Free SCS-C01 Exam Braindumps

- (Exam Topic 3)
You are trying to use the AWS Systems Manager run command on a set of Instances. The run command on a set of Instances. What can you do to diagnose the issue? Choose 2 answers from the options given
Please select:

1. A. Ensure that the SSM agent is running on the target machine
2. B. Check the /var/log/amazon/ssm/errors.log file
3. C. Ensure the right AMI is used for the Instance
4. D. Ensure the security groups allow outbound communication for the instance

Correct Answer: AB
The AWS Documentation mentions the following
If you experience problems executing commands using Run Command, there might be a problem with the SSM Agent. Use the following information to help you troubleshoot the agent
View Agent Logs
The SSM Agent logs information in the following files. The information in these files can help you troubleshoot problems.
On Windows
%PROGRAMDATA%\Amazon\SSM\Logs\amazon-ssm-agent.log
%PROGRAMDATA%\Amazon\SSM\Logs\error.log
The default filename of the seelog is seelog-xml.template. If you modify a seelog, you must rename the file to seelog.xml.
On Linux
/var/log/amazon/ssm/amazon-ssm-agentlog /var/log/amazon/ssm/errors.log
Option C is invalid because the right AMI has nothing to do with the issues. The agent which is used to execute run commands can run on a variety of AMI'S
Option D is invalid because security groups does not come into the picture with the communication between the agent and the SSM service
For more information on troubleshooting AWS SSM, please visit the following URL: https://docs.aws.amazon.com/systems-manaeer/latest/userguide/troubleshootine-remote-commands.htmll The correct answers are: Ensure that the SSM agent is running on the target machine. Check the
/var/log/amazon/ssm/errors.log file
Submit your Feedback/Queries to our Experts

- (Exam Topic 3)
Developers in an organization have moved from a standard application deployment to containers. The Security Engineer is tasked with ensuring that the containers are secure. Which strategies will reduce the attack surface and enhance the security of the containers? (Select TWO.)

1. A. Use the containers to automate security deployments.
2. B. Limit resource consumption (CPU, memory), networking connections, ports, and unnecessary container libraries.
3. C. Segregate containers by host, function, and data classification.
4. D. Use Docker Notary framework to sign task definitions.
5. E. Enable container breakout at the host kernel.

Correct Answer: AC

- (Exam Topic 1)
An application is currently secured using network access control lists and security groups. Web servers are located in public subnets behind an Application Load Balancer (ALB); application servers are located in private subnets.
How can edge security be enhanced to safeguard the Amazon EC2 instances against attack? (Choose two.)

1. A. Configure the application’s EC2 instances to use NAT gateways for all inbound traffic.
2. B. Move the web servers to private subnets without public IP addresses.
3. C. Configure AWS WAF to provide DDoS attack protection for the ALB.
4. D. Require all inbound network traffic to route through a bastion host in the private subnet.
5. E. Require all inbound and outbound network traffic to route through an AWS Direct Connect connection.

Correct Answer: BC

- (Exam Topic 3)
You have private video content in S3 that you want to serve to subscribed users on the Internet. User IDs, credentials, and subscriptions are stored in an Amazon RDS database. Which configuration will allow you to securely serve private content to your users?
Please select:

1. A. Generate pre-signed URLs for each user as they request access to protected S3 content
2. B. Create an IAM user for each subscribed user and assign the GetObject permission to each IAM user
3. C. Create an S3 bucket policy that limits access to your private content to only your subscribed users'credentials
4. D. Crpafp a Cloud Front Clriein Identity user for vnur suhsrrihprl users and assign the GptOhiprt oprmissinn to this user

Correct Answer: A
All objects and buckets by default are private. The pre-signed URLs are useful if you want your user/customer to be able upload a specific object to your bucket but you don't require them to have AWS security credentials or permissions. When you create a pre-signed URL, you must provide your security credentials, specify a bucket name, an object key, an HTTP method (PUT for uploading objects), and an expiration date and time. The pre-signed URLs are valid only for the specified duration.
Option B is invalid because this would be too difficult to implement at a user level. Option C is invalid because this is not possible
Option D is invalid because this is used to serve private content via Cloudfront For more information on pre-signed urls, please refer to the Link:
http://docs.aws.amazon.com/AmazonS3/latest/dev/PresienedUrlUploadObiect.htmll
The correct answer is: Generate pre-signed URLs for each user as they request access to protected S3 content Submit your Feedback/Queries to our Experts

- (Exam Topic 3)
Your company is planning on AWS on hosting its AWS resources. There is a company policy which mandates that all security keys are completely managed within the company itself. Which of the following is the correct measure of following this policy?
Please select:

1. A. Using the AWS KMS service for creation of the keys and the company managing the key lifecycle thereafter.
2. B. Generating the key pairs for the EC2 Instances using puttygen
3. C. Use the EC2 Key pairs that come with AWS
4. D. Use S3 server-side encryption

Correct Answer: B
y ensuring that you generate the key pairs for EC2 Instances, you will have complete control of the access keys.
Options A,C and D are invalid because all of these processes means that AWS has ownership of the keys. And the question specifically mentions that you need ownership of the keys
For information on security for Compute Resources, please visit the below URL: https://d1.awsstatic.com/whitepapers/Security/Security Compute Services Whitepaper.pdfl
The correct answer is: Generating the key pairs for the EC2 Instances using puttygen Submit your Feedback/Queries to our Experts