AWS Fundamentals Addressing Security Risk Coursera Quiz Answers

AWS Fundamentals Addressing Security Risk Quiz Answers

AWS Fundamentals Addressing Security Risk Week 1 Quiz Answers

Q1. What security mechanism can add an extra layer of protection to your AWS account in addition to a username-password combination?

• T​ransport Layer Protocol or TCP
• M​ult-factor Authentication or MFA
• I​ris Scan Service or ISS
• S​cure Bee Service or SBS

Q2. If a user wanted to read from a DynamoDB table what policy would you attach to their user profile?

• AmazonDynamoDBFullAccess
• AWSLambdaInvocation-DynamoDB
• AmazonDynamoDBReadOnlyAccess
• AWSLambdaDynamoDBExecutionRole

Q3. What are valid MFA or Multi-factor Authentication options available to use on AWS? Select all that apply.

• Gemalto token
• Blizzard Authenticator
• yubiKey
• Google Authenticator
• AWS IoT button

Q4. What format is an Identity and Access Management policy document in?

• X​ML
• H​TML
• C​SV
• J​SON

Q5. Which are valid options for interacting with your AWS account? Select all that apply.

• Command Line Interface
• Software Development Kit
• Application Programming Interface
• AWS Console

Quiz 2

Q1. Which solution below grants AWS Management Console access to a DevOps engineer?

• Enable Single sign-on on AWS accounts by using federation and AWS IAM
• Create a user for the security engineer in AWS Cognito User Pool
• Create IAM user for the engineer and associate relevant IAM managed policies to this IAM user  
• Use AWS Organization to scope down IAM roles and grant the security engineer access to this IAM roles 

Q2. Which of these IAM policies cannot be updated by you?

• managed policy
• customer managed policy
• inline policy
• group policy

Q3. Which of these services can establish a trusted relationship between your corporate Active Directory and AWS?

• Amazon Cognito
• AWS SSO
• I​AM
• A​D Connector

Q4. What is the main difference between Cognito User Pool and Cognito Identity Pool?

• User Pool cannot use public identity providers (e.g Facebook, Amazon, …) while Identity Pool can
• Identity Pools provide temporary AWS credentials
• Only User Pools has feature to enable MFA
• User Pools support both authenticated and unauthenticated identities

Q5. How do you audit IAM user’s access to your AWS accounts and resources?

• Using CloudTrail to look at the API call and timestamp
• Using CloudWatch event to notify you when an IAM user sign in
• Using AWS Config to notify you when IAM resources are changed
• Use Trusted Advisor to show a list of sign in events from all users

AWS Fundamentals Addressing Security Risk Week 2 Quiz Answers

Q1. Which statement is true?

• You can only attach 1 elastic network interface (ENI) to each EC2 instance launched in VPC
• By default, each instance that you launch into a nondefault subnet has a public IPv4 address
• To use AWS Private Link, the VPC is required to have a NAT device
• Traffics within an Availability Zone, or between Availability Zones in all Regions, are routed over the AWS private global network

Q2. W​hat is a Security Group?

• Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level
• Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level
• Control who in your organization has permission to create and manage VPC flow logs
• Capture information about the IP traffic going to and from network interfaces in your VPC

Q3. How many types of VPC Endpoints are available?

• Many. Each AWS Service will be supported by 1 type of VPC Endpoints
• Two: Amazon S3 and DynamoDB
• Two: Gateway Endpoint and Interface Endpoint
• One: VPC

Q4. Which of these AWS resources cannot be monitored using VPC Flow logs?

• V​PC
• A​ subnet in a VPC
• A network interface attached to EC2
• An Internet Gateway attached to VPC

Q5. You can route traffic to a NAT Gateway through:

• Site-to-Site VPN connection
• AWS Direct Connect
• VPC Peering
• None of the above

Quiz 2

Q1. What AWS Services keeps a record of who is interacting with your AWS Account?1 point

• Amazon ServiceLog
• Amazon Auditor
• AWS AccountMonitor
• AWS CloudTrail

Q2. Which of the following are monitoring and logging services available on AWS? Select all that apply.

