AWS Quest 4 Test

Question 1

Which of the following are characteristics of network ACL’s?

Answer 1

1. They evaluate a list of rules to determine access, where lower number rules have precedent over higher numbers
2. They can explicitly block IP addresses
3. They are stateless

Question 2

True or False: If your EC2 instance wants to send a request to a websites port 80 to request their website, the outbound port used to initiate that request from your EC2 will also be port 80

Answer 2

false

Question 3

If you needed to set up secure communication for multiple remote locations, which service would allow this?

Answer 3

VPC CloudHub

Question 4

If you wanted to establish private communication over the AWS network from an EC2 and an AWS service, you can:
Group of answer choices

Answer 4

Create a VPC endpoint between the EC2 and the network load balancer in front of the AWS service

Question 5

If your EC2 instance attempts to send a request to the internet and the request fails, the cause is likely due to:

Answer 5

The ephemeral outbound ports being closed

Question 6

True or False: If VPC A is peered with VPC B, and VPC B is peered with VPC C, then VPC A can communicate with VPC C

Answer 6

false

Question 7

If you wanted to allow direct communication from another user’s VPC to one of your EC2 instances in your own VPC, what service can you use to enable this?

Answer 7

VPC Private Link

Question 8

You work for an organization that uses AWS for their cloud infrastructure. Occasionally, developers need to connect to EC2 instances in order to perform routine work and maintenance. How should your developers connect?

Answer 8

Developers should use their personal access keys to connect to a bastion host

Question 9

A new AWS professional created an EC2 instance for a short, 1 week demo. Anticipated running cost for this instance was about 1 dollar a day. At the end of the week, the total costs for the instance exceeds $500. What could have happened?

Answer 9

The instance was not properly secured and got DDoS attacked

Question 10

What can a WAF do that the other firewall options can not?

Answer 10

Detect and protect against common attacks

Question 11

True or False: VPC flow logs allow you to see the to and from IP address as well as which ports are used for communication across a VPC, Subnet, or ENI
Group of answer choices

Answer 11

true

Question 12

Which of the following allows you to browse and purchase software from vendors?

Answer 12

AWS Marketplace

Question 13

True or False: Lambda functions can invoke one or more other lambda functions

Answer 13

True

Question 14

Amazon Kinesis ____ uses sharding to temporarily store data until it’s waiting to be processed

Answer 14

Streams

Question 15

What is the purpose of the service Fargate?

Answer 15

Fargate offers serverless compute for containers and clusters

Question 16

What is SES capable of that SNS can not do? (select all that apply)

Answer 16

CORRECT

1. Support email authentication and analytics
2. Support custom email headers
3. Support multimedia messages

Question 17

True or false: Users must subscribe to SES emails in order to receive them

Answer 17

false

Question 18

As businesses scale, keeping a consistent configuration of resources being created by team members becomes increasingly difficult. Which of the following services can audit and monitor deviations from established configurations?

Answer 18

AWS Config

Question 19

Automating security analysis can be a very complex task that must adapt to an ever changing cloud environment. Which of the following services will automatically assess security to make sure best practices are upheld, and generate a report organized by severity level?

Answer 19

AWS Inspector

Question 20

Which AWS support plan comes with a technical account manager?

Answer 20

Enterprise support plan

Question 21

What is the least expensive support plan that will offer general guidance and assistance when systems are impaired?

Answer 21

Developer support plan

Question 22

Which of the five pillars is described by “The ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures”

Answer 22

Operational Excellence

Question 23

Which of the following is AWS responsible for securing / maintaining?

Answer 23

1. The hardware that the cloud is comprised of
2. The physical security of the global infrastructure
3. The network
4. The provided software