Practice Exams | AWS Certified Security – Specialty
Description
Preparing for AWS Certified Security – Specialty SCS-C01? This is THE practice exams course to give you the winning edge.
These practice exams have been co-authored by Stephane Maarek and Abhishek Singh who bring their collective experience of passing 20 AWS Certifications to the table.
The tone and tenor of the questions mimic the real exam. Along with the detailed description and “exam alert” provided within the explanations, we have also extensively referenced AWS documentation to get you up to speed on all domain areas being tested for the SCS-C01 exam.
We want you to think of this course as the final pit-stop so that you can cross the winning line with absolute confidence and get AWS Certified! Trust our process, you are in good hands.
All questions have been written from scratch! And more questions are being added over time!
=======
Quality speaks for itself...
SAMPLE QUESTION:
A mid-sized company recently deployed Amazon GuardDuty to monitor their AWS environment for potential security threats. The security team noticed a high number of RDP brute force attacks originating from an Amazon EC2 instance and decided to take action to prevent any issues. The company's security engineer was tasked with implementing an automated solution that could block the suspicious instance until the issue could be investigated and remediated.
Which of the following solutions should the security engineer implement?
Have Security Hub ingest GuardDuty findings and send events to Kinesis Data Streams via EventBridge. Configure Kinesis Data Analytics to process the data stream and block traffic to/from the suspicious instance by updating the security group so that it has no inbound and outbound rules
Have Security Hub ingest GuardDuty findings and send events to EventBridge that triggers a Lambda function to block traffic to/from the suspicious instance by updating the WAF web ACL
Have Security Hub ingest GuardDuty findings and send events to EventBridge that triggers a Lambda function to block traffic to/from the suspicious instance by updating the network ACL rules
Have Security Hub ingest GuardDuty findings and send events to Kinesis Data Streams via EventBridge. Configure a Lambda function to process the data stream and block traffic to/from the suspicious instance by updating the security group so that it has no inbound and outbound rules
What's your guess? Scroll below for the answer...
Correct: 4.
Explanation:
Have Security Hub ingest GuardDuty findings and send events to Kinesis Data Streams via EventBridge. Configure a Lambda function to process the data stream and block traffic to/from the suspicious instance by updating the security group so that it has no inbound and outbound rules files
AWS Security Hub provides you with a comprehensive view of your security state in AWS and helps you check your environment against security industry standards and best practices.
Security Hub collects security data from across AWS accounts, services (such as GuardDuty), and supported third-party partner products and helps you analyze your security trends and identify the highest priority security issues.
How Security Hub works:
<Reference Image>
via - <Reference Link>
Leveraging Amazon EventBridge's integration with Security Hub, you can automate your AWS services to respond automatically to system events such as application availability issues or resource changes. Events from AWS services are delivered to EventBridge in near-real time and on a guaranteed basis. You can write simple rules to indicate which events you are interested in and what automated actions to take when an event matches a rule. The actions that can be automatically triggered include the following:
Invoking an AWS Lambda function
Invoking the Amazon EC2 run command
Relaying the event to Amazon Kinesis Data Streams
Activating an AWS Step Functions state machine
Notifying an Amazon SNS topic or an Amazon SQS queue
Sending a finding to a third-party ticketing, chat, SIEM, or incident response and management tool
For the given use case, you can process the Security Hub events in Kinesis Data Streams by using a Lambda function that monitors any `UnauthorizedAccess:EC2/RDPBruteForce` finding from GuardDuty that is relayed via Security Hub. This finding informs you that an EC2 instance in your AWS environment was involved in a brute force attack aimed at obtaining passwords to RDP services on Windows-based systems. This can indicate unauthorized access to your AWS resources. When the Lambda function sees a matching finding, it can block traffic to/from the suspicious instance by updating the security group so that it has no inbound and outbound rules.
Incorrect options:
Have Security Hub ingest GuardDuty findings and send events to EventBridge that triggers a Lambda function to block traffic to/from the suspicious instance by updating the WAF web ACL - WAF web ACL can only be applied to the following resource types: CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AWS AppSync GraphQL API and Amazon Cognito user pool. You can use AWS WAF to control how your protected resources respond to HTTP(S) web requests. The given use case is about RDP brute force attacks originating from an EC2 instance, so using WAF web ACL is not relevant, as it cannot monitor traffic originating from an EC2 instance.
