SCS-C03 Free Practice Test

A company needs to identify the root cause of security findings and investigate IAM roles involved in those findings. The company has enabled VPC Flow Logs, Amazon GuardDuty, and AWS CloudTrail.
Which solution will meet these requirements?

1. A. Use Amazon Detective to investigate IAM roles and visualize findings.
2. B. Use Amazon Inspector and CloudWatch dashboards.
3. C. Export GuardDuty findings to S3 and analyze with Athena.
4. D. Use Security Hub custom actions to investigate IAM roles.

Correct Answer: A

A company??s web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) in an Auto Scaling group. An AWS WAF web ACL is associated with the ALB. Instance logs are lost after reboots. The operations team suspects malicious activity targeting a specific PHP file.
Which set of actions will identify the suspect attacker??s IP address for future occurrences?

1. A. Configure VPC Flow Logs and search for PHP file activity.
2. B. Install the CloudWatch agent on the ALB and export application logs.
3. C. Export ALB access logs to Amazon OpenSearch Service and search them.
4. D. Configure the web ACL to send logs to Amazon Kinesis Data Firehos
5. E. Deliver logs to Amazon S3 and query them with Amazon Athena.

Correct Answer: D

A company runs a web application on a fleet of Amazon EC2 instances in an Auto Scaling group. Amazon GuardDuty and AWS Security Hub are enabled. The security engineer needs an automated response to anomalous traffic that follows AWS best practices and minimizes application disruption.
Which solution will meet these requirements?

1. A. Use EventBridge to disable the instance profile access keys.
2. B. Use EventBridge to invoke a Lambda function that removes the affected instance from the Auto Scaling group and isolates it with a restricted security group.
3. C. Use Security Hub to update the subnet network ACL to block traffic.
4. D. Send GuardDuty findings to Amazon SNS for email notification.

Correct Answer: B

A security engineer needs to prepare Amazon EC2 instances for quarantine during a security incident. AWS Systems Manager Agent (SSM Agent) is installed, and a script exists to install and update forensic tools.
Which solution will quarantine EC2 instances during a security incident?

1. A. Track SSM Agent versions with AWS Config.
2. B. Configure Session Manager to deny external connections.
3. C. Store the script in Amazon S3 and grant read access.
4. D. Configure IAM permissions for the SSM Agent to run the script as a Systems Manager Run Command document.

Correct Answer: D

A company is operating an open-source software platform that is internet facing. The legacy software platform no longer receives security updates. The software platform operates using Amazon Route 53 weighted load balancing to send traffic to two Amazon EC2 instances that connect to an Amazon RDS cluster. A recent report suggests this software platform is vulnerable to SQL injection attacks, with samples of attacks provided. The company's security engineer must secure this system against SQL injection attacks within 24 hours. The solution must involve the least amount of effort and maintain normal operations during implementation.
What should the security engineer do to meet these requirements?

1. A. Create an Application Load Balancer with the existing EC2 instances as a target grou
2. B. Create an AWS WAF web ACL containing rules that protect the application from this attack, then apply it to the AL
3. C. Test to ensure the vulnerability has been mitigated, then redirect the Route 53 records to point to the AL
4. D. Update security groups on the EC2 instances to prevent direct access from the internet.
5. E. Create an Amazon CloudFront distribution specifying one EC2 instance as an origi
6. F. Create an AWS WAF web ACL containing rules that protect the application from this attack, then apply it to the distributio
7. G. Test to ensure the vulnerability has been mitigated, then redirect the Route 53 records to point to CloudFront.
8. H. Obtain the latest source code for the platform and make the necessary update
9. I. Test the updated code to ensure that the vulnerability has been mitigated, then deploy the patched version of the platform to the EC2 instances.
10. J. Update the security group that is attached to the EC2 instances, removing access from the internet to the TCP port used by the SQL databas
11. K. Create an AWS WAF web ACL containing rules that protect the application from this attack, then apply it to the EC2 instances.

Correct Answer: A