AWS Fundamentals: Addressing Security Risk

AWS Fundamentals: Addressing Security Risk | Quiz Answers

  • Post comments:0 Comments
  • Reading time:6 mins read

AWS Fundamentals: Addressing Security Risk

Week 1 Quiz 1

Q1. What security mechanism can add an extra layer of protection to your AWS account in addition to a username-password combination?

  • T​ransport Layer Protocol or TCP
  • M​ult-factor Authentication or MFA
  • I​ris Scan Service or ISS
  • S​cure Bee Service or SBS

Q2. If a user wanted to read from a DynamoDB table what policy would you attach to their user profile?

  • AmazonDynamoDBFullAccess
  • AWSLambdaInvocation-DynamoDB
  • AmazonDynamoDBReadOnlyAccess
  • AWSLambdaDynamoDBExecutionRole

Q3. What are valid MFA or Multi-factor Authentication options available to use on AWS? Select all that apply.

  • Gemalto token
  • Blizzard Authenticator
  • yubiKey
  • Google Authenticator
  • AWS IoT button

Q4. What format is an Identity and Access Management policy document in?

  • X​ML
  • H​TML
  • C​SV
  • J​SON

Q5. Which are valid options for interacting with your AWS account? Select all that apply.

  • Command Line Interface
  • Software Development Kit
  • Application Programming Interface
  • AWS Console

Week 1 Quiz 2

Q1. Which solution below grants AWS Management Console access to a DevOps engineer?

  • Enable Single sign-on on AWS accounts by using federation and AWS IAM
  • Create a user for the security engineer in AWS Cognito User Pool
  • Create IAM user for the engineer and associate relevant IAM managed policies to this IAM user  
  • Use AWS Organization to scope down IAM roles and grant the security engineer access to this IAM roles 

Q2. Which of these IAM policies cannot be updated by you?

  • managed policy
  • customer managed policy
  • inline policy
  • group policy

Q3. Which of these services can establish a trusted relationship between your corporate Active Directory and AWS?

  • Amazon Cognito
  • AWS SSO
  • I​AM
  • A​D Connector

Q4. What is the main difference between Cognito User Pool and Cognito Identity Pool?

  • User Pool cannot use public identity providers (e.g Facebook, Amazon, …) while Identity Pool can
  • Identity Pools provide temporary AWS credentials
  • Only User Pools has feature to enable MFA
  • User Pools support both authenticated and unauthenticated identities

Q5. How do you audit IAM user’s access to your AWS accounts and resources?

  • Using CloudTrail to look at the API call and timestamp
  • Using CloudWatch event to notify you when an IAM user sign in
  • Using AWS Config to notify you when IAM resources are changed
  • Use Trusted Advisor to show a list of sign in events from all users

Week 2 Quiz 1

Q1. Which statement is true?

  • You can only attach 1 elastic network interface (ENI) to each EC2 instance launched in VPC
  • By default, each instance that you launch into a nondefault subnet has a public IPv4 address
  • To use AWS Private Link, the VPC is required to have a NAT device
  • Traffics within an Availability Zone, or between Availability Zones in all Regions, are routed over the AWS private global network

Q2. W​hat is a Security Group?

  • Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level
  • Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level
  • Control who in your organization has permission to create and manage VPC flow logs
  • Capture information about the IP traffic going to and from network interfaces in your VPC

Q3. How many types of VPC Endpoints are available?

  • Many. Each AWS Service will be supported by 1 type of VPC Endpoints
  • Two: Amazon S3 and DynamoDB
  • Two: Gateway Endpoint and Interface Endpoint
  • One: VPC

Q4. Which of these AWS resources cannot be monitored using VPC Flow logs?

  • V​PC
  • A​ subnet in a VPC
  • A network interface attached to EC2
  • An Internet Gateway attached to VPC

Q5. You can route traffic to a NAT Gateway through:

  • Site-to-Site VPN connection
  • AWS Direct Connect
  • VPC Peering
  • None of the above

Week 2 Quiz 2

Q1. What AWS Services keeps a record of who is interacting with your AWS Account?1 point

  • Amazon ServiceLog
  • Amazon Auditor
  • AWS AccountMonitor
  • AWS CloudTrail

Q2. Which of the following are monitoring and logging services available on AWS? Select all that apply.