Have Security Hub ingest GuardDuty findings and send events to EventBridge that triggers a Lambda function to block traffic to/from the suspicious instance by updating the network ACL rules - Using Network ACL rules would impact all instances in a subnet. It will not isolate the traffic only for the suspicious instance. Hence this option is incorrect.
Have Security Hub ingest GuardDuty findings and send events to Kinesis Data Streams via EventBridge. Configure Kinesis Data Analytics to process the data stream and block traffic to/from the suspicious instance by updating the security group so that it has no inbound and outbound rules - Amazon Kinesis Data Analytics can be used to transform and analyze streaming data in real-time with Apache Flink. Apache Flink is an open-source framework and engine for processing data streams. Kinesis Data Analytics reduces the complexity of building, managing, and integrating Apache Flink applications with other AWS services. This option has been added as a distractor as Kinesis Data Analytics cannot be used to update the security groups for an instance.
< with reference links>
=======
Instructor
My name is Stéphane Maarek, I am passionate about Cloud Computing, and I will be your instructor in this course. I teach about AWS certifications, focusing on helping my students improve their professional proficiencies in AWS.
I have already taught 1,500,000+ students and gotten 500,000+ reviews throughout my career in designing and delivering these certifications and courses!
I'm delighted to welcome Abhishek Singh as my co-instructor for these practice exams!
=======
Welcome to the best practice exams to help you prepare for your AWS Certified Security – Specialty exam.
You can retake the exams as many times as you want
This is a huge original question bank
You get support from instructors if you have questions
Each question has a detailed explanation
Mobile-compatible with the Udemy app
30-days money-back guarantee if you're not satisfied
We hope that by now you're convinced!... And there are a lot more questions inside the course.
Happy learning and best of luck for your AWS Certified Security – Specialty SCS-C01 exam!
Who this course is for:
- Anyone preparing for the AWS Certified Security Specialty SCS-C01
Instructors
- 4.7 Instructor Rating
- 680,039 Reviews
- 2,187,950 Students
- 56 Courses
Stephane is a solutions architect, consultant and software developer that has a particular interest in all things related to Big Data, Cloud & API. He's also a many-times best seller instructor on Udemy for his courses in AWS and Apache Kafka.
[See FAQ below to see in which order you can take my courses]
Stéphane is recognized as an AWS Hero and is an AWS Certified Solutions Architect Professional & AWS Certified DevOps Professional. He loves to teach people how to use the AWS properly, to get them ready for their AWS certifications, and most importantly for the real world.
He also loves Apache Kafka. He sits on the 2019 Program Committee organizing the Kafka Summit in New York, London and San Francisco. He is also an active member of the Apache Kafka community, authoring blogs on Medium and a guest blog for Confluent.
During his spare time he enjoys cooking, practicing yoga, surfing, watching TV shows, and traveling to awesome destinations!
FAQ: In which order should you learn?...
AWS Cloud: Start with AWS Certified Solutions Architect Associate, then move on to AWS Certified Developer Associate and then AWS Certified SysOps Administrator. Afterwards you can either do AWS Certified Solutions Architect Professional or AWS Certified DevOps Professional, or a specialty certification of your choosing.
Apache Kafka: Start with Apache Kafka for Beginners, then you can learn Connect, Streams and Schema Registry if you're a developer, and Setup and Monitoring courses if you're an admin. Both tracks are needed to pass the Confluent Kafka certification.
- 4.7 Instructor Rating
- 56,987 Reviews
- 1,830,989 Students
- 23 Courses
Abhishek is an AWS veteran and has built successful SaaS and consumer solutions using AWS services since 2012. Over the course of his professional career, Abhishek has interviewed and mentored hundreds of candidates for entry-level and lateral positions for Cloud based IT solutions development. Abhishek is passionate about sharing his knowledge on AWS Cloud, Machine Learning and Big Data. He wants to help his fellow IT Professionals level-up their skills to ace the AWS Certifications and above all, get ready for the real world AWS ecosystem.
He is an AWS Certified Solutions Architect Professional, AWS Certified DevOps Engineer Professional, AWS Certified Machine Learning Specialist, AWS Certified Big Data Specialist and AWS Certified Database Specialist.
Overall, Abhishek has over 14 years of experience working on a diverse range of Enterprise Technologies based on ML, Big Data and Analytics. He runs a successful ML and Big Data Consultancy advocating solutions on AWS Cloud and has advised multiple clients in the US to architect and implement their ML and Big Data solutions using the AWS suite of services.