Security Quiz Questions Flashcards
Which of the below can be configured to enhance the security at the subnet level?
A. Virtual Private Cloud (VPC)
B. Configure transitive VPC Peering
C. NACL (Network Access Control List)
D. Security Group
C. NACL (Network Access Control List)
Under the “Shared Responsibility Model”, which of the listed below is Customer’s Responsibility?
A. Hardware of the AWS underlying infrastructure
B. Client-side data encryption
C. Database of the AWS infrastructure
D. Networking of the AWS infrastructure
B. Client-side data encryption
To make programmatic calls to AWS, a user was provided an access key ID and secret access key. However, the user has now forgotten the shared credentials and cannot make the required programmatic calls.
A. USe the “Forgot Password” Option
B. Use “Create New Access Key” by logging in to AWS Management Console as the root user
C. Creditanials can not be generated
D. Raise a ticket with AWS Support
B. Use “Create New Access Key” by logging in to AWS Management Console as the root user
To enable an application on an EC2 Instance to perform some actions, the developer requires to grant access to the application for a few AWS resources. The developer plans to provide his credential to the instance. However, as the developer’s credentials are long-term, the developer is looking for an alternative to reduce the security risk.
A. Use “IAM Roles”
B. USe “IAM Group”
C. Use “IAM Tags”
D. There is no alternate way. A developer needs to give his credentials and revoke access when the required action is done.
A. Use “IAM Roles”
An application requires access to a database to retrieve certain information and this action would require the developer to hard-code the credentials.
Hard-coding the credentials is not a best practice. He can securely store encrypted credentials and retrieve them when required, eliminating the need of hard-coding credentials in the application. Which AWS service would you suggest to the developer?
A. AWS Secrets Manager
B. AWS Encryption SDK
C. AWS Security Hub
D. AWS Artifact
A. AWS Secrets Manager
When provisioning a security certificate from AWS Certificate Manager (ACM), which of the following statements is true? Choose TWO
A. ACM-issued security certificate cannot be applied to an Application load balancer
B. To verify a security certificate, a CNAME record would need to be created.
C. Third-party security certificates cannot be applied to AWS resources.
D. To verify a security certificate, the administrator would need to acknowledge a verification email sent to an address of their choice
E. A security certificate issued in ACM can only be applied to one AWS resource.
B. To verify a security certificate, a CNAME record would need to be created.
D. To verify a security certificate, the administrator would need to acknowledge a verification email sent to an address of their choice
An administrator would like VPCs in three different AWS accounts to access on-premise resources via VPN connection terminating on a Transit Gateway. Each of the VPCs is in distinct AWS regions. How can this be achieved?
A. Use AWS Resource Access Manager (RAM) to share the transit Gateway resource
B. Configure a Virtual Private Gateway (VGW) for each VPC and then extend the VPN tunnels to them.
C. Create VPC attachments from each of the VPCs to the Transit Gateway.
D. Configure VPC peering connections between the VPC’s and then route traffic from on-premise through the VPN to the Transit Gateway and then to each VPC peer.
A. Use AWS Resource Access Manager (RAM) to share the transit Gateway resource
An administrator receives an alert and detailed report regarding credit card information that has been erroneously updated by a user into one of the S3 buckets during an online questionnaire exercise for a survey. Which AWS service provided this detection and report?
A. Amazon Inspector
B. Amazon EventBridge
C. Amazon Detective
D. Amazon Macie
D. Amazon Macie
During an audit process, an organization is advised by the audit committee to centrally manage all the VPC security groups and WAF rules across their AWS environment. Given that the organization has multiple AWS accounts, how can this be achieved?
A. AWS Identity & Access Management (IAM)
B. AWS Firewall Manager
C. Amazon Cloud Directory
D. AWS Security Hub
B. AWS Firewall Manager
Which of the following statements accurately describe a function of AWS Secrets Manager. Select TWO.
A. Encrypts authentication information in code, ensuring that it is unreadable, that is, not in plain-text.
B. Replaces the need to hardcode authentication credentials in code.
C. Make it possible to include an API call in code that retrieves authentication information from a central repository
D. Automatically rotates and updates the code in the application build, ensuring that repositories are kept up to date.
E. Facilitate the embedding of authentication information in code during runtime.
B. Replaces the need to hardcode authentication credentials in code.
C. Make it possible to include an API call in code that retrieves authentication information from a central repository
A client has decided to go for a MySQL RDS database on the AWS cloud based on its Scalability & High Availability features. When he does so, what role does he plan in making the database secure?
A. He can restrict RDS access to the database by using a Security Group
B. He can provide the most recent updates of his database software installed on the EC2 Instance for preventing Security attacks.
C. He can provide the most recent versions of his Operating System on the EC2 instance for preventing Security attacks
D. He can Encrypt database data at rest by using EBS volume storage encryption
E. He can plan for backup & recovery strategies for data that may be lost.
A. He can restrict RDS access to the database by using a Security Group
E. He can plan for backup & recovery strategies for data that may be lost.
I have a mobile app that needs to access AWS resources like S3, DynamoDB. What is the best way to allow users of the mobile app access to these AWS resources?
A. Keep the Security Credentials associated with the AWS resource access within the Mobile App
B. Use Security Token Service (STS) with Identity Federation that will allow a User access to resources within a session
C. Crete USers & Groups within IAM and assign IAM policies for accessing the resources
D. Have the mobile app connect to another web application running on EC2 instance that can assume a role for access the AWS resource
B. Use Security Token Service (STS) with Identity Federation that will allow a User access to resources within a session
I have a compliance requirement for my application, stating that unrestricted SSH access to any EC2 instance needs to be immediately notified to an admin. Which services can I use to achieve the requirement?
A. AWS Trusted Advisor, Amazon SNS
B. AWS Inspector, Amazon SNS
C. AWS Config, Amazon SNS
D. Both B & C
D. Both B & C
