AWS Practice Paper 5 - Security
Which of the following AWS services can be used to generate, use, and manage encryption keys on the AWS Cloud? 1. AWS GuardDuty 2. AWS CloudHSM 3. AWS Secrets Manager 4. Amazon Inspector
2. AWS CloudHSM
A growing start-up has trouble identifying and protecting sensitive data at scale. Which AWS fully managed service can assist with this task? 1. AWS Artifact 2. Amazon Macie 3. AWS Key Management Service (AWS KMS) 4. AWS Secrets Manager
2. Amazon Macie
Which service/tool will you use to create and provide trusted users with temporary security credentials that can control access to your AWS resources? 1. AWS IAM Identity Center 2. Amazon Cognito 3. AWS Web Application Firewall (AWS WAF) 4. AWS Security Token Service (AWS STS)
4. AWS Security Token Service (AWS STS)
A Cloud Practitioner would like to get operational insights of its resources to quickly identify any issues that might impact applications using those resources. Which AWS service can help with this task? 1. Amazon Inspector 2. AWS Trusted Advisor 3. AWS Health Dashboard - Your Account Health 4. AWS Systems Manager
4. AWS Systems Manager
A company would like to audit requests made to an Amazon Simple Storage Service (Amazon S3) bucket. As a Cloud Practitioner, which Amazon Simple Storage Service (Amazon S3) feature would you recommend addressing this use-case? 1. S3 Versioning 2. S3 cross-region replication (S3 CRR) 3. Amazon S3 Bucket Policies 4. Amazon Simple Storage Service (Amazon S3) Access Logs
4. Amazon Simple Storage Service (Amazon S3) Access Logs
Which security control tool can be used to deny traffic from a specific IP address? 1. VPC Flow Logs 2. Amazon GuardDuty 3. Security Group 4. Network Access Control List (network ACL)
4. Network Access Control List (network ACL)
A company would like to create a private, high bandwidth network connection between its on-premises data centers and AWS Cloud. As a Cloud Practitioner, which of the following options would you recommend? 1. AWS Direct Connect 2. VPC Endpoints 3. VPC peering connection 4. AWS Site-to-Site VPN
1. AWS Direct Connect
According to the AWS Shared Responsibility Model, which of the following is the responsibility of the customer? 1. Firewall & networking configuration of Amazon Elastic Compute Cloud (Amazon EC2) 2. Managing Amazon DynamoDB 3. Edge locations security 4. Protecting hardware infrastructure
1. Firewall & networking configuration of Amazon Elastic Compute Cloud (Amazon EC2)
A multinational company has just moved its infrastructure to AWS Cloud and has employees traveling to different offices around the world. How should the company set the AWS accounts? 1. There is nothing to do, AWS Identity and Access Management (AWS IAM) is a global service 2. Create an IAM user for each user in each AWS region 3. As employees travel, they can use other employees' accounts 4. Create global permissions so users can access resources from all around the world
1. There is nothing to do, AWS Identity and Access Management (AWS IAM) is a global service
Which of the following options is NOT a feature of Amazon Inspector? 1. Track configuration changes 2. Analyze against unintended network accessibility 3. Automate security assessments 4. Inspect running operating systems (OS) against known vulnerabilities
1. Track configuration changes
According to the AWS Shared Responsibility Model, which of the following are the responsibilities of AWS? (Select two) 1. Installing security patches of the guest operating system (OS) 2. Network operability 3. Encrypting application data 4. Configuring IAM Roles 5. Data center security
2. Network operability 5. Data center security
A research lab needs to be notified in case of a configuration change for security and compliance reasons. Which AWS service can assist with this task? 1. AWS Trusted Advisor 2. AWS Secrets Manager 3. AWS Config 4. Amazon Inspector
3. AWS Config
Which of the following AWS Identity and Access Management (AWS IAM) Security Tools allows you to review permissions granted to an IAM user? 1. IAM credentials report 2. Multi-Factor Authentication (MFA) 3. AWS Identity and Access Management (IAM) access advisor 4. IAM Policy
3. AWS Identity and Access Management (IAM) access advisor
Which AWS tool can provide best practice recommendations for performance, service limits, and cost optimization? 1. Amazon Inspector 2. AWS Health Dashboard - Service health 3. AWS Trusted Advisor 4. Amazon CloudWatch
3. AWS Trusted Advisor
According to the AWS Shared Responsibility Model, which of the following is both the responsibility of AWS and the customer? (Select two) 1. Customer data 2. Data center security 3. Configuration management 4. Disposal of disk drives 5. Operating system (OS) configuration
3. Configuration management 5. Operating system (OS) configuration