AWS Certified Security - Specialty (SCS-C02) Exam Dumps with Solutions

While reviewing an AWS CloudFormation template for a payments microservice, a security engineer finds that a parameter named PaymentApiToken exposes a production API token in plaintext as its default value; the token is referenced 12 times throughout the template (for Lambda environment variables, API Gateway headers, and an ECS task definition), and the engineer must remove plaintext from the template, preserve the ability to reference the value in all 12 locations during stack operations, ensure the secret is encrypted at rest and never appears in stack events or logs, and also support automatic rotation every 60 days; which solution will meet these requirements in the MOST secure way?

A global edtech company operates 15 AWS accounts in AWS Organizations and has enabled AWS Identity and Access Management (IAM) Access Analyzer at the organization level to detect public or cross-account access. The security team requires an automated workflow that, for any newly created IAM or resource policy that triggers an ACTIVE Access Analyzer finding, remediates external access by updating IAM role trust policies to add an explicit Deny for external principals and sends an email notification to security-ops@example.com within 5 minutes. Which combination of steps should a security engineer implement to meet these requirements? (Choose three.)

A media analytics company runs a latency-sensitive ingestion API on Amazon EC2 instances behind an Application Load Balancer; the instances are in an Auto Scaling group with a minimum of 6 and a desired capacity of 9 spread across three private subnets in the same VPC that also hosts other workloads. The security team has enabled an Amazon GuardDuty detector in the same AWS Region and integrated findings with AWS Security Hub. The team must implement an automated response that detects unusual egress traffic spikes (for example, the GuardDuty finding type Behavior:EC2/TrafficVolumeUnusual with severity >= 5) and immediately takes an initial containment action that follows AWS best practices while minimizing impact on the application and unrelated resources in the subnets. Which solution meets these requirements?

A fintech company operates 12 AWS accounts across us-east-1 and eu-west-1 and suspects that a legacy bastion host (EC2 instance i-0abcfed12345) in VPC vpc-0f12abcd with IMDSv1 enabled leaked its instance profile credentials; the organization has an AWS Organizations organization trail enabled for AWS CloudTrail, VPC Flow Logs are delivered to Amazon CloudWatch Logs, Amazon GuardDuty is enabled with a delegated administrator account, and AWS Audit Manager is used for PCI evidence collection. The security team must determine whether, within the time window 2025-07-04 02:10–03:05 UTC, the stolen temporary credentials were used to access any resources in their environment from an external AWS account. Which solution will most directly provide this information?

An online retail marketplace uses a third-party SaaS container vulnerability scanner that integrates with AWS Security Hub in the company’s audit account. The security team must ensure that when a new finding with severity label HIGH or CRITICAL from this third-party product is imported into Security Hub in us-east-1, a remediation workflow is triggered automatically within 60 seconds and can scale to handle bursts of up to 500 findings per minute without managing any servers. Which solution will meet these requirements?