A company stores infrastructure and application code in web-based, third-party, Git-compatible code repositories outside of AWS. The company wants to give the code repositories the ability to securely authenticate and assume an existing IAM role within the company ' s AWS account by using OpenID Connect (OIDC).
Which solution will meet these requirements?
A. Create an OIDC identity provider (IdP) by using AWS Identity and Access Management (IAM) federation. Modify the trust policy of the IAM role to allow the code repositories to assume the IAM role.A legacy web application is publicly reachable and cannot be patched before the next maintenance window.
The security team has confirmed that current attack traffic matches common SQL injection patterns. The business requires the application to remain available while the short-term mitigation is deployed.
A. Disable the database subnet route table so that the application cannot connect to the database.A company wants to store all objects that contain sensitive data in an Amazon S3 bucket. The company will use server-side encryption to encrypt the S3 bucket. The company ' s operations team manages access to the company's S3 buckets. The company ' s security team manages access to encryption keys. The company wants to separate the duties of the two teams to ensure that configuration errors by only one of these teams will not compromise the data by granting unauthorized access to plaintext data.
Which solution will meet this requirement?
A. Ensure that the operations team configures default bucket encryption on the S3 bucket to use server-side encryption with Amazon S3 managed encryption keys (SSE-S3). Ensure that the security team creates an IAM policy that controls access to use the encryption keys.A security engineer discovers that a company ' s user passwords have no required minimum length. The company uses the following identity providers (IdPs):
- AWS Identity and Access Management (IAM) federated with on-premises Active Directory
- Amazon Cognito user pools that contain the user database for an AWS Cloud application
Which combination of actions should the security engineer take to implement a required minimum password length? (Select TWO.)
A. Update the password length policy in the IAM configuration.A company has an organization with all features enabled in AWS Organizations. In the management account, the company configures AWS IAM Identity Center for the organization in the eu-west-2 Region.
The company configures IAM Identity Center with a SAML-based identity provider. The company needs to configure an AWS managed application that integrates with IAM Identity Center in a new AWS account in the us-east-1 Region. Most of the users that will authenticate to the AWS managed application are external third-party users who cannot be added to the company's identity provider.
A security engineer needs to configure authentication for the third-party users. The solution must provide isolation from the company's identity provider.
Which solution will meet these requirements?
A. Create a SAML identity provider in IAM in the management account that connects to the third-party users' identity provider. Create IAM roles in the management account that allow access to the AWS managed application.A security engineer is asked to update an AWS CloudTrail log file prefix for an existing trail.
When attempting to save the change in the CloudTrail console, the security engineer receives the following error message: "There is a problem with the bucket policy."
What will enable the security engineer to save the change?
A. Create a new trail with the updated log file prefix, and then delete the original trail.A company runs an online game on AWS. When players sign up for the game, their username and password credentials are stored in an Amazon Aurora database.
The number of users has grown to hundreds of thousands of players. The number of requests for password resets and login assistance has become a burden for the company ' s customer service team.
The company needs to implement a solution to give players another way to log in to the game. The solution must remove the burden of password resets and login assistance while securely protecting each player ' s credentials.
Which solution will meet these requirements?
A. When a new player signs up, use an AWS Lambda function to automatically create an IAM access key and a secret access key.A compliance policy forbids inbound SSH and RDP ports on production instances. Administrators still need occasional command-line access, session logging, and IAM-based authorization.
A. Use a bastion host with a shared SSH key and rotate the key monthly.A company uses Amazon API Gateway to present REST APIs to users. An API developer wants to analyze API access patterns without the need to parse the log files.
Which combination of steps will meet these requirements with the LEAST effort? (Select TWO.)
A. Configure access logging for the required API stage.A company runs ECS services behind an internet-facing ALB that is the origin for CloudFront. An AWS WAF web ACL is associated with CloudFront, but clients can bypass it by accessing the ALB directly.
Which solution will prevent direct access to the ALB?
A. Use AWS PrivateLink with the ALB.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SCS-C03 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.