Exam Practice Quiz 01
Quiz-summary
0 of 71 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
Results
0 of 71 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Earned Points: 0 of 0, (0)
0 Essay(s) Pending (Possible Points: 0)
Categories
- Not categorized 0%
- IAM 0%
- S3 0%
- Security 0%
- WAF 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- Answered
- Review
-
Question 1 of 71
1. Question
George has launched three EC2 instances inside the US-East-1a zone with his AWS account. Ray has launched two EC2 instances in the US-East-1a zone with his AWS account. Which of the below mentioned statements will help George and Ray understand the availability zone (AZ) concept better?
CorrectIncorrect -
Question 2 of 71
2. Question
Which service enables AWS customers to manage users and permissions in AWS?
CorrectIncorrect -
Question 3 of 71
3. Question
IAM provides several policy templates you can use to automatically assign permissions to the groups you create. The _____ policy template gives the Admins group permission to access all account resources, except your AWS account information
CorrectIncorrect -
Question 4 of 71
4. Question
Every user you create in the IAM system starts with _________.
CorrectIncorrect -
Question 5 of 71
5. Question
Groups can’t _____.
CorrectIncorrect -
Question 6 of 71
6. Question
The _____ service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon Simple DB, and the AWS Management Console.
CorrectIncorrect -
Question 7 of 71
7. Question
An AWS customer is deploying an application that is composed of an Auto Scaling group of EC2 Instances. The customer’s security policy requires that every outbound connection from these instances to any other service within the customers Virtual Private Cloud must be authenticated using a unique x 509 certificate that contains the specific instance id. In addition, an x 509 certificates must Designed by the customer’s Key management service in order to be trusted for authentication. Which of the following configurations will support these requirements?
CorrectIncorrect -
Question 8 of 71
8. Question
When assessing an organization AWS use of AWS API access credentials which of the following three credentials should be evaluated? Choose 3 answers
CorrectIncorrect -
Question 9 of 71
9. Question
An organization has created 50 IAM users. The organization wants that each user can change their password but cannot change their access keys. How can the organization achieve this?
CorrectIncorrect -
Question 10 of 71
10. Question
An organization has created 50 IAM users. The organization has introduced a new policy which will change the access of an IAM user. How can the organization implement this effectively so that there is no need to apply the policy at the individual user level?
CorrectIncorrect -
Question 11 of 71
11. Question
Your organization’s security policy requires that all privileged users either use frequently rotated passwords or one-time access credentials in addition to username/password. Which two of the following options would allow an organization to enforce this policy for AWS users? (Choose 2 answers)
CorrectIncorrect -
Question 12 of 71
12. Question
Your organization is preparing for a security assessment of your use of AWS. In preparation for this assessment, which two IAM best practices should you consider implementing? (Choose 2 answers)
CorrectIncorrect -
Question 13 of 71
13. Question
A company needs to deploy services to an AWS region which they have not previously used The company currently has an AWS identity and Access Management (IAM) role for the Amazon EC2 instances, which permits the instance to have access to Amazon Dynamo DB The company wants their EC2 instances in the new region to have the same privileges. How should the company achieve this?
CorrectIncorrect -
Question 14 of 71
14. Question
After creating a new IAM user which of the following must be done before they can successfully make API calls?
CorrectIncorrect -
Question 15 of 71
15. Question
An organization is planning to create a user with IAM. They are trying to understand the limitations of IAM so that they can plan accordingly. Which of the below mentioned statements is not true with respect to the limitations of IAM?
CorrectIncorrect -
Question 16 of 71
16. Question
Within the IAM service a GROUP is regarded as a:
CorrectIncorrect -
Question 17 of 71
17. Question
Is there a limit to the number of groups you can have?
CorrectIncorrect -
Question 18 of 71
18. Question
What is the default maximum number of MFA devices in use per AWS account (at the root account level)?
CorrectIncorrect -
Question 19 of 71
19. Question
When you use the AWS Management Console to delete an IAM user, IAM also deletes any signing certificates and any access keys belonging to the user.
