Become Amazon Certified with updated SCS-C02 exam questions and correct answers
A company has hundreds of AWS accounts in an organization in AWS Organizations. The company operates
out of a single AWS Region. The company has a dedicated security tooling AWS account in the organization.
The security tooling account is configured as the organization's delegated administrator for Amazon
GuardDuty and AWS Security Hub. The company has configured the environment to automatically enable
GuardDuty and Security Hub for existing AWS accounts and new AWS accounts.
The company is performing control tests on specific GuardDuty findings to make sure that the company's
security team can detect and respond to security events. The security team launched an Amazon EC2 instance
and attempted to run DNS requests against a test domain, example.com, to generate a DNS finding. However,
the GuardDuty finding was never created in the Security Hub delegated administrator account.
Why was the finding was not created in the Security Hub delegated administrator account?
A company wants to start processing sensitive data on Amazon EC2 instances. The company will use Amazon CloudWatch Logs to monitor, store, and access log files from the EC2 instances. The company's developers use CloudWatch Logs for troubleshooting. A security engineer must implement a solution that prevents the developers from viewing the sensitive data The solution must automatically apply to any new log groups that are created in the account in the future. Which solution will meet these requirements?
A company uses AWS Organizations and has production workloads across multiple AWS accounts. A security
engineer needs to design a solution that will proactively monitor for suspicious behavior across all the
accounts that contain production workloads.
The solution must automate remediation of incidents across the production accounts. The solution also must
publish a notification to an Amazon Simple Notification Service (Amazon SNS) topic when a critical security
finding is detected. In addition, the solution must send all security incident logs to a dedicated account.
Which solution will meet these requirements?
A security engineer needs to see up an Amazon CloudFront distribution for an Amazon S3 bucket that hosts a
static website. The security engineer must allow only specified IP addresses to access the website. The security
engineer also must prevent users from accessing the website directly by using S3 URLs.
Which solution will meet these requirements?
A company's security engineer is developing an incident response plan to detect suspicious activity in an AWS
account for VPC hosted resources. The security engineer needs to provide visibility for as many AWS Regions
as possible. Which combination of steps will meet these requirements MOST cost-effectively? (Select TWO.)
© Copyrights DumpsCertify 2025. All Rights Reserved
We use cookies to ensure your best experience. So we hope you are happy to receive all cookies on the DumpsCertify.