AWS SECURITY FUNDAMENTALS ANSWERS
AWS SECURITY FUNDAMENTALS
Which AWS
service manages authentication from social sign-in providers for mobile
applications?
Amazon
Cognito
AWS Secrets
Manager
AWS
Organizations
AWS IAM
Which of the
statements below provides an example of how AWS helps customers meet their
security and compliance needs?
AWS audits
and certifies a customer’s environment.
AWS provides
accreditations to customers.
AWS assists
customers in integrating their existing control frameworks.
AWS allows
customers to automatically achieve compliance.
What can be
used to troubleshoot network issues, including traffic going into and out of
your instances?
AWS Config
logs
VPC flow logs
Amazon S3
server access logs
AWS
CloudTrail logs
Which
statement below is performed by AWS as an example regarding security OF the
cloud?
Enabling
encryption on certain Amazon EBS volumes
Enforcing the
principle of least privilege for S3 buckets
Performing
patch software updates at the OS layer
Decommissioning
storage devices according to NIST 800-88
Where can you
find account activity information on API calls performed via the AWS Management
Console or the AWS CLI?
Amazon
CloudFront access logs
Amazon
CloudWatch Logs
Amazon S3
server access logs
AWS
CloudTrail logs
Which feature
helps secure your Amazon VPC resources by providing isolation at the subnet
level?
VPN
connectivity
Network ACLs
Security
groups
VPC peering
Which AWS
services below can be used in tandem to help protect against DDoS attacks?
Select THREE.
·
AWS KMS
·
AWS CloudFormation
·
Amazon Route 53
·
AWS Shield
·
Amazon CloudFront
Which
statement is true regarding the AWS Well-Architected Tool?
It identifies next steps for
improvements for a fixed monthly fee.
It automatically remediates
vulnerabilities in your workload.
It provides information on potential
risks in your workload.
It allows you to annually review your
workloads during a predefined time period.
Which
statement is true when describing your AWS account root user credentials?
They should be used for everyday
access.
They should be used for temporary
access to your account.
They provide root-level access to
your Amazon EC2 instances.
They provide unrestricted access to
your AWS account resources.
Which
AWS service feature helps secure your Amazon VPC resources by providing
isolation at the instance level?
Network ACLs
Correctly unselected
Security groups
Correctly selected
VPN connectivity
Correctly unselected
VPC peering
Which
AWS services/features can be used to provide data protection at rest and in
transit? Select THREE.
VPN
connectivity
AWS
KMS
AWS Certificate Manager
Network
ACLs
MFA authentication
How can AWS CloudFormation be used in
an incident response solution?
Removing compromised instances from an auto scaling
group
Deploying pre-configured instances for forensics
analysis
Generating reports of findings for basic forensics
Coordinating different services via a serverless
workflow
What
type of AWS credentials is required to SSH directly into an Amazon EC2
instance?
EC2 key pairs
Correctly selected
AWS account username and password
Correctly unselected
AWS IAM username and password
Correctly unselected
MFA tokens
Which
statement is true regarding Amazon S3 default (SSE-S3) server-side encryption?
Data is encrypted using a
customer-provided AWS KMS key.
Data is encrypted by the client
before being sent to Amazon S3.
Amazon S3 generates and manages the
encryption keys.
Users must provide the encryption
keys.
Which
statements below correctly describe the AWS global infrastructure? Select TWO.
- Availability Zones consist of one or more data
centers.
- Regions have geographically dispersed
Availability Zones.
- Edge locations are linked to Availability
Zones.
- An AWS Region consists of only one
Availability Zone.
- All regions have the same number of
Availability Zones.
Comments
Post a Comment