Module 6: Security Flashcards

1
Q

Are these tasks the responsibilities of customers or AWS?

  1. Configuring security groups on Amazon EC2 instances
  2. Maintaining network infrastructure
  3. Implementing physical security controls at data centers
  4. Patching software on Amazon EC2 instances
  5. Maintaining servers that run Amazon EC2 instances
  6. Setting permissions for Amazon S3 objects
A
  1. Customer
  2. AWS
  3. AWS
  4. Customer
  5. AWS
  6. Customer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Name the AWS service that allows you to manage access to AWS services and resources securely?

A

AWS Identity and Access Management (IAM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does IAM stand for in the context of AWS security?

A) Identity and Authorization Management
B) Internet Access Monitoring
C) Integrated Application Management
D) Identity and Access Management

A

D) Identity and Access Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the primary purpose of AWS IAM?

A) To secure physical data centers.
B) To encrypt data in transit.
C) To manage access to AWS services and resources.
D) To monitor network traffic.

A

C) To manage access to AWS services and resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is an IAM user in AWS IAM?

A) A user who can access the internet from within the AWS network.
B) A user with administrative access to the AWS Management Console.
C) A virtual machine instance with full access to all AWS services.
D) An entity that represents a person or service that interacts with AWS resources.

A

D) An entity that represents a person or service that interacts with AWS resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following statements about IAM policies is correct?

A) IAM policies are only used for encrypting data at rest.
B) IAM policies are applied to S3 buckets only.
C) IAM policies define permissions for users, groups, and roles.
D) IAM policies can be edited by all AWS users.

A

C) IAM policies define permissions for users, groups, and roles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the purpose of an IAM role in AWS?

A) To restrict user access to specific IP addresses.
B) To assign administrative privileges to users.
C) To grant temporary permissions to AWS services or users.
D) To monitor network traffic for suspicious activity.

A

C) To grant temporary permissions to AWS services or users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A practitioner is configuring
service control policies
(SCPs) in AWS
Organizations. Which
identities and resources can
SCPs be applied to? (Select
TWO.)

A) AWS Identity and Access Management (IAM) users
B) AWS Identity and Access Management (IAM) groups
C) An individual member account
D) AWS Identity and Access Management (IAM) roles
E) An organizational unit (OU)

A

C) An individual member account
E) An organizational unit (OU)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which tasks can be
completed in AWS Artifact?
(Select TWO.)

A) Access AWS compliance reports on demand.
B) Consolidate and manage multiple AWS accounts within a
central location.
C) Create users to allow people and applications to interact with AWS services and resources.
D) Set permissions for accounts by configuring service control policies (SCPs).
E) Review, accept, and manage agreements with AWS.

A

A) Access AWS compliance reports on demand.
E) Review, accept, and manage agreements with AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Match the AWS service to the correct description:

  1. Provides intelligent threat detections for AWS products and services.
  2. Offers encryption capabilities
  3. Provides protection against distributed denial of service (DDoS) attacks.
  4. Allows you to perform automated security assessments on your applications.

A. AWS Shield

B. AWS GuardDuty

C. Amazon Inspector

D. AWS Key Management Service (AWS KMS)

A
  1. B
  2. D
  3. A
  4. C
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which option describes an
AWS Identity and Access
Management (IAM) policy?

A) An authentication process that provides an extra layer of protection for an AWS account
B) A document that grants or denies permissions to AWS services and resources
C) An identity that a user can assume to gain temporary access to permissions
D) The identity that is established when a user first creates an AWS account

A

B) A document that grants or denies permissions to AWS services and resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An employee requires
temporary access to create
several Amazon S3 buckets.
Which option should be
used for this task?

A) AWS account root user
B) AWS Identity and Access Management (IAM) group
C) AWS Identity and Access Management (IAM) role
D) Service control policy (SCP)

A

C) AWS Identity and Access Management (IAM) role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following
descriptions best describes
the concept of least
privilege?

A) Adding an AWS Identity and Access Management (IAM) user into at least one IAM group
B) Granting only the permissions that are needed to perform specific job tasks
C) Checking a packet’s permissions against an access control list
D) Performing a denial of service attack that originates from at least one device

A

B) Granting only the permissions that are needed to perform specific job tasks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which service helps protect
your applications against
distributed denial of service
(DDoS) attacks?

A Amazon GuardDuty
B Amazon Inspector
C AWS Artifact
D AWS Shield

A

D) AWS Shield

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which task can AWS Key
Management Service (AWS
KMS) perform?

A) Configure multi-factor authentication (MFA)
B) Update the AWS account root user password
C) Create cryptographic keys
D) Assign permissions to users and groups

A

C) Create cryptographic keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly