5 - Securing Your AWS Resources

Question 1

Why is application and infrastructure security important in cloud deployments?

Answer 1

It is critically important to protect assets from catastrophic data breaches.

Question 2

What role does IAM play in AWS security?

Answer 2

IAM controls authentication and authorization for access to resources.

Question 3

What are the components of IAM that help manage access?

Answer 3

• Users
• Groups
• Roles
• Federated identities

Question 4

What is the recommended best practice for protecting the root user?

Answer 4

Create a complex password and implement multifactor authentication.

Question 5

What are the risks of using the root user for regular tasks?

Answer 5

Compromised root credentials can lead to data theft or unauthorized charges.

Question 6

What does multifactor authentication (MFA) add to account security?

Answer 6

A second layer of security requiring a temporary digital token.

Question 7

Fill in the blank: The _______ is the user identity generated when an AWS account is created.

Answer 7

root user

Question 8

What is the purpose of a password policy in IAM?

Answer 8

To enforce minimum complexity for all user passwords.

Question 9

True or False: Password expiration is recommended by recent security thinking.

Answer 9

False

Question 10

How can AWS users authenticate programmatic access?

Answer 10

Using access keys.

Question 11

What is the industry-standard tool for encrypting remote login sessions?

Answer 11

Secure Shell (SSH) protocol.

Question 12

What should you do with the private key of an SSH key pair?

Answer 12

Download it securely and avoid exposing it publicly.

Question 13

What is the principle of least privilege in IAM?

Answer 13

Assign only the permissions necessary for users to perform their tasks.

Question 14

What happens when you create a new IAM user?

Answer 14

You can assign specific permissions and access types.

Question 15

What is the benefit of using IAM groups?

Answer 15

To manage permissions for multiple users efficiently.

Question 16

How do IAM groups simplify permission management?

Answer 16

Users inherit permissions from the group they are attached to.

Question 17

What is a recommended action to take for the root user’s security?

Answer 17

Lock down the root user and use IAM users for daily tasks.

Question 18

What should you avoid when creating passwords?

Answer 18

Easy-to-guess passwords and password reuse.

Question 19

Fill in the blank: A strong password should include _______.

Answer 19

uppercase and lowercase characters, numbers, and symbols.

Question 20

What is the first step in protecting your root user?

Answer 20

Set a high-quality password.

Question 21

What is the function of access keys in AWS?

Answer 21

To authenticate programmatic and command-line access.

Question 22

When should access keys ideally be assigned?

Answer 22

To users with limited system access necessary for their jobs.

Question 23

What should be done with access keys associated with the root account?

Answer 23

Delete them.

Question 24

What is the process to create a new SSH key pair?

Answer 24

Select the Key Pairs link from the EC2 Dashboard.

Question 25

What can happen if the secret access key is exposed in plaintext?

Answer 25

It can lead to unauthorized access to your AWS account.

Question 26

What happens if you do not download the private SSH key after creating it?

Answer 26

You will not have access to it again.

Question 27

What is a recommended practice for IAM user creation?

Answer 27

Choose user names and attach appropriate permissions.

Question 28

What is the primary function of the AWS IAM service?

Answer 28

Identity and access management

Question 29

Which of the following are requirements you can include in an IAM password policy? (Choose three.)

Answer 29

* Require at least one uppercase letter. * Require at least one number. * Require at least one nonalphanumeric character.

Question 30

Which of the following should you do to secure your AWS root user? (Choose two.)

Answer 30

* Enable MFA. * Create a strong password.

Question 31

How does multifactor authentication work?

Answer 31

In addition to an access password, users also authenticate via a physical MFA device.

Question 32

Which SSH command will successfully connect to an EC2 Amazon Linux instance with an IP address of 54.7.35.103 using a key named mykey.pem?

Answer 32

ssh -i mykey.pem ec2-user@54.7.35.103

Question 33

What’s the most efficient method for managing permissions for multiple IAM users?

Answer 33

Assign users requiring similar permissions to IAM groups.

Question 34

What is an IAM role?

Answer 34

A set of permissions allowing access to specified AWS resources

Question 35

How can federated identities be incorporated into AWS workflows? (Choose two.)

