Free SCS-C02 Mock Exam – Practice Online Confidently

A company stores sensitive documents in Amazon S3 by using server-side encryption with an IAM Key Management Service (IAM KMS) CMK. A new requirement mandates that the CMK that is used for these documents can be used only for S3 actions. Which statement should the company add to the key policy to meet this requirement?  

A business requires a forensic logging solution for hundreds of Docker-based apps running on Amazon EC2. The solution must analyze logs in real time, provide message replay, and persist logs. Which Amazon Web Offerings (IAM) services should be employed to satisfy these requirements? (Select two.) 

A company's data scientists want to create artificial intelligence and machine learning (AI/ML) training models by using Amazon SageMaker. The training models will use large datasets in an Amazon S3 bucket. The datasets contain sensitive information. On average. the data scientists need 30 days to train models. The S3 bucket has been secured appropriately The companfs data retention policy states that all data that is older than 45 days must be removed from the S3 bucket. Which action should a security engineer take to enforce this data retention policy? 

An administrative user accidentally exposed an access key ID and secret access key to a public support forum. The user notified the security team about the incident after removing the exposed credentials from the forum.Which initial steps should a security engineer take to mitigate the exposure without interrupting operations? (Select TWO.) 

A company has an application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Amazon EC2 Auto Scaling group and are attached to Amazon Elastic Blodfc Store (Amazon EBS) volumes. A security engineer needs to preserve all forensic evidence from one of the instances. Which order of steps should the security engineer use to meet this requirement?