• AWS CloudWatch
• AWS CloudLogger
• Amazon Beehive
• Amazon Config

Q3. Which of the following sections from Trusted Advisor exists under the Well-Architected Framework as a pillar as well?

• Cost Transparency
• Operational Excellence
• Security
• Fault Tolerance

Q4. If you wanted to accomplish threat detection in your AWS Infrastructure, which of the following services would you use?

• AWS GuardDuty
• Amazon ThreatDetector
• Amazon S3
• AWS DynamoDB

Q5. Which AWS Service has an optional agent that can be deployed to EC2 instances to perform a security assessment?

• AWS Assessor
• Amazon Inspector
• AWS EC2Deploy
• Amazon Agent

AWS Fundamentals Addressing Security Risk Week 3 Quiz Answers

Q1. What requirement must you adhere to in order to deploy an AWS CloudHSM?

• Run the HSM in two regions
• Provision the HSM in a VPC
• Deploy an EBS volume for the HSM
• Call AWS Support first to enable it

Q2. What AWS KMS keys are used to encrypt and decrypt data in AWS?

• Customer master keys
• AWS master keys
• Seller recrypt keys
• User recrypt keys

Q3. How much data can you encrypt/decrypt using a Customer Master Key?

• Up to 4MB
• Up to 4TB
• Up to 1MB
• Up to 4KB

Quiz 2

Q1. The purpose of encrypting data when it is in transit between systems and services is to prevent (choose 3 correct answers):

• unauthenticated server and client communication
• eavesdropping
• unauthorized alterations
• unauthorized copying

Q2. Which protocol below is an industry-standard cryptographic protocol used for encrypting data at the transport layer?

• HTTPS
• T​LS
• X.509
• IPSec

Q3. How do you encrypt an existing unencrypted EBS volume?

• EBS volumes are encrypted at rest by default
• Enable Encryption by Default feature
• Take a snapshot for EBS volume, and create new encrypted volume for this snapshot
• Enable encryption for EC2 instance, which will encrypt the attached EBS volumes

Q4. Can you encrypt just a subset of items in a DynamoDB table?

• ​Yes
• N​o

Q5. When you enable encryption for the RDS DB instance, what would not be encrypted?

• JBDC connection
• Transaction logs
• Automated backups
• Read Replicas
• Snapshots

AWS Fundamentals Addressing Security Risk Week 4 Quiz Answers

Q1. W​hich of the following are valid Pillars of the Well-Architected Framework? Choose two.

• Security
• I​infrastructure
• Cost Optimization
• Redundancy
• Speed

Q2. What language does Amazon Athena support?

• ​SQL
• J​ava
• C​++
• d​ogescript

Q3. What is the name of the model that shows how security is handled by AWS and its customers in the AWS Cloud?

• Cloud Security Model
• Role Based Model
• Shared Responsibility Model
• AWS Authentication Model

Q4. What AWS service is best suited for storing objects?

• Amazon Simple Storage Service
• Amazon Elastic Beanstalk
• Amazon DynamoDB
• Amazon Object Store

Q5. What AWS service can be used to manage multiple AWS accounts for consolidated billing?

• AWS Multiple-man
• AWS Account Manager
• AWS Billing
• AWS Organizations

Q6. What type of database is Amazon DynamoDB?

• Relational
• NoSQL
• OnlySQL
• Dynamic

Q7. What is a customer access endpoint?

• A customer token
• A signed code segment
• A URL entry point for a web service
• A websocket for customer connections

Refer Above Quizzes for End of Course Assessment Quiz Answers

AWS Cloud Technical Essentials

AWS Fundamentals: Addressing Security Risk

AWS Fundamentals: Migrating to the Cloud

AWS Fundamentals: Building Serverless Applications