Answer 35

* You can provide users authenticated through a third-party identity provider access to backend resources used by your mobile app. * You can use authenticated identities to import external data (like email records from Gmail) into AWS databases.

Question 36

What is the purpose of IAM groups?

Answer 36

To efficiently control resource access for large numbers of users with different access needs.

Question 37

What service manages encryption keys in AWS?

Answer 37

AWS Key Management Service (KMS)

Question 38

What does AWS Artifact provide?

Answer 38

Access to official documentation on the compliance of AWS infrastructure relating to various regulatory standards.

Question 39

What is the role of Amazon Inspector?

Answer 39

A security assessment service that helps users identify security vulnerabilities and deviations from security best practices in AWS resources.

Question 40

What does Amazon GuardDuty do?

Answer 40

Continuously monitors AWS accounts for suspicious activities and malicious behavior.

Question 41

What is the function of AWS Secrets Manager?

Answer 41

Helps protect and manage secrets, such as database credentials and API keys.

Question 42

What is AWS Cloud HSM used for?

Answer 42

To secure sensitive data by generating and deploying cryptographic keys.

Question 43

Fill in the blank: AWS provides a number of enterprise-strength _______ tools that are conveniently integrated into relevant services.

Answer 43

encryption

Question 44

True or False: IAM roles are primarily used by people.

Answer 44

False

Question 45

What is the key feature of AWS Resource Access Manager (AWS RAM)?

Answer 45

Allows you to share AWS resources with other AWS accounts within your organization.

Question 46

What does AWS Security Hub provide?

Answer 46

A comprehensive view of your security profile across all of your AWS accounts.

Question 47

What is the importance of a credential report in IAM?

Answer 47

Displays information about the state of your account security, including user login status and MFA enablement.

Question 48

How can you encrypt data in S3?

Answer 48

Using S3-managed server-side encryption keys (SSE-S3) or KMS-managed keys (SSE-KMS).

Question 49

What is the purpose of IAM users in AWS?

Answer 49

A set of IAM users given permission to access specified AWS resources

Question 50

What do permissions granted to a trusted entity over specified AWS resources allow?

Answer 50

Permissions granted a trusted entity over specified AWS resources

Question 51

Fill in the blank: Permissions granted an IAM user over specified AWS resources are called _______.

Answer 51

[IAM permissions]

Question 52

How can federated identities be incorporated into AWS workflows? (Choose two.)

Answer 52

* You can provide users authenticated through a third-party identity provider access to backend resources used by your mobile app. * You can provide admins authenticated through AWS Microsoft AD with access to a Microsoft SharePoint farm running on AWS.

Question 53

Which of the following are valid third-party federated identity standards? (Choose two.)

Answer 53

* SAML 2.0 * SSO

Question 54

What information does the IAM credential report provide? (Choose one.)

Answer 54

The current state of security of your IAM users’ access credentials

Question 55

What text format does the IAM credential report use?

Answer 55

CSV

Question 56

Which IAM policy is the best choice for the admin user created to replace the root user for day-to-day administration tasks?

Answer 56

AdministratorAccess

Question 57

What is required for a new IAM user who will use 'programmatic access' to AWS resources? (Choose one.)

Answer 57

An access key ID and secret access key

Question 58

What will IAM users with AWS Management Console access need to successfully log in? (Choose one.)

Answer 58

Their username and password

Question 59

Which of the following will encrypt your data while in transit between your office and Amazon S3?

Answer 59

SSE-KMS

Question 60

Which AWS resources cannot be encrypted using KMS?

Answer 60

Existing AWS Elastic Block Store volumes

Question 61

What does KMS use to encrypt objects stored on your AWS account?

Answer 61

KMS master key

Question 62

Which standard governs AWS-based applications processing credit card transactions?

Answer 62

PCI DSS

Question 63

What is the purpose of the Service Organization Controls (SOC) reports found on AWS Artifact?

Answer 63

They attest to AWS infrastructure compliance with data accountability standards like Sarbanes–Oxley.

Question 64

What role can the documents provided by AWS Artifact play in your application planning? (Choose two.)

Answer 64

* They can help you confirm that your deployment infrastructure is compliant with regulatory standards. * They can provide insight into various regulatory and industry standards that represent best practices.