CorrectIncorrect -
Question 20 of 71
20. Question
You are setting up a blog on AWS. In which of the following scenarios will you need AWS credentials? (Choose 3)
CorrectIncorrect -
Question 21 of 71
21. Question
IAM’s Policy Evaluation Logic always starts with a default ____________ for every request, except for those that use the AWS account’s root security credentials by
CorrectIncorrect -
Question 22 of 71
22. Question
An organization has created 10 IAM users. The organization wants each of the IAM users to have access to a separate Dynamo DB table. All the users are added to the same group and the organization wants to setup a group level policy for this. How can the organization achieve this?
CorrectIncorrect -
Question 23 of 71
23. Question
An organization has setup multiple IAM users. The organization wants that each IAM user accesses the IAM console only within the organization and not from outside. How can it achieve this?
CorrectIncorrect -
Question 24 of 71
24. Question
Can I attach more than one policy to a particular entity?
CorrectIncorrect -
Question 25 of 71
25. Question
A __________ is a document that provides a formal statement of one or more
CorrectIncorrect -
Question 26 of 71
26. Question
A __________ is the concept of allowing (or disallowing) an entity such as a user, group, or role some type of access to one or more resources.
CorrectIncorrect -
Question 27 of 71
27. Question
True or False: When using IAM to control access to your RDS resources, the key names that can be used are case sensitive. For example, aws:CurrentTime is NOT equivalent to AWS:currenttime.
CorrectIncorrect -
Question 28 of 71
28. Question
What are the recommended best practices for IAM? (Choose 3 answers)
CorrectIncorrect -
Question 29 of 71
29. Question
A company is building software on AWS that requires access to various AWS services. Which configuration should be used to ensure that AWS credentials (i.e., Access Key ID/Secret Access Key combination) are not compromised?
CorrectIncorrect -
Question 30 of 71
30. Question
A photo-sharing service stores pictures in Amazon Simple Storage Service (S3) and allows application sign-in using an OpenID Connect-compatible identity provider. Which AWS Security Token Service approach to temporary access should you use for the Amazon S3 operations?
CorrectIncorrect -
Question 31 of 71
31. Question
A company is preparing to give AWS Management Console access to developers. Company policy mandates identity federation and role-based access control. Roles are currently assigned using groups in the corporate Active Directory. What combination of the following will give developers access to the AWS console? (Select 2)
CorrectIncorrect -
Question 32 of 71
32. Question
A customer needs corporate IT governance and cost oversight of all AWS resources consumed by its divisions. The divisions want to maintain administrative control of the discrete AWS resources they consume and keep those resources separate from the resources of other divisions. Which of the following options, when used together will support the autonomy/control of divisions while enabling corporate IT to maintain governance and cost oversight? (Choose 2 answers)
CorrectIncorrect -
Question 33 of 71
33. Question
Which of the following items are required to allow an application deployed on an EC2 instance to write data to a DynamoDB table? Assume that no security keys are allowed to be stored on the EC2 instance. (Choose 2 answers)
CorrectIncorrect -
Question 34 of 71
34. Question
Which technique can be used to integrate AWS IAM (Identity and Access Management) with an on-premise LDAP (Lightweight Directory Access Protocol) directory service?
CorrectIncorrect -
Question 35 of 71
35. Question
You are looking to migrate your Development (Dev) and Test environments to AWS. You have decided to use separate AWS accounts to host each environment. You plan to link each accounts bill to a Master AWS account using Consolidated Billing. To make sure you Keep within budget you would like to implement a way for administrators in the Master account to have access to stop, delete and/or terminate resources in both the Dev and Test accounts. Identify which option will allow you to achieve this goal.
CorrectIncorrect -
Question 36 of 71
36. Question
You have an application running on an EC2 Instance which will allow users to download flies from a private S3 bucket using a pre-assigned URL. Before generating the URL the application should verify the existence of the file in S3. How should the application use AWS credentials to access the S3 bucket securely?
CorrectIncorrect -
Question 37 of 71
37. Question
You are designing a photo sharing mobile app the application will store all pictures in a single Amazon S3 bucket. Users will upload pictures from their mobile device directly to Amazon S3 and will be able to view and download their own pictures directly from Amazon S3. You want to configure security to handle potentially millions of users in the most secure manner possible. What should your server-side application do when a new user registers on the photo-sharing mobile application?
