Free Amazon SCS-C03 Exam Questions
Try our Free Demo Practice Tests for Comprehensive SCS-C03 Exam Preparation
-
Amazon SCS-C03 Exam Questions
-
Provided By: Amazon
- Exam: AWS Certified Security - Specialty
- Certification: AWS Certified Security
-
Total Questions: 178
-
Updated On: May 24, 2026
-
Rated: 4.9 |
-
Online Users: 356
-
Question 1
-
A company is running a new workload across accounts in an organization in AWS Organizations. All running
resources must have a tag of CostCenter, and the tag must have one of three approved values. The company
must enforce this policy and must prevent any changes of the CostCenter tag to a non-approved value.
Which solution will meet these requirements?
Answer: C
-
A company is running a new workload across accounts in an organization in AWS Organizations. All running
resources must have a tag of CostCenter, and the tag must have one of three approved values. The company
must enforce this policy and must prevent any changes of the CostCenter tag to a non-approved value.
Which solution will meet these requirements?
-
Question 2
-
A company is building a secure solution that relies on an AWS Key Management Service (AWS KMS)
customer managed key. The company wants to allow AWS Lambda to use the KMS key. However, the
company wants to prevent Amazon EC2 from using the key.
Which solution will meet these requirements?
Answer: B
-
A company is building a secure solution that relies on an AWS Key Management Service (AWS KMS)
customer managed key. The company wants to allow AWS Lambda to use the KMS key. However, the
company wants to prevent Amazon EC2 from using the key.
Which solution will meet these requirements?
-
Question 3
-
A company uses an organization in AWS Organizations to manage multiple AWS accounts. The company
wants to centrally give users the ability to access Amazon Q Developer.
Which solution will meet this requirement?
Answer: A
-
A company uses an organization in AWS Organizations to manage multiple AWS accounts. The company
wants to centrally give users the ability to access Amazon Q Developer.
Which solution will meet this requirement?
-
Question 4
-
A development team is creating an open source toolset to manage a companys software as a service(SaaS) application. The company stores the code in a public repository so that anyone can view anddownload the toolsets code. The company discovers that the code contains an IAM access key andsecret key that provide access to internal resources in the company's AWS environment. A securityengineer must implement a solution to identify whether unauthorized usage of the exposedcredentials has occurred. The solution also must prevent any additional usage of the exposedcredentials.Which combination of steps will meet these requirements? (Select TWO.)
Answer: B,E
-
A development team is creating an open source toolset to manage a companys software as a service(SaaS) application. The company stores the code in a public repository so that anyone can view anddownload the toolsets code. The company discovers that the code contains an IAM access key andsecret key that provide access to internal resources in the company's AWS environment. A securityengineer must implement a solution to identify whether unauthorized usage of the exposedcredentials has occurred. The solution also must prevent any additional usage of the exposedcredentials.Which combination of steps will meet these requirements? (Select TWO.)
-
Question 5
-
A company runs an application on an Amazon EC2 instance. The application generates invoices and stores
them in an Amazon S3 bucket. The instance profile that is attached to the instance has appropriate access to
the S3 bucket. The company needs to share each invoice with multiple clients that do not have AWS
credentials. Each client must be able to download only the client's own invoices. Clients must download their
invoices within 1 hour of invoice creation. Clients must use only temporary credentials to access the
company's AWS resources.
Which additional step will meet these requirements?
Answer: B
-
A company runs an application on an Amazon EC2 instance. The application generates invoices and stores
them in an Amazon S3 bucket. The instance profile that is attached to the instance has appropriate access to
the S3 bucket. The company needs to share each invoice with multiple clients that do not have AWS
credentials. Each client must be able to download only the client's own invoices. Clients must download their
invoices within 1 hour of invoice creation. Clients must use only temporary credentials to access the
company's AWS resources.
Which additional step will meet these requirements?