QUESTION N° 1

A company requires that SSH commands used to access its AWS instance be traceable to the user who executed each command.

How should a Security Engineer accomplish this?

A. Allow inbound access on port 22 at the security group attached to the instance. Use AWS Systems Manager Session Manager for shell access to Amazon EC2 instances with the user tag defined. Enable Amazon CloudWatch logging for Systems Manager sessions.

B. Use Amazon S3 to securely store one Privacy Enhanced Mail Certificate (PEM file) for each user. Allow Amazon EC2 to read from Amazon S3 and import every user that wants to use SSH to access EC2 instances. Allow inbound access on port 22 at the security group attached to the instance. Install the Amazon CloudWatch agent on the EC2 instance and configure it to ingest audit logs for the instance.

C. Deny inbound access on port 22 at the security group attached to the instance. Use AWS Systems Manager Session Manager for shell access to Amazon EC2 instances with the user tag defined. Enable Amazon CloudWatch logging for Systems Manager sessions.

D. Use Amazon S3 to securely store one Privacy Enhanced Mail Certificate (PEM file) for each team or group. Allow Amazon EC2 to read from Amazon S3 and import every user that wants to use SSH to access EC2 instances. Allow inbound access on port 22 at the security group attached to the instance. Install the Amazon CloudWatch agent on the EC2 instance and configure it to ingest audit logs for the instance.

CHOICES : A B C D

CORRECT ANSWER : D

AWS Certified Security - Specialty Exam

To pass the SCS-C01 exam, candidates must demonstrate their expertise of securing the AWS platform. To be successful in this certification, they must have two years of hands-on experience in securing the AWS platform. The questions in the SCS-C01 exam are structured in multiple-choice format, with one correct answer for each question. A candidate's knowledge of the AWS security architecture is also required.

Before taking the SCS-C01 exam, the applicant must have a solid understanding of the AWS system. The SCS-C01 exam evaluates the education of an individual, and he or she must demonstrate their expertise. This is the first step in acquiring a secure and productive AWS system. The SCS-C02 exam is designed to identify the gaps between a candidate's education and his or her professional experience. The questions in the SCS-C01 exam are timed and have several difficult sections.

The SCS-C01 exam is more challenging than the Advanced Networking exam, but the content is similar. It includes concepts of data protection, encryption, data classification, and authentication, all of which are crucial for securing an AWS environment. The SCS-C01 certification test also requires the knowledge of data classification and encryption methods. The certification process takes four to six months to complete. Upon passing the exam, you will receive your AWS account and start your path to an exciting career path.

AWS SCS-C01 certification is an entry-level certification for IT professionals. The SCS-C01 exam demonstrates a person's knowledge of the AWS security platform. If the candidate can successfully complete the SCS-C01 exam, they will be able to successfully secure the AWS cloud. This certification is also an ideal choice for individuals who have a basic understanding of the AWS security model.

The SCS-C01 exam focuses on a variety of security practices. The SCS-C01 test is a complex exam that requires an applicant to have two years of hands-on experience. The SCS-C01 exam is designed for individuals who have a wide range of security roles. This certificate will increase a person's salary by up to $16,000. It has many benefits. While the SCS-C01 is considered to be a technical certification, it is important to note that the SCS-C01 test may not cover all of the details that are covered in the SCS-C01 and SCS-C02.

The SCS-C01 exam consists of two sections. The first section tests candidates' understanding of security concepts, while the second section requires them to analyze a suspected compromised instance. For the SCS-C01 exam, candidates must have two years of IT experience in security. They must be able to verify that they have a comprehensive security plan and understand the underlying technologies. For example, they must have an Incident Response plan. In the second section, the candidate must implement an incident response plan.