Module 6: Security

Question 1

Are these tasks the responsibilities of customers or AWS?

1. Configuring security groups on Amazon EC2 instances
2. Maintaining network infrastructure
3. Implementing physical security controls at data centers
4. Patching software on Amazon EC2 instances
5. Maintaining servers that run Amazon EC2 instances
6. Setting permissions for Amazon S3 objects

Answer 1

1. Customer
2. AWS
3. AWS
4. Customer
5. AWS
6. Customer

Question 2

Name the AWS service that allows you to manage access to AWS services and resources securely?

Answer 2

AWS Identity and Access Management (IAM)

Question 3

What does IAM stand for in the context of AWS security?

A) Identity and Authorization Management
B) Internet Access Monitoring
C) Integrated Application Management
D) Identity and Access Management

Answer 3

D) Identity and Access Management

Question 4

What is the primary purpose of AWS IAM?

A) To secure physical data centers.
B) To encrypt data in transit.
C) To manage access to AWS services and resources.
D) To monitor network traffic.

Answer 4

C) To manage access to AWS services and resources.

Question 5

What is an IAM user in AWS IAM?

A) A user who can access the internet from within the AWS network.
B) A user with administrative access to the AWS Management Console.
C) A virtual machine instance with full access to all AWS services.
D) An entity that represents a person or service that interacts with AWS resources.

Answer 5

D) An entity that represents a person or service that interacts with AWS resources.

Question 6

Which of the following statements about IAM policies is correct?

A) IAM policies are only used for encrypting data at rest.
B) IAM policies are applied to S3 buckets only.
C) IAM policies define permissions for users, groups, and roles.
D) IAM policies can be edited by all AWS users.

Answer 6

C) IAM policies define permissions for users, groups, and roles.

Question 7

What is the purpose of an IAM role in AWS?

A) To restrict user access to specific IP addresses.
B) To assign administrative privileges to users.
C) To grant temporary permissions to AWS services or users.
D) To monitor network traffic for suspicious activity.

Answer 7

C) To grant temporary permissions to AWS services or users.

Question 8

A practitioner is configuring
service control policies
(SCPs) in AWS
Organizations. Which
identities and resources can
SCPs be applied to? (Select
TWO.)

A) AWS Identity and Access Management (IAM) users
B) AWS Identity and Access Management (IAM) groups
C) An individual member account
D) AWS Identity and Access Management (IAM) roles
E) An organizational unit (OU)

Answer 8

C) An individual member account
E) An organizational unit (OU)

Question 9

Which tasks can be
completed in AWS Artifact?
(Select TWO.)

A) Access AWS compliance reports on demand.
B) Consolidate and manage multiple AWS accounts within a
central location.
C) Create users to allow people and applications to interact with AWS services and resources.
D) Set permissions for accounts by configuring service control policies (SCPs).
E) Review, accept, and manage agreements with AWS.

Answer 9

A) Access AWS compliance reports on demand.
E) Review, accept, and manage agreements with AWS.

Question 10

Match the AWS service to the correct description:

1. Provides intelligent threat detections for AWS products and services.
2. Offers encryption capabilities
3. Provides protection against distributed denial of service (DDoS) attacks.
4. Allows you to perform automated security assessments on your applications.

A. AWS Shield

B. AWS GuardDuty

C. Amazon Inspector

D. AWS Key Management Service (AWS KMS)

Answer 10

1. B
2. D
3. A
4. C

Question 11

Which option describes an
AWS Identity and Access
Management (IAM) policy?

A) An authentication process that provides an extra layer of protection for an AWS account
B) A document that grants or denies permissions to AWS services and resources
C) An identity that a user can assume to gain temporary access to permissions
D) The identity that is established when a user first creates an AWS account

Answer 11

B) A document that grants or denies permissions to AWS services and resources

Question 12

An employee requires
temporary access to create
several Amazon S3 buckets.
Which option should be
used for this task?

A) AWS account root user
B) AWS Identity and Access Management (IAM) group
C) AWS Identity and Access Management (IAM) role
D) Service control policy (SCP)

Answer 12

C) AWS Identity and Access Management (IAM) role

Question 13

Which of the following
descriptions best describes
the concept of least
privilege?

A) Adding an AWS Identity and Access Management (IAM) user into at least one IAM group
B) Granting only the permissions that are needed to perform specific job tasks
C) Checking a packet’s permissions against an access control list
D) Performing a denial of service attack that originates from at least one device

Answer 13

B) Granting only the permissions that are needed to perform specific job tasks

Question 14

Which service helps protect
your applications against
distributed denial of service
(DDoS) attacks?

A Amazon GuardDuty
B Amazon Inspector
C AWS Artifact
D AWS Shield

Answer 14

D) AWS Shield

Question 15

Which task can AWS Key
Management Service (AWS
KMS) perform?

A) Configure multi-factor authentication (MFA)
B) Update the AWS account root user password
C) Create cryptographic keys
D) Assign permissions to users and groups

Answer 15

C) Create cryptographic keys