Security

Question 1

CLI Access

Security

Answer 1

Access AWS services by command line

Security

Question 2

Use (3)

Security CLI Access

Answer 2

• Automation
• Running scripts
• Direct resource access

Security CLI Access

Question 3

Access keys

Security

Answer 3

Key ID and Secret key pair created for CLI Access

Security

Question 4

SDK

Security

Answer 4

Language specific APIs for application access

Security

Question 5

Systems supported (3)

Security SDK

Answer 5

• Programming languages (like JS, Python, .Net)
• Mobile SDKs
• IoT SDKs

Security SDK

Question 6

CloudShell

Security

Answer 6

Browser based shell that includes preloaded tools

Security

Question 7

File management

CloudShell

Answer 7

can upload, edit, and download files

CloudShell

Question 8

Default region

CloudShell

Answer 8

The current region you are browsing

CloudShell

Question 9

Shared Responsibility Model

Security

Answer 9

Both AWS and Customer have security and compliance responsibilities

Security

Question 10

Employees

AWS Responsibility

Answer 10

Access and training for Amazon employees

AWS Responsibility

Question 11

Physical

AWS Responsibility

Answer 11

data centers, hardware, and network

AWS Responsibility

Question 12

Updates

AWS Responsibility

Answer 12

patching of cloud infrastructure and services

AWS Responsibility

Question 13

Users (2)

Customer responsibility

Answer 13

• Training
• Least privilege access

Customer responsibility

Question 14

Data

Customer responsibility

Answer 14

security and encryption of data and code

Customer responsibility

Question 15

Configuration

Customer responsibility

Answer 15

OS, network, and firewall

Customer responsibility

Question 16

Updates

Customer responsibility

Answer 16

patching guest OS and custom applications

Customer responsibility

Question 17

Artifact

Compliance

Answer 17

self-service access to AWS agreements and compliance reports

Compliance

Question 18

GuardDuty

Compliance

Answer 18

Monitors accounts and workloads for malicious activity

Compliance

Question 19

Cognito

Security

Answer 19

provides user sign-up, sign-in, and access control for custom applications

Security

Question 20

Federation

Security

Answer 20

can federate with social and enterprise identity providers

Security

Question 21

Network ACL

Security

Answer 21

Security controls at the subnet level in a VPC

Security

Question 22

Traffic control

Network ACL

Answer 22

May allow or deny traffic based on conditions

Network ACL

Question 23

Default ACL

Network ACL

Answer 23

Allow all traffic

Network ACL

Question 24

VPN

Security

Answer 24

Encrypted tunnel over Internet into VPC

Security

Question 25

Endpoint options (2) | VPN

Answer 25

* Datacenter * individual clients | VPN

Question 26

Service types | VPN

Answer 26

Site-to-site or client | VPN

Question 27

Shield | Security

Answer 27

Managed detection and mitigation of DDoS attacks | Security

Question 28

Macie | Security

Answer 28

Data leakage protection powered by ML | Security

Question 29

Data protected | Macie

Answer 29

personal information and intellectual property | Macie

Question 30

Anomaly detection | Macie

Answer 30

detects unusual activity | Macie

Question 31

Inspector | Security

Answer 31

Scans EC2 Instances for security vulnerabilities | Security

Question 32

Secrets Manager | Security

Answer 32

secure way to store credentials, API keys, tokens | Security

Question 33

Services integrated (3) | Secrets Manager

Answer 33

* RDS * DynamoDB * Redshift | Secrets Manager

Question 34

credential management feature | Secrets Manager

Answer 34

can auto-rotate credentials | Secrets Manager

Question 35

authorization | Secrets Manager

Answer 35

provides fine-grained access controls to secrets | Secrets Manager

Question 36

Access AWS services by command line | Security

Answer 36

CLI Access | Security

Question 37

* Automation * Running scripts * Direct resource access | Security CLI Access

Answer 37

Use (3) | Security CLI Access

Question 38

Key ID and Secret key pair created for CLI Access | Security

Answer 38

Access keys | Security

Question 39

Language specific APIs for application access | Security

Answer 39

SDK | Security

Question 40

* Programming languages (like JS, Python, .Net) * Mobile SDKs * IoT SDKs | Security SDK

Answer 40

Systems supported (3) | Security SDK

Question 41

Browser based shell that includes preloaded tools | Security

Answer 41

CloudShell | Security

Question 42

can upload, edit, and download files | CloudShell

Answer 42

File management | CloudShell

Question 43

The current region you are browsing | CloudShell

Answer 43

Default region | CloudShell

Question 44

Both AWS and Customer have security and compliance responsibilities | Security

Answer 44

Shared Responsibility Model | Security

Question 45

Access and training for Amazon employees | AWS Responsibility

Answer 45

Employees | AWS Responsibility

Question 46

data centers, hardware, and network | AWS Responsibility

Answer 46

Physical | AWS Responsibility

Question 47

patching of cloud infrastructure and services | AWS Responsibility

Answer 47

Updates | AWS Responsibility

Question 48

* Training * Least privilege access | Customer responsibility

Answer 48

Users (2) | Customer responsibility

Question 49

security and encryption of data and code | Customer responsibility

Answer 49

Data | Customer responsibility

Question 50

OS, network, and firewall | Customer responsibility

Answer 50

Configuration | Customer responsibility

Question 51

patching guest OS and custom applications | Customer responsibility

Answer 51

Updates | Customer responsibility

Question 52

self-service access to AWS agreements and compliance reports | Compliance

Answer 52

Artifact | Compliance

Question 53

Monitors accounts and workloads for malicious activity | Compliance

Answer 53

GuardDuty | Compliance

Question 54

provides user sign-up, sign-in, and access control for custom applications | Security

Answer 54

Cognito | Security

Question 55

can federate with social and enterprise identity providers | Security

Answer 55

Federation | Security

Question 56

Security controls at the subnet level in a VPC | Security

Answer 56

Network ACL | Security

Question 57

May allow or deny traffic based on conditions | Network ACL

Answer 57

Traffic control | Network ACL

Question 58

Allow all traffic | Network ACL

Answer 58

Default ACL | Network ACL

Question 59

Encrypted tunnel over Internet into VPC | Security

Answer 59

VPN | Security

Question 60

* Datacenter * individual clients | VPN

Answer 60

Endpoint options (2) | VPN

Question 61

* Site-to-site * client | VPN

Answer 61

Service types (2) | VPN

Question 62

Managed detection and mitigation of DDoS attacks | Security

Answer 62

Shield | Security

Question 63

Data leakage protection powered by ML | Security

Answer 63

Macie | Security

Question 64

personal information and intellectual property | Macie

Answer 64

Data protected | Macie

Question 65

detects unusual activity | Macie

Answer 65

Anomaly detection | Macie

Question 66

Scans EC2 Instances for security vulnerabilities | Security

Answer 66

Inspector | Security

Question 67

secure way to store credentials, API keys, tokens | Security

Answer 67

Secrets Manager | Security

Question 68

* RDS * DynamoDB * Redshift | Secrets Manager

Answer 68

Services integrated (3) | Secrets Manager

Question 69

can auto-rotate credentials | Secrets Manager

Answer 69

credential management feature | Secrets Manager

Question 70

provides fine-grained access controls to secrets | Secrets Manager

Answer 70

authorization | Secrets Manager