ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 238 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 238
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A medical company recently completed an acquisition and inherited an existing AWS environment. The company has an upcoming audit and is concerned about the compliance posture of its acquisition.

The company must identify personal health information inside Amazon S3 buckets and must identify S3 buckets that are publicly accessible. The company needs to prepare for the audit by collecting evidence in the environment.

Which combination of steps will meet these requirements with the LEAST operational overhead? (Choose three.)

  • A. Enable Amazon Macie. Run an on-demand sensitive data discovery job that uses the PERSONAL_INFORMATION managed data identifier.
  • B. Use AWS Glue with the Detect PII transform to identify sensitive data and to mask the sensitive data.
  • C. Enable AWS Audit Manager. Create an assessment by using a supported framework.
  • D. Enable Amazon GuardDuty S3 Protection. Document any findings that are related to suspicious access of S3 buckets.
  • E. Enable AWS Security Hub. Use the AWS Foundational Security Best Practices standard. Review the controls dashboard for evidence of failed S3 Block Public Access controls.
  • F. Enable AWS Config. Set up the s3-bucket-public-write-prohibited AWS Config managed rule.
Show Suggested Answer Hide Answer
Suggested Answer: ACF 🗳️
by debarshi at Nov. 25, 2024, 1:27 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Pat9595
4 days, 12 hours ago
Selected Answer: ACF
The audit readiness requirement leans toward AWS Audit Manager (C) since it is explicitly designed to collect and organize evidence for compliance audits. While Security Hub (E) provides excellent security monitoring, Audit Manager (C) is more suited for preparing for an audit and collecting structured compliance evidence.
upvoted 1 times
...
Wardove
1 week, 1 day ago
Selected Answer: ACE
F cannot be the right answer as mentioned control would capture public reads from non-compliant resources https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-public-write-prohibited.html
upvoted 1 times
...
IPLogic
2 months ago
Selected Answer: ACE
A. Amazon Macie specializes in discovering sensitive data, such as personal health information, within your S3 buckets. This directly addresses the need to identify such data. C. AWS Audit Manager helps you create assessments and gather evidence based on compliance frameworks, preparing you thoroughly for the audit. E. AWS Security Hub provides a consolidated view of your security posture and identifies public access issues for S3 buckets, helping you review and document compliance with best practices.
upvoted 3 times
IPLogic
2 months ago
ACF - F for least operational overhead for this question.
upvoted 1 times
...
...
HappyG
2 months, 1 week ago
Selected Answer: AEF
The combination of A (Macie for PHI detection), E (Security Hub for centralized compliance monitoring), and F (AWS Config for continuous bucket access monitoring) provides an efficient and low-overhead solution to meet the requirements. It doesn't ask for anything from Audit, it's a distraction answer.
upvoted 2 times
...
debarshi
2 months, 1 week ago
Selected Answer: ACF
Correct Answer: ACF
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago