Free Access Amazon.SCS-C01.v2022-07-23.q183 Practice Test (Page 2)

Question 1

A corporate cloud security policy states that communications between the company's VPC and KMS must travel entirely within the AWS network and not use public service endpoints.
Which combination of the following actions MOST satisfies this requirement? (Choose two.)

A.Add the aws:sourceVpce condition to the AWS KMS key policy referencing the company's VPC endpoint ID.

B.Remove the VPC internet gateway from the VPC and add a virtual private gateway to the VPC to prevent direct, public internet connectivity.

C.Create a VPC endpoint for AWS KMS with private DNS enabled.

D.Use the KMS Import Key feature to securely transfer the AWS KMS key over a VPN.

E.Add the following condition to the AWS KMS key policy: "aws:SourceIp": "10.0.0.0/16".

Question 2

A company hosts critical data in an S3 bucket. Even though they have assigned the appropriate permissions to the bucket, they are still worried about data deletion. What measures can be taken to restrict the risk of data deletion on the bucket. Choose 2 answers from the options given below Please select:

A.Enable versioning on the S3 bucket

B.Enable data at rest for the objects in the bucket

C.Enable MFA Delete in the bucket policy

D.Enable data in transit for the objects in the bucket

Question 3

You have an S3 bucket hosted in AWS. This is used to host promotional videos uploaded by yourself. You need to provide access to users for a limited duration of time. How can this be achieved?
Please select:

A.Use versioning and enable a timestamp for each version

B.Use Pre-signed URL's

C.Use IAM Roles with a timestamp to limit the access

D.Use IAM policies with a timestamp to limit the access

Question 4

An organization has a multi-petabyte workload that it is moving to Amazon S3, but the CISO is concerned about cryptographic wear-out and the blast radius if a key is compromised. How can the CISO be assured that AWS KMS and Amazon S3 are addressing the concerns? (Select TWO )

A.Using a single master key to encrypt all data includes having a single place to perform audits and usage validation.

B.The KMS encryption envelope digitally signs the master key during encryption to prevent cryptographic wear-out

C.Encryption of S3 objects is performed within the secure boundary of the KMS service.

D.There is no API operation to retrieve an S3 object in its encrypted form.

E.S3 uses KMS to generate a unique data key for each individual object.

Question 5

A water utility company uses a number of Amazon EC2 instances to manage updates to a fleet of 2,000 Internet of Things (IoT) field devices that monitor water quality. These devices each have unique access credentials.
An operational safety policy requires that access to specific credentials is independently auditable.
What is the MOST cost-effective way to manage the storage of credentials?

A.Use AWS Systems Manager to store the credentials as Secure Strings Parameters. Secure by using an AWS KMS key.

B.Use AWS Key Management System to store a master key, which is used to encrypt the credentials. The encrypted credentials are stored in an Amazon RDS instance.

C.Use AWS Secrets Manager to store the credentials.

D.Store the credentials in a JSON file on Amazon S3 with server-side encryption.

Other Version: 2402Amazon.SCS-C01.v2024-04-28.q455; 4731Amazon.SCS-C01.v2023-11-28.q513; 3943Amazon.SCS-C01.v2022-12-23.q273; 8580Amazon.SCS-C01.v2022-05-08.q476; 83Amazon.Prepawaytest.SCS-C01.v2021-09-29.by.norton.139q.pdf

Latest Upload: 200PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 292Nokia.4A0-113.v2026-05-01.q69; 251EC-COUNCIL.312-49v11.v2026-04-30.q214; 227Microsoft.MB-820.v2026-04-30.q101; 207Salesforce.MC-202.v2026-04-30.q57; 204BICSI.INSTC_V8.v2026-04-29.q53; 332NMLS.MLO.v2026-04-28.q82; 241NCARB.Project-Management.v2026-04-28.q27; 457EMC.D-AV-DY-23.v2026-04-27.q184; 1109ServiceNow.CSA.v2026-04-27.q483

Question 1

Question 2

Question 3

Question 4

Question 5

Download PDF File