Quiz - Chapter 17 - Security

Question 1

What does DDoS stand for?

Answer 1

Distributed Denial of Service

Question 2

What is the easiest way to ensure your CloudTrail logs haven’t been tampered with?

Answer 2

Enable log file validation in your trail

CloudTrail offers this as a feature, but you must enable it.

Question 3

Which of the following is NOT a data source for GuardDuty?

Answer 3

RDS Event History

GuardDuty would not be able to monitor this

Question 4

What service does Macie monitor once you’ve enabled it?

Answer 4

S3

Question 5

What is the best way to deliver content from an S3 bucket that only allows users to view content for a set period of time?

Answer 5

Create a presigned URL using S3

Presigned URLs would allow you to restrict the length of time the content can be viewed

Question 6

What is the easiest way to log API calls in AWS?

Answer 6

CloudTrail is the best way to log API calls in AWS

Question 7

Your boss requires automatic key rotation for your encrypted data. Which AWS service supports this?

Answer 7

KMS

Question 8

True or False? AWS Shield Advanced provides access to a 24/7 support team to help with DDoS issues.

Answer 8

TRUE

Question 9

True or False? You must explicitly deny all API calls that a user shouldn’t be able to make.

Answer 9

FALSE

All calls are denied by default and must be allowed

Question 10

What three components are required in all IAM policy documents?

Answer 10

Effect, Action, and Resource are the only required parts