Free Amazon SCS-C02 Exam Questions

Become Amazon Certified with updated SCS-C02 exam questions and correct answers

Page:    1 / 105      
Total 522 Questions | Updated On: Mar 27, 2025
Add To Cart
Question 1

A company's IAM account consists of approximately 300 IAM users. Now there is a mandate that an access change is required for 100 IAM users to have unlimited privileges to S3.As a system administrator, how can you implement this effectively so that there is no need to apply the policy at the individual user level? Please select:


Answer: B
Question 2

A new employee is joining a security team. The employee initially requires access to manage Amazon DynamoDB, Amazon RDS, and Amazon CloudWatch. All security team members are added to the security team IAM group that provides additional permissions to manage all other AWS services.
The team lead wants to limit the permissions the new employee has access to until the employee takes on additional responsibilities, and then be able to easily add permissions as required, eventually providing the same access as all other security team employees.
How can the team lead limit the permissions assigned to the new user account whilst minimizing complexity?


Answer: A
Question 3

A company has configured federation between an on-premises identity provider (IdP) and AWS. Developers authenticate into an identity account and assume an IAM role named IdPUsersRole. The developers then access a production account by assuming a role named ProdDevRole in the production account.
Developers are unable to assume the IAM role in the production account. The policy attached to the role in the identity account is:
2023-01-05-03-21-58-1df8c3f4bcc13f6e7590603358e86056
What needs to be done to enable the developers to assume the appropriate role in the production account?


Answer: D
Question 4

A company has an encrypted Amazon Aurora DB cluster in the us-east-1 Region. The DB cluster is encrypted with an AWS Key Management Service (AWS KMS) customer managed key. To meet compliance requirements, the company needs to copy a DB snapshot to the us-west-1 Region. However, when the company tries to copy the snapshot to us-west-1 the company cannot access the key that was used to encrypt the original database. What should the company do to set up the snapshot in us-west-1 with proper encryption?


Answer: B
Question 5

A company has two VPCs in the same AWS Region and in the same AWS account Each VPC uses a CIDR block that does not overlap with the CIDR block of the other VPC One VPC contains AWS Lambda functions that run inside a subnet that accesses the internet through a NAT gateway. The Lambda functions require access to a publicly accessible Amazon Aurora MySQL database that is running in the other VPC A security engineer determines that the Aurora database uses a security group rule that allows connections from the NAT gateway IP address that the Lambda functions use. The company's security policy states that no database should be publicly accessible. What is the MOST secure way that the security engineer can provide the Lambda functions with access to the Aurora database?


Answer: B
Page:    1 / 105      
Total 522 Questions | Updated On: Mar 27, 2025
Add To Cart

© Copyrights DumpsCertify 2025. All Rights Reserved

We use cookies to ensure your best experience. So we hope you are happy to receive all cookies on the DumpsCertify.