Module 6: Security

Ace your homework & exams now with Quizwiz!

which task can AWS Key Management Service (AWS KMS) perform? a) Configure multi-factor authentication (MFA). b) Update the AWS account root user password. c) Create cryptographic keys. d) Assign permissions to users and groups.

Create cryptographic keys.

Which statement best describes the principle of least privilege? a) Adding an IAM user into at least one IAM group b) Checking a packet's permissions against an access control list c) Granting only the permissions that are needed to perform specific tasks d) Performing a denial of service attack that originates from at least one device

Granting only the permissions that are needed to perform specific tasks

AWS Artifact Reports

Provide compliance reports from third-party auditors.

Which tasks can you complete in AWS Artifact? (Select TWO.) 1) Access AWS compliance reports on-demand. 2) Consolidate and manage multiple AWS accounts within a central location. 3) Create users to enable people and applications to interact with AWS services and resources. 4) Set permissions for accounts by configuring service control policies (SCPs). 5) Review, accept, and manage agreements with AWS.

1) Access AWS compliance reports on-demand 5) Review, accept, and manage agreements with AWS

Which tasks are the responsibilities of customers? (Select TWO.) 1) Maintaining network infrastructure 2) Patching software on Amazon EC2 instances 3) Implementing physical security controls at data centers 4) Setting permissions for Amazon S3 objects 5) Maintaining servers that run Amazon EC2 instances

2) Patching software on Amazon EC2 instances 4) Setting permissions for Amazon S3 objects

You are configuring service control policies (SCPs) in AWS Organizations. Which identities and resources can SCPs be applied to? (Select TWO.) 1) IAM users 2) IAM groups 3) An individual member account 4) IAM roles 5) An organizational unit (OU)

3) An individual member account 5) An organizational unit (OU)

Which statement best describes IAM policy? a) An authentication process that provides an extra layer of protection for your AWS account b) A document that grants or denies permissions to AWS services and resources c) An identity that you can assume to gain temporary access to permissions d) The identity that is established when you first create an AWS account

A document that grants or denies permissions to AWS services and resources

AWS Shield Advanced

A paid service that provides detailed attack diagnostics and the ability to detect and mitigate sophisticated DDoS attacks. It also integrates with other AWS services like Amazon Cloudfront, Amazon Route 53 and Elastic Load Balancing.

Which service helps protect your applications against distributed denial-of-service (DDoS attacks? a) Amazon GuardDuty b) Amazon Inspector c) AWS Artifact d) AWS Shield

AWS Shield

AWS: Security of the Cloud

AWS is responsible for security OF the cloud. AWS manages areas such as the host operating system, the virtualization layer, and even the physical security of the data centers.

AWS Artifact Agreements

Allows you to review, accept, and manage agreements for an individual account and for all your accounts in AWS Organizations.

AWS Shield Standard

Automatically protects AWS customers at no cost. Protects from most common, frequently occurring types of DDoS attacks.

Customers: Security in the Cloud

Customers are responsible for the security of everything they create and put IN the AWS Cloud. Steps may include selecting, configuring, and patching the operating systems that run on Amazon EC2 instances, configuring security groups, and managing user accounts.

An employee requires temporary access to create several Amazon S3 buckets. Which option would be the best choice for this task? a) AWS account root user b) IAM group c) IAM role d) Service control police (SCP)

IAM role


Related study sets

PrepU - Chapter 45: Management of Patients With Oral and Esophageal Disorders

View Set

Eating and Feeding Disorders Quiz Questions

View Set

Spanish Speaking Assessment Questions and Responses

View Set