Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS CTF - Udemy Practice Test > Security and Compliance > Flashcards

Security and Compliance Flashcards

1
Q

A company runs an application on a fleet of EC2 instances. The company wants to automate the traditional maintenance job of running timely assessments and checking for OS vulnerabilities. As a Cloud Practitioner, which service will you suggest for this use case?

A

Amazon Inspector

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A company wants to have control over creating and using its own keys for encryption on AWS services. Which of the following can be used for this use-case?

A

customer managed key (CMK)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following AWS services has encryption enabled by default?

  • AWS CloudTrail Logs
  • Amazon Elastic Block Store (Amazon EBS)
  • Amazon Relational Database Service (Amazon RDS)
  • Amazon Elastic File System (Amazon EFS)
A

AWS CloudTrail Logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A company uses reserved EC2 instances across multiple units with each unit having its own AWS account. However, some of the units under-utilize their reserved instances while other units need more reserved instances. As a Cloud Practitioner, which of the following would you recommend as the most cost-optimal solution?

A

Use AWS Organizations to manage AWS accounts of all units and then share the reserved EC2 instances amongst all units

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A web application stores all of its data on Amazon S3 buckets. A client has mandated that data be encrypted before sending it to Amazon S3.

Which of the following is the right technique for encrypting data as needed by the customer?

A

Enable client-side encryption using AWS encryption SDK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AWS Web Application Firewall (WAF) offers protection from common web exploits at which layer?

A

Layer 7

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A medical research startup wants to understand the compliance of AWS services concerning HIPAA guidelines. Which AWS service can be used to review the HIPAA compliance and governance-related documents on AWS?

A

AWS Artifact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which security service of AWS is enabled for all AWS customers, by default, at no additional cost?

A

AWS Shield Standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which AWS Service can be used to mitigate a Distributed Denial of Service (DDoS) attack?

A

AWS Shield

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Under the AWS Shared Responsibility Model, which of the following is a shared responsibility of both AWS and the customer?

A

Configuration Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

According to the AWS Shared Responsibility Model, which of the following are responsibilities of AWS? (Select two)

-Creating S3 bucket policies for appropriate user access
-Replacing faulty hardware of Amazon EC2 instances
- Operating the infrastructure layer, the operating system and the platform for the Amazon S3 service
- Enabling Multi Factor Authentication on AWS accounts in your organization
- Creating IAM role for accessing Amazon EC2 instances

A
  • Replacing faulty hardware of Amazon EC2 instances
  • Operating the infrastructure layer, the operating system and the platform for the Amazon S3 service
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

AWS Shield Advanced provides expanded DDoS attack protection for web applications running on which of the following resources? (Select two)

  • Amazon API Gateway
  • Amazon Route 53
  • AWS CloudFormation
  • AWS Global Accelerator
  • AWS Elastic Beanstalk
A
  • Amazon Route 53
  • AWS Global Accelerator
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following AWS services support VPC Endpoint Gateway for a private connection from a VPC? (Select two)

  • Amazon Elastic Compute Cloud (Amazon EC2)
  • Amazon Simple Queue Service (SQS)
  • Amazon Simple Notification Service (SNS)
  • Amazon Simple Storage Service (Amazon S3)
  • Amazon DynamoDB
A
  • Amazon Simple Storage Service (Amazon S3)
  • Amazon DynamoDB
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A cyber forensics team has detected that AWS owned IP-addresses are being used to carry out malicious attacks. As this constitutes prohibited use of AWS services, which of the following is the correct solution to address this issue?

A

Contact AWS Abuse Team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following is a recommended way to provide programmatic access to AWS resources?

A

Use Access Key ID and Secret Access Key to access AWS resources programmatically

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An organization has a complex IT architecture involving a lot of system dependencies and it wants to track the history of changes to each resource. Which AWS service will help the organization track the history of configuration changes for all the resources?

A

AWS Config

17
Q

As per the AWS Shared Responsibility Model, which of the following is a responsibility of AWS from a security and compliance point of view?

A

AWS is responsible for security “of” the cloud. This covers their global infrastructure elements including Regions, Availability Zones (AZ), and Edge Locations.

18
Q

A social media company wants to protect its web application from common web exploits such as SQL injection and cross-site scripting. Which of the following AWS services can be used to address this use-case?

A

AWS Web Application Firewall (AWS WAF)

19
Q

According to the AWS Shared Responsibility Model, which of the following are responsibilities of the customer for Amazon RDS?

A

Database encryption

20
Q

An organization is planning to move its infrastructure from the on-premises datacenter to AWS Cloud. As a Cloud Practioner, which options would you recommend so that the organization can identify the right AWS services to build solutions on AWS Cloud?

A
  • AWS Service Catalog
  • AWS Partner Network (APN)
21
Q

Which solutions can you use to connect your on-premises network with AWS Cloud?

A
  • AWS Direct Connect
  • AWS Virtual Private Network (VPN)
22
Q

An e-commerce company wants to assess its applications deployed on Amazon Elastic Compute Cloud (Amazon EC2) instances for vulnerabilities and deviations from AWS best practices. Which AWS service can be used to facilitate this?

A

Amazon Inspector

23
Q

Access Key ID and Secret Access Key are tied to which of the following AWS Identity and Access Management (AWS IAM) entities?

A

IAM User

24
Q

Which AWS services can be used to prevent Distributed Denial-of-Service (DDoS) attack?

A
  • AWS Shield
  • AWS Web Application Firewall (AWS WAF)
  • Amazon CloudFront with Amazon Route 53
25
Q

What foundational capability under the operations perspective is part of the AWS Cloud Adoption Framework (AWS CAF)?

A

https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/foundational-capabilities.html

26
Q

Due to regulatory and compliance reasons, an organization is supposed to use a hardware device for any data encryption operations in the cloud. Which AWS service can be used to meet this compliance requirement?

A

AWS CloudHSM (Hardware Security Module)

27
Q

As per the AWS Shared Responsibility Model, which of the following is a responsibility of the customer from a security and compliance point of view?

A

Managing patches of the guest operating system on Amazon Elastic Compute Cloud (Amazon EC2)

AWS CTF - Udemy Practice Test (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions