS account. -
Answer -AWS Config
