Free Amazon SCS-C03 Exam Dumps Questions & Answers


Exam Code/Number:	SCS-C03Join the discussion
Exam Name:	AWS Certified Security - Specialty
Certification:	Amazon
Question Number:	215
Publish Date:	Jun 01, 2026
Rating 100%

Page: 1 / 43
Total 215 questions

Question 1

A company has the following security policy for its Amazon Aurora MySQL databases for a single AWS account:
- Database storage must be encrypted at rest.
- Deletion protection must be enabled.
- Databases must not be publicly accessible.
- Database audit logs must be published to Amazon CloudWatch Logs.
A security engineer must implement a solution that continuously monitors all Aurora MySQL resources for compliance with this policy. The solution must be able to display a database's compliance state for each part of the policy at any time.
Which solution will meet these requirements?

A. Enable AWS Config. Implement AWS Config managed rules that monitor all Aurora MySQL resources for the security requirements. View the compliance state in the AWS Config dashboard.
B. Create an Amazon EventBridge rule that runs when an Aurora MySQL resource is created or modified. Create an AWS Lambda function to verify the security requirements and to send the compliance state to a CloudWatch custom metric.
C. Enable AWS Audit Manager. Configure Audit Manager to use a custom framework that matches the security requirements. Create an assessment report to view the compliance state.
D. Enable AWS Security Hub. Create a configuration policy that includes the security requirements.
Apply the configuration policy to all Aurora MySQL resources. View the compliance state in Security Hub.

Question 2

A company's web application is hosted on Amazon EC2 instances running behind an Application Load Balancer (ALB) in an Auto Scaling group. An AWS WAF web ACL is associated with the ALB. AWS CloudTrail is enabled and stores logs in Amazon S3 and Amazon CloudWatch Logs.
The operations team has observed some EC2 instances reboot at random. After rebooting, all access logs on the instances have been deleted. During an investigation, the operations team found that each reboot happened just after a PHP error occurred on the new-user-creation.php file. The operations team needs to view log information to determine if the company is being attacked.
Which set of actions will identify the suspect attacker's IP address for future occurrences?

A. Configure the web ACL to send logs to Amazon Data Firehose, which delivers the logs to an S3 bucket. Use Amazon Athena to query the logs and find the new-user-creation.php occurrences.
B. Configure the CloudWatch agent on the ALB and send application logs to CloudWatch Logs.
C. Configure the ALB to export access logs to an Amazon OpenSearch Service cluster and search for the new-user-creation.php occurrences.
D. Configure VPC Flow Logs on the subnet where the ALB is located and stream the data to CloudWatch. Search for the new-user-creation.php occurrences in CloudWatch.

Question 3

A company needs to detect unauthenticated access to its Amazon Elastic Kubernetes Service (Amazon EKS) clusters. The solution must require no additional configuration of the existing EKS deployment. Which solution will meet these requirements with the LEAST operational effort?

A. Install a third-party security add-on.
B. Enable Amazon GuardDuty and use EKS Audit Log Monitoring.
C. Enable AWS Security Hub and monitor Kubernetes findings.
D. Monitor CloudWatch Container Insights metrics for EKS.

Question 4

A security engineer needs to implement a solution to create and control the keys that a company uses for cryptographic operations. The security engineer must create symmetric keys in which the key material is generated and used within a custom key store that is backed by an AWS CloudHSM cluster. The security engineer will use symmetric and asymmetric data key pairs for local use within applications. The security engineer also must audit the use of the keys.
How can the security engineer meet these requirements?

A. To create the keys, use AWS Key Management Service (AWS KMS) and the custom key stores with the CloudHSM cluster. For auditing, use Amazon Athena.
B. To create the keys, use Amazon S3 and the custom key stores with the CloudHSM cluster. For auditing, use AWS CloudTrail.
C. To create the keys, use AWS Key Management Service (AWS KMS) and the custom key stores with the CloudHSM cluster. For auditing, use Amazon GuardDuty.
D. To create the keys, use AWS Key Management Service (AWS KMS) and the custom key stores with the CloudHSM cluster. For auditing, use AWS CloudTrail.

Question 5

A company is investigating an increase in its AWS monthly bill. The company discovers that bad actors compromised some Amazon EC2 instances and served webpages for a large email phishing campaign. A security engineer must implement a solution to monitor for cost increases in the future to help detect malicious activity.
Which solution will offer the company the EARLIEST detection of cost increases?

A. Create an Amazon EventBridge rule that invokes an AWS Lambda function hourly. Program the Lambda function to download an AWS usage report from AWS Data Exports about usage of all services. Program the Lambda function to analyze the report and to send a notification when anomalies are detected.
B. Create a cost monitor in AWS Cost Anomaly Detection. Configure an individual alert to notify an Amazon Simple Notification Service (Amazon SNS) topic when the percentage above the expected cost exceeds a threshold.
C. Review AWS Cost Explorer daily to detect anomalies in cost from prior months. Review the usage of any services that experience a significant cost increase from prior months.
D. Capture VPC flow logs from the VPC where the EC2 instances run. Use a third-party network analysis tool to analyze the flow logs and to detect anomalies in network traffic that might increase cost.