Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Associate Developer Exam > Section 20: AWS Security and Encryption > Flashcards

Section 20: AWS Security and Encryption Flashcards

1
Q

To enable encryption in flight, we need to have
A) an HTTP endpoint with a SSL certificate
B) an HTTPS endpoint with a SSL certificate
C) a TCP endpoint

A

B) an HTTPS endpoint with a SSL certificate

encryption in flight = HTTPS, and HTTPs cannot be enabled without an SSL certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Server side encryption means that the data is sent encrypted to the server first
A) true
B) false

A

B) false

Server side encryptions means the server will encrypt the data for us. We don’t need to encrypt it beforehand

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In server side encryption, only the encryption happens on the server. Where does the decryption happen?

A) The Server
B) The Client

A

A) The Server

In server side encryption, the decryption also happens on the server (in AWS, we wouldn’t be able to decrypt the data ourselves as we can’t have access to the corresponding encryption key)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In client side encryption, the server must know our encryption scheme to accept the data
A) true
B) false

A

B) false

With client side encryption, the server does not need to know any information about the encryption being used, as the server won’t perform any encryption or decryption tasks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

We need to create User Keys in KMS before using the encryption features for EBS, S3, etc…
A) true
B) false

A

B) false

we can use the AWS Managed Service Keys in KMS, therefore we don’t need to create our own keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

We’d like our Lambda function to have access to a database password. We should
A) Embed in the code
B) Have it as a plaintext environment variable
C) Have it as an encrypted environmental variable

A

C) Have it as an encrypted environmental variable

This is the most secure solution amongst the options

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

We would like to audit the values of an encryption value over time
A) We should use AWS KMS versioning feature
B) We should use S3
C) We should use SSM Parameter Store

A

C) We should use SSM Parameter Store

SSM Parameter Store has versioning and audit of values built-in directly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q 
Under the shared responsibility model, what are you responsible for in RDS?
A) Security Group Rules
B) OS patching
C) Database Patching
D) Underlying Hardware Security
A

A) Security Group Rules

This are configured by us and we’ve done that extensively in the course

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
Your user-facing website is a high risk target for DDoS attack and you would like to get 24/7 support in case they happen, as well as AWS bill reimbursement for the incurred costs during the attacks. What service should you use?
A) AWS Shield Advanced
B) AWS WAF
C) AWS Shield
D) AWS DDoS OpsTeam
A

A) AWS Shield Advanced

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You need an encryption service that supports asymmetric encryption schemes, and you want to manage the security keys yourself. Which service could you use?
A) CloudHSM
B) KMS
C) Parameter Store

A

A) CloudHSM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

AWS Associate Developer Exam (25 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions