Security

Question 1

CLI Access

Security

Answer 1

Access AWS services by command line

Security

Question 2

Use (3)

Security CLI Access

Answer 2

• Automation
• Running scripts
• Direct resource access

Security CLI Access

Question 3

Access keys

Security

Answer 3

Key ID and Secret key pair created for CLI Access

Security

Question 4

SDK

Security

Answer 4

Language specific APIs for application access

Security

Question 5

Systems supported (3)

Security SDK

Answer 5

• Programming languages (like JS, Python, .Net)
• Mobile SDKs
• IoT SDKs

Security SDK

Question 6

CloudShell

Security

Answer 6

Browser based shell that includes preloaded tools

Security

Question 7

File management

CloudShell

Answer 7

can upload, edit, and download files

CloudShell

Question 8

Default region

CloudShell

Answer 8

The current region you are browsing

CloudShell

Question 9

Shared Responsibility Model

Security

Answer 9

Both AWS and Customer have security and compliance responsibilities

Security

Question 10

Employees

AWS Responsibility

Answer 10

Access and training for Amazon employees

AWS Responsibility

Question 11

Physical

AWS Responsibility

Answer 11

data centers, hardware, and network

AWS Responsibility

Question 12

Updates

AWS Responsibility

Answer 12

patching of cloud infrastructure and services

AWS Responsibility

Question 13

Users (2)

Customer responsibility

Answer 13

• Training
• Least privilege access

Customer responsibility

Question 14

Data

Customer responsibility

Answer 14

security and encryption of data and code

Customer responsibility

Question 15

Configuration

Customer responsibility

Answer 15

OS, network, and firewall

Customer responsibility

Question 16

Updates

Customer responsibility

Answer 16

patching guest OS and custom applications

Customer responsibility

Question 17

Artifact

Compliance

Answer 17

self-service access to AWS agreements and compliance reports

Compliance

Question 18

GuardDuty

Compliance

Answer 18

Monitors accounts and workloads for malicious activity

Compliance

Question 19

Cognito

Security

Answer 19

provides user sign-up, sign-in, and access control for custom applications

Security

Question 20

Federation

Security

Answer 20

can federate with social and enterprise identity providers

Security

Question 21

Network ACL

Security

Answer 21

Security controls at the subnet level in a VPC

Security

Question 22

Traffic control

Network ACL

Answer 22

May allow or deny traffic based on conditions

Network ACL

Question 23

Default ACL

Network ACL

Answer 23

Allow all traffic

Network ACL

Question 24

VPN

Security

Answer 24

Encrypted tunnel over Internet into VPC

Security

Question 25

Endpoint options (2)

VPN

Answer 25

• Datacenter
• individual clients

VPN

Question 26

Service types

VPN

Answer 26

Site-to-site or client

VPN

Question 27

Shield

Security

Answer 27

Managed detection and mitigation of DDoS attacks

Security

Question 28

Macie

Security

Answer 28

Data leakage protection powered by ML

Security

Question 29

Data protected

Macie

Answer 29

personal information and intellectual property

Macie

Question 30

Anomaly detection

Macie

Answer 30

detects unusual activity

Macie

Question 31

Inspector

Security

Answer 31

Scans EC2 Instances for security vulnerabilities

Security

Question 32

Secrets Manager

Security

Answer 32

secure way to store credentials, API keys, tokens

Security

Question 33

Services integrated (3)

Secrets Manager

Answer 33

• RDS
• DynamoDB
• Redshift

Secrets Manager

Question 34

credential management feature

Secrets Manager

Answer 34

can auto-rotate credentials

Secrets Manager

Question 35

authorization

Secrets Manager

Answer 35

provides fine-grained access controls to secrets

Secrets Manager

Question 36

Access AWS services by command line

Security

Answer 36

CLI Access

Security

Question 37

• Automation
• Running scripts
• Direct resource access

Security CLI Access

Answer 37

Use (3)

Security CLI Access

Question 38

Key ID and Secret key pair created for CLI Access

Security

Answer 38

Access keys

Security

Question 39

Language specific APIs for application access

Security

Answer 39

SDK

Security

Question 40

• Programming languages (like JS, Python, .Net)
• Mobile SDKs
• IoT SDKs

Security SDK

Answer 40

Systems supported (3)

Security SDK

Question 41

Browser based shell that includes preloaded tools

Security

Answer 41

CloudShell

Security

Question 42

can upload, edit, and download files

CloudShell

Answer 42

File management

CloudShell

Question 43

The current region you are browsing

CloudShell

Answer 43

Default region

CloudShell

Question 44

Both AWS and Customer have security and compliance responsibilities

Security

Answer 44

Shared Responsibility Model

Security

Question 45

Access and training for Amazon employees

AWS Responsibility

Answer 45

Employees

AWS Responsibility

Question 46

data centers, hardware, and network

AWS Responsibility

Answer 46

Physical

AWS Responsibility

Question 47

patching of cloud infrastructure and services

AWS Responsibility

Answer 47

Updates

AWS Responsibility

Question 48

• Training
• Least privilege access

Customer responsibility

Answer 48

Users (2)

Customer responsibility

Question 49

security and encryption of data and code

Customer responsibility

Answer 49

Data

Customer responsibility

Question 50

OS, network, and firewall

Customer responsibility

Answer 50

Configuration

Customer responsibility

Question 51

patching guest OS and custom applications

Customer responsibility

Answer 51

Updates

Customer responsibility

Question 52

self-service access to AWS agreements and compliance reports

Compliance

Answer 52

Artifact

Compliance

Question 53

Monitors accounts and workloads for malicious activity

Compliance

Answer 53

GuardDuty

Compliance

Question 54

provides user sign-up, sign-in, and access control for custom applications

Security

Answer 54

Cognito

Security

Question 55

can federate with social and enterprise identity providers

Security

Answer 55

Federation

Security

Question 56

Security controls at the subnet level in a VPC

Security

Answer 56

Network ACL

Security

Question 57

May allow or deny traffic based on conditions

Network ACL

Answer 57

Traffic control

Network ACL

Question 58

Allow all traffic

Network ACL

Answer 58

Default ACL

Network ACL

Question 59

Encrypted tunnel over Internet into VPC

Security

Answer 59

VPN

Security

Question 60

• Datacenter
• individual clients

VPN

Answer 60

Endpoint options (2)

VPN

Question 61

• Site-to-site
• client

VPN

Answer 61

Service types (2)

VPN

Question 62

Managed detection and mitigation of DDoS attacks

Security

Answer 62

Shield

Security

Question 63

Data leakage protection powered by ML

Security

Answer 63

Macie

Security

Question 64

personal information and intellectual property

Macie

Answer 64

Data protected

Macie

Question 65

detects unusual activity

Macie

Answer 65

Anomaly detection

Macie

Question 66

Scans EC2 Instances for security vulnerabilities

Security

Answer 66

Inspector

Security

Question 67

secure way to store credentials, API keys, tokens

Security

Answer 67

Secrets Manager

Security

Question 68

• RDS
• DynamoDB
• Redshift

Secrets Manager

Answer 68

Services integrated (3)

Secrets Manager

Question 69

can auto-rotate credentials

Secrets Manager

Answer 69

credential management feature

Secrets Manager

Question 70

provides fine-grained access controls to secrets

Secrets Manager

Answer 70

authorization

Secrets Manager