Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsSCS-C02TopicsSecurity Logging and Monitoring
Free · No Signup RequiredAmazon Web Services · SCS-C02

SCS-C02 Security Logging and Monitoring Practice Questions

20+ practice questions focused on Security Logging and Monitoring — one of the most tested topics on the AWS Certified Security Specialty SCS-C02 exam. Each question includes a detailed explanation so you learn why the right answer is correct.

Start Security Logging and Monitoring Practice

Exam Domains

Threat Detection and Incident ResponseSecurity Logging and MonitoringIdentity and Access ManagementManagement and Security GovernanceInfrastructure SecurityData ProtectionAll domains →

Study Tools

Practice TestMock ExamFlashcardsAll Topics

Sample Security Logging and Monitoring Questions

Practice all 20+ →
1.

A security engineer wants to capture all DNS queries made by EC2 instances to detect potential data exfiltration. Which AWS service should be used to log the DNS requests?

A.Use Route 53 Resolver DNS Firewall with query logging
B.Use Amazon GuardDuty
C.Enable VPC Flow Logs
D.Enable AWS CloudTrail

Explanation: Route 53 Resolver DNS Firewall with query logging is the correct choice because it is specifically designed to log all DNS queries made by EC2 instances that use the Route 53 Resolver. This service captures the domain names being queried, the source IP, and the response, enabling detection of DNS-based data exfiltration (e.g., DNS tunneling). It integrates directly with the VPC's DNS resolver, ensuring all outbound DNS traffic from EC2 instances is logged without additional agents.

2.

A company uses AWS CloudTrail to log management events in all regions. The security team notices that some API calls made by an IAM user are not appearing in the CloudTrail event history. What is the most likely reason?

A.The user used the AWS Management Console, not the CLI
B.The trail is configured for a single region only
C.The API calls were read-only and excluded by default
D.CloudTrail event history only retains events for 90 days; older events are not visible

Explanation: D is correct because CloudTrail event history only retains the last 90 days of events. If the API calls were made more than 90 days ago, they would no longer appear in the event history, even though the trail itself may still be delivering log files to an S3 bucket for longer-term storage. The security team is likely looking at the event history rather than querying the S3 bucket or using Athena for older events.

3.

A company requires real-time analysis of AWS CloudTrail logs to detect unauthorized API calls. The logs are stored in Amazon S3. Which architecture minimizes latency and cost?

A.Use AWS Glue to crawl S3 and load into Amazon Redshift for analysis
B.Send CloudTrail logs to Amazon CloudWatch Logs, then use a subscription filter to Amazon Kinesis Data Firehose delivering to Amazon OpenSearch Service
C.Query CloudTrail logs directly using Amazon Athena
D.Configure S3 event notifications to invoke an AWS Lambda function that writes to Amazon OpenSearch Service

Explanation: Option B is correct because it provides the lowest-latency path for real-time analysis: CloudTrail logs are delivered to CloudWatch Logs in near real-time, and a subscription filter streams them to Kinesis Data Firehose, which buffers and delivers directly to Amazon OpenSearch Service for immediate indexing and search. This architecture avoids batch processing, minimizes data movement overhead, and uses managed services that scale automatically, keeping both latency and cost low.

4.

A security engineer needs to be alerted when an IAM user attempts to modify an S3 bucket policy. Which method is the MOST efficient?

A.Enable VPC Flow Logs and analyze for S3 API traffic
B.Configure an AWS Config rule to detect changes and invoke a Lambda function
C.Create an Amazon CloudWatch Events rule that matches the PutBucketPolicy API call and triggers an SNS notification
D.Enable S3 server access logs and parse them for PutBucketPolicy entries

Explanation: Option C is correct because Amazon CloudWatch Events (now Amazon EventBridge) can directly capture the PutBucketPolicy API call as a real-time event and trigger an SNS notification without any additional compute or polling. This is the most efficient method as it requires no log parsing, no custom code, and no additional infrastructure, providing immediate alerting with minimal overhead.

5.

A company uses Amazon GuardDuty and wants to suppress low-severity findings that are known false positives. What is the recommended approach?

A.Configure a CloudWatch Events rule to ignore the findings
B.Manually delete the findings from the GuardDuty console
C.Disable the GuardDuty detector for the affected accounts
D.Create a GuardDuty filter to suppress the findings

Explanation: GuardDuty filters allow you to automatically suppress low-severity findings that are known false positives by setting the filter action to 'ARCHIVE'. This prevents the findings from appearing in the active findings list without disabling detection or deleting data. Filters are the recommended approach because they are purpose-built for this use case and preserve the audit trail.

+15 more Security Logging and Monitoring questions available

Practice all Security Logging and Monitoring questions

How to master Security Logging and Monitoring for SCS-C02

1. Baseline your knowledge

Start with 10 questions to gauge your current understanding of Security Logging and Monitoring. This tells you whether you need a concept refresher or just practice.

2. Review every explanation

For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.

3. Focus on exam traps

Security Logging and Monitoring questions on the SCS-C02 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.

4. Reach 80% consistently

Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.

Frequently asked questions

How many SCS-C02 Security Logging and Monitoring questions are on the real exam?

The exact number varies per candidate. Security Logging and Monitoring is tested as part of the AWS Certified Security Specialty SCS-C02 blueprint. Practicing with targeted Security Logging and Monitoring questions ensures you can handle any format or difficulty that appears.

Are these SCS-C02 Security Logging and Monitoring practice questions free?

Yes. Courseiva provides free SCS-C02 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.

Is Security Logging and Monitoring one of the harder SCS-C02 topics?

Difficulty is subjective, but Security Logging and Monitoring is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.

Ready to practice?

Launch a full Security Logging and Monitoring practice session with instant scoring and detailed explanations.

Start Security Logging and Monitoring Practice →

Topic Info

Topic

Security Logging and Monitoring

Exam

SCS-C02

Questions available

20+