Identity & Access Management
Compliance
Security Services
Best Practices
Misc. Security
100

Which AWS Service is used to enable multi-factor authentication?

A. AWS KMS

B. Amazon EC2

C. AWS IAM

D. Amazon STS

C. AWS IAM

100

Which statement best describes the principle of least privilege?

A. Adding an IAM user into at least one IAM group

B. Checking a packet's permissions against an access control list

C. Granting only the permissions that are needed to perform specific tasks

D. Performing a denial of service attack that originates from at least one device

C. Granting only the permissions that are needed to perform specific tasks

100

Which service helps protect your applications against distributed denial-of-service (DDoS) attacks?

A. Amazon GuardDuty

B. Amazon Inspector

C. AWS Artifact

D. AWS Shield

D. AWS Shield

100

Which tasks are the responsibilities of the customers?

A. Maintaining network infrastructure

B. Patching software on Amazon EC2 instances

C. Implementing physical security controls at data centers.

D. Setting permissions for Amazon S3 objects

E. Maintaining servers that run Amazon EC2 instances

B. Patching software on Amazon EC2 instances

D. Setting permissions for Amazon S3 objects

100

What do you need to log into the AWS console?
A. Key pair

B. User name and password

C. Access key and secret ID

D. Certificate

B. User name and password

200

Which IAM entity can be used for assigning permissions to AWS services?

A. IAM Access Key ID and Secret Access Key

B. IAM Role

C. IAM Policy

D. Security Token Service (STS)

B. IAM Role

200

Which of the following compliance programs allows the AWS environment to process, maintain, and store protected health information?

A. PCI DSS

B. ISO 27001

C. HIPAA

D. SOC 1

C. HIPAA

200

Which AWS service lets you add user sign up, sign-in and access control to web and mobile apps?

A. AWS Directory Service

B. AWS CloudHSM

C. Amazon Cognito

D. AWS Artifact

C. Amazon Cognito

200

Which of the following is NOT a best practice for protecting the root user of an AWS account? 

A. Don't share the root user credentials

B. Enable MFA

C. Lock away the AWS root user access keys

D. Remove administrative permissions

D. Remove administrative permissions

200

Which AWS service uses a highly secure hardware storage device to store encryption keys?

A. Amazon Cloud Directory

B. AWS CloudHSM

C. AWS IAM

D. AWS WAF

B. AWS CloudHSM

300

Which of the following should be used to improve the security of access to the AWS Management Console?

A. Strong password policies

B. AWS Certificate Manager

C. Security group rules

D. AWS Secrets Manager

E. AWS Multi-Factor Authentication

A. Strong password policies

E. AWS Multi-Factor Authentication

300

What is the name of the online, self-service portal that AWS provides to enable customers to view reports, such as PCI reports, and accept agreements?

A. AWS DocuFact

B. AWS Artifact

C. AWS Compliance Portal

D. AWS Documentation Portal

A. AWS Artifact

300

How can a security compliance officer retrieve AWS compliance documentation such as a SOC 2 report?

A. Using AWS Inspector

B. Using the AWS Personal Dashboard

C. Using AWS Artifact

D. Using AWS Trusted Advisor

C. Using AWS Artifact

300

When storing sensitive company data in Amazon S3, which security best practices should customers follow?

A. Enable requester pays to reduce costs

B. Enable AWS WAF to restrict access to the bucket

C. Enable cross-Region replication on the S3 bucket

D. Enable S3 server-side encryption on the S3 bucket

D. Enable S3 server-side encryption on the S3 bucket

300

How can an organization keep track of resource inventory and configuration history for the purpose of security and regulatory compliance?

A. Create an Amazon CLoudTrail trail

B. Run a report with AWS Artifact

C. Implement Amazon GuardDuty

D. Configure AWS Config with the resource types

D. Configure AWS Config with the resource types

400

The AWS IAM service can be used to manage which objects?

A. Security Groups

B. Access Policies

C. Network ACLs

D. Roles

E. Key Pairs

B. Access Policies

D. Roles

400

Which AWS security tool uses an agent installed in EC2 instances and assesses applications for vulnerabilities and deviations from best practices?

A. AWS Inspector

B. AWS TCO Calculator

C. AWS Personal Health Dashboard

D. AWS Trusted Advisor

A. AWS Inspector

400

A security operations engineer needs to implement threat detection and monitoring for malicious or unauthorized behavior. Which service should be used?

A. AWS Shield

B. AWS KMS

C. AWS Inspector

D. Amazon GuardDuty

D. Amazon GuardDuty

400

AWS Trusted Advisor provides real-time guidance on what characteristics of an AWS account?

A. Security best practices

B. Application performance

C. Network utilization

D. Cost optimization

E. Application configuration

A. Security best practices

D. Cost optimization

400

A company is using the AWS CLI and programmatic access of AWS resources from its on-premise network. What is a mandatory requirement in this scenario?

A. Using Amazon API Gateway

B. Using an AWS access key and a secret key

C. Using an Amazon EC2 key pair

D. Using an AWS Direct Connect connection

B. Using an AWS access key and a secret key

500

A new user is unable to access any AWS services, what is the most likely explanation?

A. The services are currently unavailable

B. The user needs to login with a key pair

C. The default limit for user logon has been reached

D. By default, new users are created without access to any AWS services

D. By default, new users are created without access to any AWS services

500

Which privacy and data security laws does Travelers need to comply with?

A. Gramm-Leach-Bliley Act (GLBA)

B. General Data Protection Regulation (GDPR)

C. California Consumer Privacy Act (CCPA)

D. All of the above

D. All of the above

500

Which task can AWS Key Management Service (AWS KMS) perform?

A. Configure multi-factor authentication

B. Update the AWS account root user password

C. Create cryptographic keys

D. Assign permissions to users and groups

C. Create cryptographic keys

500

When using AWS Organizations with consolidated billing, what are two valid best practices?

A. The paying account should be used for billing purposes only

B. Always use a straightforward password on the root account

C. Always enable MFA on the root account

D. Never exceed the limit of 20 linked accounts

E. Use the paying account for deploying resources

A. The paying account should be used for billing purposes only

C. Always enable MFA on the root account

500

BONUS:

What is the name of the botnet that was mentioned in the lecture?

A. Mirai botnet

B. 911 S5 botnet

C. Mariposa botnet

D. ZeroAccess botnet

B. 911 S5 botnet

M
e
n
u