A company uses AWS IAM Identity Center with SAML 2.0 federation. The company decides to change its federation source from one identity provider (IdP) to another. The underlying directory for both IdPs is Active Directory.
Which solution will meet this requirement?
A. Disable all existing users and groups within IAM Identity Center that were part of the federation with the original IdP.A company ' s web application is hosted on Amazon EC2 instances running behind an Application Load Balancer (ALB) in an Auto Scaling group. An AWS WAF web ACL is associated with the ALB. AWS CloudTrail is enabled and stores logs in Amazon S3 and Amazon CloudWatch Logs.
The operations team has observed some EC2 instances reboot at random. After rebooting, all access logs on the instances have been deleted. During an investigation, the operations team found that each reboot happened just after a PHP error occurred on the new-user-creation.php file. The operations team needs to view log information to determine if the company is being attacked.
Which set of actions will identify the suspect attacker ' s IP address for future occurrences?
A. Configure VPC Flow Logs on the subnet where the ALB is located and stream the data to CloudWatch. Search for the new-user-creation.php occurrences in CloudWatch.A company uses several AWS CloudFormation stacks to handle the deployment of a suite of applications.
The leader of the company ' s application development team notices that the stack deployments fail with permission errors when some team members try to deploy the stacks. However, other team members can deploy the stacks successfully.
The team members access the account by assuming a role that has a specific set of permissions. All team members have permissions to perform operations on the stacks.
Which combination of steps will ensure consistent deployment of the stacksMOST securely? (Select THREE.)
A. Create a service role that has a composite principal that contains each service that needs the necessary permissions.A company experienced a security incident caused by a vulnerable container image that was pushed from an external CI/CD pipeline into Amazon ECR.
Which solution will prevent vulnerable images from being pushed?
A. Enable ECR enhanced scanning with Lambda blocking.A company in France uses Amazon Cognito with the Cognito Hosted UI as an identity broker for sign-in and sign-up processes. The company is marketing an application and expects that all the application ' s users will come from France.
When the company launches the application, the company ' s security team observes fraudulent sign-ups for the application. Most of the fraudulent registrations are from users outside of France. The security team needs a solution to perform custom validation at sign-up. Based on the results of the validation, the solution must accept or deny the registration request.
Which combination of steps will meet these requirements? (Select TWO.)
A. Create a pre sign-up AWS Lambda trigger. Associate the Amazon Cognito function with the Amazon Cognito user pool.A company that builds document management systems recently performed a security review of its application on AWS. The review showed that uploads of documents through signed URLs into Amazon S3 could occur in the application without encryption in transit. A security engineer must implement a solution that prevents uploads that are not encrypted in transit.
Which solution will meet this requirement?
A. Ensure that all client implementations are using HTTPS to upload documents into the application.A company has an Amazon RDS database. The database contains sensitive data that is shared across teams in the company. The company needs a solution to detect anomalous logins to the database. The solution must notify an existing Amazon SNS topic when anomalous logins occur.
Which solution will meet these requirements?
A. Use AWS Trusted Advisor security checks for Amazon RDS. Create an Amazon EventBridge rule to monitor the security checks for status changes. Configure the EventBridge rule to invoke an AWS Lambda function to publish a message to the SNS topic.A company uses AWS Organizations and requires that account activity logging cannot be stopped by workload administrators. The security team also wants an automated way to restore logging if a trail is accidentally disabled.
Which combination of controls should the company use? Choose two.
A. Attach an SCP that denies actions that stop or delete required trails.A company rapidly adopted many AWS services without a formal architecture review. Leadership asks the security team to evaluate the workload against AWS security best practices, identify high-risk issues, and track improvement milestones with the application owners.
A. Use Amazon Detective to create a behavior graph for every architecture component and mark missing components as high risk.A company runs an application on a fleet of Amazon EC2 instances. The company can remove instances from the fleet without risk to the application. All EC2 instances use the same security group named ProdFleet. Amazon GuardDuty and AWS Config are active in the company ' s AWS account.
A security engineer needs to provide a solution that will prevent an EC2 instance from sending outbound traffic if GuardDuty generates a cryptocurrency finding event. The security engineer creates a new security group named Isolate that contains no outbound rules. The security engineer configures an AWS Lambda function to remove an EC2 instance from the ProdFleet security group and add it to the Isolate security group.
Which additional step will meet this requirement?
A. Configure GuardDuty to directly invoke the Lambda function if GuardDuty generates a CryptoCurrency:EC2/* finding event.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SCS-C03 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.