CorrectIncorrect -
Question 38 of 71
38. Question
Your company has recently extended its datacenter into a VPC on AWS to add burst computing capacity as needed Members of your Network Operations Center need to be able to go to the AWS Management Console and administer Amazon EC2 instances as necessary You don’t want to create new IAM users for each NOC member and make those users sign in again to the AWS Management Console Which option below will meet the needs for your NOC members?
CorrectIncorrect -
Question 39 of 71
39. Question
An administrator is using Amazon CloudFormation to deploy a three tier web application that consists of a web tier and application tier that will utilize Amazon DynamoDB for storage when creating the CloudFormation template which of the following would allow the application instance access to the DynamoDB tables without exposing API credentials?
CorrectIncorrect -
Question 40 of 71
40. Question
An enterprise wants to use a third-party SaaS application. The SaaS application needs to have access to issue several API commands to discover Amazon EC2 resources running within the enterprise’s account. The enterprise has internal security policies that require any outside access to their environment must conform to the principles of least privilege and there must be controls in place to ensure that the credentials used by the SaaS vendor cannot be used by any other third party. Which of the following would meet all of these conditions?
CorrectIncorrect -
Question 41 of 71
41. Question
A corporate web application is deployed within an Amazon Virtual Private Cloud (VPC) and is connected to the corporate data center via an IPsec VPN. The application must authenticate against the on-premises LDAP server. After authentication, each logged-in user can only access an Amazon Simple Storage Space (S3) key space specific to that user. Which two approaches can satisfy these objectives? (Choose 2 answers)
CorrectIncorrect -
Question 42 of 71
42. Question
Company B is launching a new game app for mobile devices. Users will log into the game using their existing social media account to streamline data capture. Company B would like to directly save player data and scoring information from the mobile app to a DynamoDB table named Score Data When a user saves their game the progress data will be stored to the Game state S3 bucket. What is the best approach for storing data to DynamoDB and S3?
CorrectIncorrect -
Question 43 of 71
43. Question
A user has created an application which will be hosted on EC2. The application makes calls to DynamoDB to fetch certain data. The application is using the DynamoDB SDK to connect with from the EC2 instance. Which of the below mentioned statements is true with respect to the best practice for security in this scenario?
CorrectIncorrect -
Question 44 of 71
44. Question
A user has created a mobile application which makes calls to DynamoDB to fetch certain data the application is using the DynamoDB SDK and root account access/secret access key to connect to DynamoDB from mobile. Which of the below mentioned statements is true with respect to the best practice for security in this scenario?
CorrectIncorrect -
Question 45 of 71
45. Question
You are managing the AWS account of a big organization. The organization has more than 1000+ employees and they want to provide access to the various services to most of the employees. Which of the below mentioned options is the best possible solution in this case?
CorrectIncorrect -
Question 46 of 71
46. Question
Your fortune 500 company has under taken a TCO analysis evaluating the use of Amazon S3 versus acquiring more hardware The outcome was that all employees would be granted access to use Amazon S3 for storage of their personal documents Which of the following will you need to consider so you can set up a solution that incorporates single sign-on from your corporate AD or LDAP directory and restricts access for each user to a designated user folder in a bucket? (Choose 3 Answers)
CorrectIncorrect -
Question 47 of 71
47. Question
You’ve been hired to enhance the overall security posture for a very large e-commerce site. They have a well architected multi-tier application running in a VPC that uses ELBs in front of both the web and the app tier with static assets served directly from S3. They are using a combination of RDS and DynamoDB for their dynamic data and then archiving nightly into S3 for further processing with EMR. They are concerned because they found questionable log entries and suspect someone is attempting to gain unauthorized access. Which approach provides a cost effective scalable mitigation to this kind of attack?
CorrectIncorrect -
Question 48 of 71
48. Question
You are designing a social media site and are considering how to mitigate distributed denial-of-service (DDoS) attacks. Which of the below are viable mitigation techniques? (Choose 3 answers)
CorrectIncorrect -
Question 49 of 71
49. Question
When preparing for a compliance assessment of your system built inside of AWS. What are three best practices for you to prepare for an audit? Choose 3 answers
CorrectIncorrect -
Question 50 of 71
50. Question
In the shared security model, AWS is responsible for which of the following security best practices (check all that apply)
CorrectIncorrect -
Question 51 of 71
51. Question
You are running a web-application on AWS consisting of the following components an Elastic Load Balancer (ELB) an Auto-Scaling Group of EC2 instances running Linux/PHP/Apache, and Relational Database Service (RDS) MySQL. Which security measures fall into AWS’s responsibility?
