SCS-C02 Threat Detection and Incident Response • Complete Question Bank
Complete SCS-C02 Threat Detection and Incident Response question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit.
CloudTrail log entry (simplified):
{
"eventSource": "ec2.amazonaws.com",
"eventName": "RunInstances",
"userIdentity": {
"arn": "arn:aws:iam::123456789012:role/AdminRole",
"accountId": "123456789012"
},
"requestParameters": {
"instanceType": "m5.xlarge",
"imageId": "ami-0abcdef1234567890",
"securityGroupSet": [{"groupId": "sg-0123456789abcdef0"}]
},
"responseElements": {
"instancesSet": {
"items": [{"instanceId": "i-0a1b2c3d4e5f6g7h8"}]
}
},
"sourceIPAddress": "203.0.113.50",
"userAgent": "console.amazonaws.com",
"eventTime": "2025-03-15T14:30:00Z"
}Refer to the exhibit. VPC Flow Logs entry: 2 123456789010 eni-1234567890abcdef 10.0.1.5 203.0.113.50 3389 443 6 10 840 1625097600 1625097660 ACCEPT OK
Refer to the exhibit.
```
{
"Records": [
{
"eventVersion": "1.08",
"userIdentity": {
"type": "IAMUser",
"arn": "arn:aws:iam::123456789012:user/JohnDoe",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE"
},
"eventTime": "2024-08-01T12:34:56Z",
"eventSource": "ec2.amazonaws.com",
"eventName": "AuthorizeSecurityGroupIngress",
"awsRegion": "us-east-1",
"sourceIPAddress": "203.0.113.5",
"userAgent": "console.amazonaws.com",
"requestParameters": {
"groupId": "sg-0123456789abcdef0",
"ipPermissions": {
"items": [
{
"ipProtocol": "tcp",
"fromPort": 22,
"toPort": 22,
"ipRanges": [
{
"cidrIp": "0.0.0.0/0"
}
]
}
]
}
}
}
]
}
```Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Web application firewall
DDoS protection
Key management and encryption
Identity and access management
Data discovery and classification
Drag a concept onto its matching description — or click a concept then click the description.
Attached to a user, group, or role
Attached to a resource like S3 bucket
Maximum permissions for an identity
Used in AWS Organizations to restrict permissions
Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:root"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/24"
}
}
}
]
}Refer to the exhibit.
{ "sourceIP": "192.0.2.1", "userIdentity": { "arn": "arn:aws:iam::111111111111:user/JohnDoe", "type": "IAMUser" }, "eventTime": "2024-08-15T12:34:56Z", "eventSource": "ec2.amazonaws.com", "eventName": "RunInstances", "awsRegion": "us-east-1", "requestParameters": { "instanceType": "t2.micro", "imageId": "ami-0abcdef1234567890" }, "responseElements": { "instancesSet": { "items": [ { "instanceId": "i-0a1b2c3d4e5f67890" } ] } }}Refer to the exhibit. 2019-10-15T10:30:00Z 192.0.2.1 54321 10.0.0.1 443 6 10 1000 10 1000 ACCEPT OK 2019-10-15T10:30:05Z 192.0.2.1 54322 10.0.0.2 22 6 20 2000 10 1000 ACCEPT OK 2019-10-15T10:30:10Z 10.0.0.3 22 192.0.2.1 54323 6 15 1500 5 500 REJECT OK
Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowLambdaInvocation",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:us-east-1:123456789012:function:my-function"
}
]
}
```Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/8"
}
}
}
]
}
```Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudtrail:CreateTrail",
"cloudtrail:UpdateTrail",
"cloudtrail:PutEventSelectors",
"cloudtrail:StartLogging"
],
"Resource": "*"
}
]
}
```Refer to the exhibit. ``` 2024-03-15T10:30:00Z us-east-1 123456789012 ENI eni-0a1b2c3d4e5f67890 src 203.0.113.5 dst 10.0.1.5 port 443 proto 6 packets 10 bytes 1200 start 2024-03-15T10:30:00Z end 2024-03-15T10:30:05Z action ACCEPT log-status OK ```
Refer to the exhibit.
```
{
"source": ["aws.guardduty"],
"detail-type": ["GuardDuty Finding"],
"resources": ["arn:aws:ec2:us-east-1:123456789012:instance/i-0a1b2c3d4e5f67890"]
}
```Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/16"
}
}
}
]
}Refer to the exhibit.
Resources:
MyBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: my-secure-bucket
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
BucketPolicy:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal: "*"
Action: s3:GetObject
Resource: !Sub "${MyBucket.Arn}/*"Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:us-east-1:123456789012:log-group:/aws/lambda/MyFunction:*"
}
]
}Refer to the exhibit.
Resource: "arn:aws:ec2:us-east-1:123456789012:instance/*"
Condition: {
"StringEquals": {
"aws:SourceVpce": "vpce-0a1b2c3d4e5f67890"
}
}{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "203.0.113.0/24"
}
}
}
]
}2023-01-15T10:30:00Z 123456789012 ENI eni-0a1b2c3d4e5f67890 192.0.2.10 203.0.113.50 443 80 6 10 1000 1500 ACCEPT OK