AWS Module 6 - Security

Question 2

What is the primary function of Amazon Inspector?

A) Identifying root AWS accounts
B) Automating security assessments
C) Monitoring network traffic
D) Configuring Web Application Firewall

Answer 2

B

Question 3

Which AWS service provides comprehensive threat detection for the AWS infrastructure?

A) AWS Artifact
B) Amazon Macie
C) Amazon Cloud Directory
D) Amazon GuardDuty

Answer 3

D

Question 4

What is the main purpose of AWS WAF (Web Application Firewall)?

A) Blocking specific IP addresses from accessing an AWS resource
B) Detecting and protecting against DDoS attacks
C) Performing automated security assessments
D) Providing compliance reports

Answer 4

A

Question 5

Which AWS service is used for centrally managing security alerts and compliance status across multiple AWS accounts?

A) AWS Secrets Manager
B) Amazon Detective
C) AWS Security Hub
D) AWS Audit Manager

Answer 5

C

Question 6

Which service collects log data from AWS resources for security investigations?

Answer 6

Amazon Detective

Question 7

What security service uses machine learning to protect sensitive data in AWS?

Answer 7

Amazon Macie

Question 8

Which service helps in continuous auditing of AWS usage for compliance purposes?

Answer 8

AWS Audit Manager

Question 9

Which service enables the use of hardware security modules (HSM) on the AWS Cloud?

Answer 9

AWS CloudHSM

Question 10

Which service centrally manages AWS WAF rules across accounts and applications?

Answer 10

AWS Firewall Manager

Question 11

What AWS service deploys essential network protections for VPCs?

Answer 11

AWS Network Firewall

Question 12

What service provides a comprehensive view of security alerts across AWS accounts?

Answer 12

AWS Security Hub

Question 13

What are the essential steps involved in the GuardDuty process?
A) Analyze, Remediate, Store
B) Detect, Monitor, Review
C) Enable, Analyze, Intelligently Detect, Review
D) Monitor, Deploy, Act

Answer 13

C

Question 14

What types of logs does GuardDuty analyze for threat detection in AWS environments?

Answer 14

C

Question 15

How can GuardDuty findings be acted upon if a threat is detected?
A) Automatically take remediation steps with AWS Lambda functions
B) Manually modify VPC security groups
C) Deploy additional network appliances
D) Escalate issues to AWS support team

Answer 15

A

Question 16

What is the role of the AWS account root user in IAM?
A) Complete access to all the AWS services and resources
B) Limited access to specific AWS services
C) Complete access to a few AWS services
D) No access to any AWS services

Answer 16

A

Question 17

What is the primary function of IAM policies in AWS?
A) Assigning users to groups
B) Providing complete access to AWS services
C) Enforcing the security principle of least privilege
D) Assigning roles to IAM users

Answer 17

C

Question 18

What defines an IAM group in AWS IAM?
A) A set of AWS resources
B) A collection of permissions
C) A collection of IAM users
D) A set of IAM policies

Answer 18

C

Question 19

How do IAM roles function in AWS IAM?
A) Long-term access to resources
B) Temporary access to permissions
C) Permanent access to services
D) Shared access among users

Answer 19

B

Question 20

What is the primary function of AWS Organizations in managing AWS accounts?
A) Monitor network activity
B) Consolidate and manage multiple AWS accounts
C) Automatically configure IAM roles
D) Maintain VPC security

Answer 20

B

Question 21

What is the purpose of the root in AWS Organizations?
A) To manage organizational units
B) To define service control policies
C) To serve as the parent container for all accounts
D) To create individual API actions

Answer 21

C

Question 22

How do Organizational Units (OUs) help in AWS Organizations?
A) They enforce SCPs on the entire AWS organization
B) They define policies for individual AWS services
C) They group accounts with similar business or security requirements
D) They monitor user access to AWS resources

Answer 22

C

Question 23

What happens when a policy is applied to an Organizational Unit (OU) in AWS Organizations?
A) It applies to all AWS accounts in the organization
B) It restricts access to individual API actions
C) It automatically configures SCPs for each account
D) It inherits permissions for all accounts in the OU

Answer 23

D

Question 24

How can SCPs be used in AWS Organizations?
A) To define IAM user permissions
B) To monitor network traffic
C) To isolate workloads into separate OUs
D) To restrict access to specific AWS services and resources

Answer 24

D

Question 25

What does AWS Artifact primarily offer access to?
A) On-demand access to security personnel
B) AWS security and compliance reports
C) AWS free-tier resources
D) Artifact creation tools

Answer 25

B

Question 26

What are the two main sections of AWS Artifact?
A) AWS Authorization and Compliance
B) AWS Security and Compliance
C) AWS Artifact Agreements and AWS Artifact Reports
D) AWS Audit and Agreement Reports

Answer 26

C

Question 27

What do AWS Artifact Reports provide?
A) Reports on AWS stock performance
B) On-demand cloud resources
C) Compliance reports from third-party auditors
D) Cloud migration strategy reports

Answer 27

C