AWS Fundamentals Addressing Security Risk Coursera Quiz Answers

AWS Fundamentals Addressing Security Risk Quiz Answers

Q1. What security mechanism can add an extra layer of protection to your AWS account in addition to a username-password combination?

• T​ransport Layer Protocol or TCP
• M​ult-factor Authentication or MFA
• I​ris Scan Service or ISS
• S​cure Bee Service or SBS

Q2. If a user wanted to read from a DynamoDB table what policy would you attach to their user profile?

• AmazonDynamoDBFullAccess
• AWSLambdaInvocation-DynamoDB
• AmazonDynamoDBReadOnlyAccess
• AWSLambdaDynamoDBExecutionRole

Q3. What are valid MFA or Multi-factor Authentication options available to use on AWS? Select all that apply.

• Gemalto token
• Blizzard Authenticator
• yubiKey
• Google Authenticator
• AWS IoT button

Q4. What format is an Identity and Access Management policy document in?

• X​ML
• H​TML
• C​SV
• J​SON

Q5. Which are valid options for interacting with your AWS account? Select all that apply.

• Command Line Interface
• Software Development Kit
• Application Programming Interface
• AWS Console

Quiz 2

Q1. Which solution below grants AWS Management Console access to a DevOps engineer?

• Enable Single sign-on on AWS accounts by using federation and AWS IAM
• Create a user for the security engineer in AWS Cognito User Pool
• Create IAM user for the engineer and associate relevant IAM managed policies to this IAM user  
• Use AWS Organization to scope down IAM roles and grant the security engineer access to this IAM roles 

Q2. Which of these IAM policies cannot be updated by you?

• managed policy
• customer managed policy
• inline policy
• group policy

Q3. Which of these services can establish a trusted relationship between your corporate Active Directory and AWS?

• Amazon Cognito
• AWS SSO
• I​AM
• A​D Connector

Q4. What is the main difference between Cognito User Pool and Cognito Identity Pool?

• User Pool cannot use public identity providers (e.g Facebook, Amazon, …) while Identity Pool can
• Identity Pools provide temporary AWS credentials
• Only User Pools has feature to enable MFA
• User Pools support both authenticated and unauthenticated identities

Q5. How do you audit IAM user’s access to your AWS accounts and resources?

• Using CloudTrail to look at the API call and timestamp
• Using CloudWatch event to notify you when an IAM user sign in
• Using AWS Config to notify you when IAM resources are changed
• Use Trusted Advisor to show a list of sign in events from all users

Week 2 Quiz Answers

Q1. Which statement is true?

• You can only attach 1 elastic network interface (ENI) to each EC2 instance launched in VPC
• By default, each instance that you launch into a nondefault subnet has a public IPv4 address
• To use AWS Private Link, the VPC is required to have a NAT device
• Traffics within an Availability Zone, or between Availability Zones in all Regions, are routed over the AWS private global network

Q2. W​hat is a Security Group?

• Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level
• Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level
• Control who in your organization has permission to create and manage VPC flow logs
• Capture information about the IP traffic going to and from network interfaces in your VPC

Q3. How many types of VPC Endpoints are available?

• Many. Each AWS Service will be supported by 1 type of VPC Endpoints
• Two: Amazon S3 and DynamoDB
• Two: Gateway Endpoint and Interface Endpoint
• One: VPC

Q4. Which of these AWS resources cannot be monitored using VPC Flow logs?

• V​PC
• A​ subnet in a VPC
• A network interface attached to EC2
• An Internet Gateway attached to VPC

Q5. You can route traffic to a NAT Gateway through:

• Site-to-Site VPN connection
• AWS Direct Connect
• VPC Peering
• None of the above

Quiz 2

Q1. What AWS Services keeps a record of who is interacting with your AWS Account?1 point

• Amazon ServiceLog
• Amazon Auditor
• AWS AccountMonitor
• AWS CloudTrail

Q2. Which of the following are monitoring and logging services available on AWS? Select all that apply.

• AWS CloudWatch
• AWS CloudLogger
• Amazon Beehive
• Amazon Config

Q3. Which of the following sections from Trusted Advisor exists under the Well-Architected Framework as a pillar as well?

• Cost Transparency
• Operational Excellence
• Security
• Fault Tolerance

Q4. If you wanted to accomplish threat detection in your AWS Infrastructure, which of the following services would you use?

• AWS GuardDuty
• Amazon ThreatDetector
• Amazon S3
• AWS DynamoDB

Q5. Which AWS Service has an optional agent that can be deployed to EC2 instances to perform a security assessment?

• AWS Assessor
• Amazon Inspector
• AWS EC2Deploy
• Amazon Agent

Week 3 Quiz Answers

Q1. What requirement must you adhere to in order to deploy an AWS CloudHSM?

• Run the HSM in two regions
• Provision the HSM in a VPC
• Deploy an EBS volume for the HSM
• Call AWS Support first to enable it

Q2. What AWS KMS keys are used to encrypt and decrypt data in AWS?

• Customer master keys
• AWS master keys
• Seller recrypt keys
• User recrypt keys

Q3. How much data can you encrypt/decrypt using a Customer Master Key?

• Up to 4MB
• Up to 4TB
• Up to 1MB
• Up to 4KB

Quiz 2

Q1. The purpose of encrypting data when it is in transit between systems and services is to prevent (choose 3 correct answers):

• unauthenticated server and client communication
• eavesdropping
• unauthorized alterations
• unauthorized copying

Q2. Which protocol below is an industry-standard cryptographic protocol used for encrypting data at the transport layer?

• HTTPS
• T​LS
• X.509
• IPSec

Q3. How do you encrypt an existing unencrypted EBS volume?

• EBS volumes are encrypted at rest by default
• Enable Encryption by Default feature
• Take a snapshot for EBS volume, and create new encrypted volume for this snapshot
• Enable encryption for EC2 instance, which will encrypt the attached EBS volumes

Q4. Can you encrypt just a subset of items in a DynamoDB table?

• ​Yes
• N​o

Q5. When you enable encryption for the RDS DB instance, what would not be encrypted?

• JBDC connection
• Transaction logs
• Automated backups
• Read Replicas
• Snapshots

Week 4 Quiz Answers

Q1. W​hich of the following are valid Pillars of the Well-Architected Framework? Choose two.

• Security
• I​infrastructure
• Cost Optimization
• Redundancy
• Speed

Q2. What language does Amazon Athena support?

• ​SQL
• J​ava
• C​++
• d​ogescript

Q3. What is the name of the model that shows how security is handled by AWS and its customers in the AWS Cloud?

• Cloud Security Model
• Role Based Model
• Shared Responsibility Model
• AWS Authentication Model

Q4. What AWS service is best suited for storing objects?

• Amazon Simple Storage Service
• Amazon Elastic Beanstalk
• Amazon DynamoDB
• Amazon Object Store

Q5. What AWS service can be used to manage multiple AWS accounts for consolidated billing?

• AWS Multiple-man
• AWS Account Manager
• AWS Billing
• AWS Organizations

Q6. What type of database is Amazon DynamoDB?

• Relational
• NoSQL
• OnlySQL
• Dynamic

Q7. What is a customer access endpoint?

• A customer token
• A signed code segment
• A URL entry point for a web service
• A websocket for customer connections

Refer Above Quizzes for End of Course Assessment Quiz Answers

AWS Cloud Technical Essentials

AWS Fundamentals: Addressing Security Risk

AWS Fundamentals: Migrating to the Cloud

AWS Fundamentals: Building Serverless Applications