  • AWS CloudWatch
  • AWS CloudLogger
  • Amazon Beehive
  • Amazon Config

Q3. Which of the following sections from Trusted Advisor exists under the Well-Architected Framework as a pillar as well?

  • Cost Transparency
  • Operational Excellence
  • Security
  • Fault Tolerance

Q4. If you wanted to accomplish threat detection in your AWS Infrastructure, which of the following services would you use?

  • AWS GuardDuty
  • Amazon ThreatDetector
  • Amazon S3
  • AWS DynamoDB

Q5. Which AWS Service has an optional agent that can be deployed to EC2 instances to perform a security assessment?

  • AWS Assessor
  • Amazon Inspector
  • AWS EC2Deploy
  • Amazon Agent

Week 3 Quiz 1

Q1. What requirement must you adhere to in order to deploy an AWS CloudHSM?

  • Run the HSM in two regions
  • Provision the HSM in a VPC
  • Deploy an EBS volume for the HSM
  • Call AWS Support first to enable it

Q2. What AWS KMS keys are used to encrypt and decrypt data in AWS?

  • Customer master keys
  • AWS master keys
  • Seller recrypt keys
  • User recrypt keys

Q3. How much data can you encrypt/decrypt using a Customer Master Key?

  • Up to 4MB
  • Up to 4TB
  • Up to 1MB
  • Up to 4KB

Week 3 Quiz 2

Q1. The purpose of encrypting data when it is in transit between systems and services is to prevent (choose 3 correct answers):

  • unauthenticated server and client communication
  • eavesdropping
  • unauthorized alterations
  • unauthorized copying

Q2. Which protocol below is an industry-standard cryptographic protocol used for encrypting data at the transport layer?

  • HTTPS
  • T​LS
  • X.509
  • IPSec

Q3. How do you encrypt an existing unencrypted EBS volume?

  • EBS volumes are encrypted at rest by default
  • Enable Encryption by Default feature
  • Take a snapshot for EBS volume, and create new encrypted volume for this snapshot
  • Enable encryption for EC2 instance, which will encrypt the attached EBS volumes

Q4. Can you encrypt just a subset of items in a DynamoDB table?

  • ​Yes
  • N​o

Q5. When you enable encryption for the RDS DB instance, what would not be encrypted?

  • JBDC connection
  • Transaction logs
  • Automated backups
  • Read Replicas
  • Snapshots

Week 4 Quiz

Q1. W​hich of the following are valid Pillars of the Well-Architected Framework? Choose two.

  • Security
  • I​infrastructure
  • Cost Optimization
  • Redundancy
  • Speed

Q2. What language does Amazon Athena support?

  • ​SQL
  • J​ava
  • C​++
  • d​ogescript

Q3. What is the name of the model that shows how security is handled by AWS and its customers in the AWS Cloud?

  • Cloud Security Model
  • Role Based Model
  • Shared Responsibility Model
  • AWS Authentication Model

Q4. What AWS service is best suited for storing objects?

  • Amazon Simple Storage Service
  • Amazon Elastic Beanstalk
  • Amazon DynamoDB
  • Amazon Object Store

Q5. What AWS service can be used to manage multiple AWS accounts for consolidated billing?

  • AWS Multiple-man
  • AWS Account Manager
  • AWS Billing
  • AWS Organizations

Q6. What type of database is Amazon DynamoDB?

  • Relational
  • NoSQL
  • OnlySQL
  • Dynamic

Q7. What is a customer access endpoint?

  • A customer token
  • A signed code segment
  • A URL entry point for a web service
  • A websocket for customer connections

Refer Above Quizzes for End of Course Assessment Quiz Answers

More Quiz Answers

AWS Cloud Technical Essentials | Quiz Answers

Enroll in this Course

Leave a Reply