Andres M Chaparro M
Test por , creado hace más de 1 año

Chapter 3

11
0
0
Andres M Chaparro M
Creado por Andres M Chaparro M hace alrededor de 5 años
Cerrar

Chapter 3

Pregunta 1 de 20

1

Whose responsibility is it to secure the AWS Cloud?

Selecciona una de las siguientes respuestas posibles:

  • Only Amazon Web Services

  • Only you

  • The World Wide Web Consortium (W3C)

  • You and AWS share the responsibility.

Explicación

Pregunta 2 de 20

1

For which aspects of physical and environmental security is Amazon Web Services
responsible?

Selecciona una de las siguientes respuestas posibles:

  • Fire detection and suppression

  • Power redundancy

  • Climate and temperature control in AWS datacenters

  • All of the above

Explicación

Pregunta 3 de 20

1

True or False: The AWS network provides protection against traditional network security
issues.

Selecciona uno de los siguientes:

  • VERDADERO
  • FALSO

Explicación

Pregunta 4 de 20

1

Which AWS service provides centralized management of access and authentication of users
administering the services in an AWS account?

Selecciona una de las siguientes respuestas posibles:

  • AWS Directory Service

  • AWS Identity and Access Management Service

  • Amazon Cognito

  • AWS Config

Explicación

Pregunta 5 de 20

1

Which credentials can an IAM user have in order to access AWS services via the AWS Management
Console and the AWS Command Line Interface (AWS CLI)? (Choose two.)

Selecciona una o más de las siguientes respuestas posibles:

  • Key pair

  • User name and password

  • Email address and password

  • Access keys

Explicación

Pregunta 6 de 20

1

True or False: A password policy can be set in IAM that requires at least two lowercase letters
and at least two non-alphanumeric characters.

Selecciona uno de los siguientes:

  • VERDADERO
  • FALSO

Explicación

Pregunta 7 de 20

1

The IAM access keys used to access AWS services via the AWS Command Line Interface
(AWS CLI) and/or AWS Software Development Kits (SDK) consist of which two parts?

Selecciona una de las siguientes respuestas posibles:

  • Access Key ID and password

  • Public Access Key and Secret Access Key

  • Access Key ID and Secret Access Key

  • User name and Public Access Key

Explicación

Pregunta 8 de 20

1

Which Multi-Factor Authentication devices does the IAM service support?

Selecciona una de las siguientes respuestas posibles:

  • Hardware devices (Gemalto)

  • Virtual MFA applications (for example, Google Authenticator)

  • Simple Message Service (SMS) (via mobile devices)

  • All of the above

Explicación

Pregunta 9 de 20

1

Which of the following is true when using AWS Identity and Access Management groups?

Selecciona una de las siguientes respuestas posibles:

  • IAM users are members of a default user group.

  • Groups can be nested.

  • An IAM user can be a member of multiple groups.

  • IAM roles can be members of a group.

Explicación

Pregunta 10 de 20

1

Which of the following is not a best practice for securing an AWS account?

Selecciona una de las siguientes respuestas posibles:

  • Requiring Multi-Factor Authentication for root-level access

  • Creating individual IAM users

  • Monitoring activity on your AWS account

  • Sharing credentials to provide cross-account access

Explicación

Pregunta 11 de 20

1

Which of the following is true when using AWS Key Management Service (AWS KMS)?

Selecciona una de las siguientes respuestas posibles:

  • All API requests to AWS KMS must be made over HTTP.

  • Use of keys is protected by access control policies defined and managed by you.

  • An individual AWS employee can access a Customer Master Key (CMK) and export
    the CMK in plaintext.

  • An AWS KMS key can be used globally in any AWS Region

Explicación

Pregunta 12 de 20

1

The AWS CloudTrail service provides which of the following?

Selecciona una de las siguientes respuestas posibles:

  • Logs of the API requests for AWS resources within your account

  • Information about the IP traffic going to and from network interfaces

  • Monitoring of the utilization of AWS resources within your account

  • Information on configuration changes to AWS resources within your AWS account

Explicación

Pregunta 13 de 20

1

Amazon CloudWatch Logs enable Amazon CloudWatch to monitor log files. Pattern
filtering can be used to analyze the logs and trigger Amazon CloudWatch alarms based
on customer specified thresholds. Which types of log files can be sent to Amazon
CloudWatch Logs?

Selecciona una de las siguientes respuestas posibles:

  • Operating system logs

  • AWS CloudTrail Logs

  • Access Flow Logs

  • All of the above

Explicación

Pregunta 14 de 20

1

AWS CloudTrail logs the API requests to AWS resources within your account. Which other
AWS service can be used in conjunction with CloudTrail to capture information about
changes made to AWS resources in your AWS account?

Selecciona una de las siguientes respuestas posibles:

  • Auto Scaling

  • AWS Config

  • Amazon VPC Flow Logs

  • AWS Artifact

Explicación

Pregunta 15 de 20

1

True or false: Amazon Inspector continuously monitors your AWS account’s configuration
against the Well Architected Framework’s best practice recommendations for security.

Selecciona uno de los siguientes:

  • VERDADERO
  • FALSO

Explicación

Pregunta 16 de 20

1

A workload consisting of Amazon EC2 instances is placed in an Amazon VPC. What feature of VPC can be used to deny network traffic based on IP source address and port number?

Selecciona una de las siguientes respuestas posibles:

  • Subnets

  • Security groups

  • Route tables

  • Network Access Control Lists

Explicación

Pregunta 17 de 20

1

You want to pass traffic securely from your on-premises network to resources in your
Amazon VPC. Which type of gateway can be used on the VPC?

Selecciona una de las siguientes respuestas posibles:

  • Internet Gateway (IGW)

  • Amazon Virtual Private Cloud endpoint

  • Virtual Private Gateway

  • Amazon Virtual Private Cloud peer

Explicación

Pregunta 18 de 20

1

To protect data at rest within Amazon DynamoDB, customers can use which of the
following?

Selecciona una de las siguientes respuestas posibles:

  • Client-side encryption

  • TLS connections

  • Server-side encryption provided by the Amazon DynamoDB service

  • Fine-grained access controls

Explicación

Pregunta 19 de 20

1

When an Amazon Relational Database Service database instance is run within an Amazon
Virtual Private Cloud, which Amazon VPC security features can be used to protect the
database instance?

Selecciona una de las siguientes respuestas posibles:

  • Security groups

  • Network ACLs

  • Private subnets

  • All of the above

Explicación

Pregunta 20 de 20

1

Which of the following is correct?

Selecciona una de las siguientes respuestas posibles:

  • Amazon SQS and Amazon SNS encrypt data at rest.

  • Amazon SQS and Amazon SNS do not encrypt data at rest.

  • Amazon SQS encrypts data at rest and Amazon SNS does not encrypt data at rest.

  • Amazon SQS does not encrypt data at rest and Amazon SNS encrypts data at rest.

Explicación