AWS Practice Exam 5 (Security & Compliance)

A growing start-up has trouble identifying and protecting sensitive data at scale. Which AWS fully managed service can assist with this task? 1.) Amazon Macie 2.) AWS Secrets Manager 3.) AWS Artifact 4.) AWS KMS

1.) Amazon Macie

According to the Shared Responsibility Model, which of the following is both the responsibility of AWS and the customer? (Select two) 1.) Configuration management 2.) Operating system (OS) configuration 3.) Disposal of disk drives 4.) Customer data 5.) Data center security

1.) Configuration management 2.) Operating system (OS) configuration

According to the Shared Responsibility Model, which of the following are responsibilities of AWS? (Select two) 1.) Data center security 2.) Encrypting application data 3.) Installing security patches of the guest operating system (OS) 4.) Configuring IAM Roles 5.) Network operability

1.) Data center security 5.) Network operability

A company would like to create a private, high bandwidth network connection between its on-premises data centers and AWS Cloud. As a Cloud Practitioner, which of the following options would you recommend? 1.) Direct Connect 2.) VPC Peering 3.) Site-to-Site VPN 4.) VPC Endpoints

1.) Direct Connect

Which of the following options is NOT a feature of Amazon Inspector? 1.) Track configuration changes 2.) Automate security assessments 3.) Inspect running operating systems (OS) against known vulnerabilities 4.) Analyze against unintended network accessibility

1.) Track configuration changes

A research lab needs to be notified in case of a configuration change for security and compliance reasons. Which AWS service can assist with this task? 1.) AWS Trusted Advisor 2.) Amazon Inspector 3.) AWS Config 4.) AWS Secrets Manager

3.) AWS Config

According to the Shared Responsibility Model, which of the following is a responsibility of the customer? 1.) Edge locations security 2.) Protecting hardware infrastructure 3.) Firewall & networking configuration in EC2 4.) Managing DynamoDB

3.) Firewall & networking configuration in EC2

A company would like to audit requests made to an S3 bucket. As a Cloud Practitioner, which S3 feature would you recommend addressing this use-case? 1.) S3 Bucket Policies 2.) S3 Versioning 3.) S3 Access Logs 4.) S3 Cross-Region Replication (CRR)

3.) S3 Access Logs

Which of the following IAM Security Tools allows you to review permissions granted to a user? 1.) IAM credentials report 2.) IAM policies 3.) Multi-Factor Authentication (MFA) 4.) IAM access advisor

4.) IAM access advisor

Which security control tool can be used to deny traffic from a specific IP address? 1.) AWS GuardDuty 2.) VPC Flow Logs 3.) Security Group 4.) Network ACL

4.) Network ACL

Which AWS tool can provide best practice recommendations for performance, service limits, and cost optimization? 1.) AWS Trusted Advisor 2.) Amazon CloudWatch 3.) AWS Service Health Dashboard 4.) Amazon Inspector

1.) AWS Trusted Advisor

Which service/tool will you use to create and provide trusted users with temporary security credentials that can control access to your AWS resources? 1.) AWS Web Application Firewall (AWS WAF) 2.) AWS Security Token Service (AWS STS) 3.) AWS Single Sign-On (SSO) 4.) Amazon Cognito

2.) AWS Security Token Service (AWS STS)

A Cloud Practitioner would like to get operational insights of its resources to quickly identify any issues that might impact applications using those resources. Which AWS service can help with this task? 1.) AWS Trusted Advisor 2.) AWS Systems Manager 3.) Amazon Inspector 4.) AWS Personal Health Dashboard

2.) AWS Systems Manager

A multinational company has just moved its infrastructure to AWS Cloud and has employees traveling to different offices around the world. How should the company set the AWS accounts? 1.) Create an IAM user for each user in each region 2.) There is nothing to do, IAM is a global service 3.) As employees travel, they can use other employees' accounts 4.) Create 'global' permissions so users can access resources from all around the world

2.) There is nothing to do, IAM is a global service

Which of the following AWS services can be used to generate, use, and manage encryption keys on the AWS Cloud? 1.) AWS GuardDuty 2.) AWS Secrets Manager 3.) AWS CloudHSM 4.) Amazon Inspector

3.) AWS CloudHSM