CorrectIncorrect -
Question 52 of 71
52. Question
Which of the following statements is true about achieving PCI certification on the AWS platform? (Choose 2)
CorrectIncorrect -
Question 53 of 71
53. Question
What does RRS stand for when talking about S3?
CorrectIncorrect -
Question 54 of 71
54. Question
What is the durability of S3 RRS?
CorrectIncorrect -
Question 55 of 71
55. Question
What is the Reduced Redundancy option in Amazon S3?
CorrectIncorrect -
Question 56 of 71
56. Question
An application is generating a log file every 5 minutes. The log file is not critical but may be required only for verification in case of some major issue. The file should be accessible over the internet whenever required which of the below mentioned options is a best possible storage solution for it?
CorrectIncorrect -
Question 57 of 71
57. Question
A user has moved an object to Glacier using the life cycle rules. The user requests to restore the archive after 6 months. When the restore request is completed the user accesses that archive. Which of the below mentioned statements is not true in this condition?
CorrectIncorrect -
Question 58 of 71
58. Question
Which set of Amazon S3 features helps to prevent and recover from accidental data loss?
CorrectIncorrect -
Question 59 of 71
59. Question
You use S3 to store critical data for your company Several users within your group currently have full permissions to your S3 buckets. You need to come up with a solution that does not impact your users and also protect against the accidental deletion of objects. Which two options will address this issue? (Choose 2 answers)
CorrectIncorrect -
Question 60 of 71
60. Question
A company is storing data on Amazon Simple Storage Service (S3). The company’s security policy mandates that data is encrypted at rest. Which of the following methods can achieve this? (Choose 3 answers)
CorrectIncorrect -
Question 61 of 71
61. Question
A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at Rest. If the user is supplying his own keys for encryption (SSE-C) which of the below mentioned statements is true?
CorrectIncorrect -
Question 62 of 71
62. Question
A storage admin wants to encrypt all the objects stored in S3 using server side encryption. The user does not want to use the AES 256 encryption key provided by S3. How can the user achieve this?
CorrectIncorrect -
Question 63 of 71
63. Question
A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at rest. If the user is supplying his own keys for encryption (SSE-C), what is recommended to the user for the purpose of security?
CorrectIncorrect -
Question 64 of 71
64. Question
A system admin is planning to encrypt all objects being uploaded to S3 from an application. The system admin does not want to implement his own encryption algorithm; instead he is planning to use server side encryption by supplying his own key (SSE-C). Which parameter is not required while making a call for SSE-C?
CorrectIncorrect -
Question 65 of 71
65. Question
A customer is leveraging Amazon Simple Storage Service in eu-west-1 to store static content for a web-based property. The customer is storing objects using the Standard Storage class. Where are the customers objects replicated?
CorrectIncorrect -
Question 66 of 71
66. Question
Which features can be used to restrict access to data in S3? Choose 2 answers
CorrectIncorrect -
Question 67 of 71
67. Question
Which method can be used to prevent an IP address block from accessing public objects in an S3 bucket?
CorrectIncorrect -
Question 68 of 71
68. Question
A user has granted read/write permission of his S3 bucket using ACL. Which of the below mentioned options is a valid ID to grant permission to other AWS accounts (grantee. using ACL?
CorrectIncorrect -
Question 69 of 71
69. Question
A root account owner has given full access of his S3 bucket to one of the IAM users using the bucket ACL. When the IAM user logs in to the S3 console, which actions can he perform?
CorrectIncorrect -
Question 70 of 71
70. Question
A root AWS account owner is trying to understand various options to set the permission to AWS S3. Which of the below mentioned options is not the right option to grant permission for S3?
CorrectIncorrect -
Question 71 of 71
71. Question
A system admin is managing buckets, objects and folders with AWS S3. Which of the below mentioned statements is true and should be taken in consideration by the sysadmin?
CorrectIncorrect