Become Amazon Certified with updated SCS-C02 exam questions and correct answers
A company wants to deploy a distributed web application on a fleet of EC2 instances. The fleet will be fronted
by a Classic Load Balancer that will be configured to terminate the TLS connection The company wants to
make sure that all past and current TLS traffic to the Classic Load Balancer stays secure even if the certificate
private key is leaked.
To ensure the company meets these requirements, a Security Engineer can configure a Classic Load Balancer
with:
A company needs to implement DNS Security Extensions (DNSSEC) for a specific subdomain. The
subdomain is already registered with Amazon Route 53. A security engineer has enabled DNSSEC signing
and has created a key-signing key (KSK). When the security engineer tries to test the configuration, the
security engineer receives an error for a broken trust chain.
What should the security engineer do to resolve this error?
A company wants to start processing sensitive data on Amazon EC2 instances. The company will use Amazon CloudWatch Logs to monitor, store, and access log files from the EC2 instances. The company's developers use CloudWatch Logs for troubleshooting. A security engineer must implement a solution that prevents the developers from viewing the sensitive data The solution must automatically apply to any new log groups that are created in the account in the future. Which solution will meet these requirements?
A company's security engineer is developing an incident response plan to detect suspicious activity in an AWS
account for VPC hosted resources. The security engineer needs to provide visibility for as many AWS Regions
as possible. Which combination of steps will meet these requirements MOST cost-effectively? (Select TWO.)
© Copyrights DumpsCertify 2025. All Rights Reserved
We use cookies to ensure your best experience. So we hope you are happy to receive all cookies on the DumpsCertify.