26-14 Implementing Security in AWS

Last updated Aug 27, 2023 Edit Source

1. Which of the following is part of the customers’ responsibility regarding the Shared Security Model? (Choose 2.)

• A. Patch Windows EC2 instances with the latest security patches.
• B. Configure NACL to only allow inbound ports 80 and 443 to Linux web servers from the internet.
• C. Update the network cabling in the us-east-1 data centers.
• D. Upgrade the underlying infrastructure support for the Lambda service.
• E. Upgrade the biometric readers in the London Region.

2. Which service in AWS protects your virtual network and resources from common DDoS attacks?

• A. AWS WAF
• B. AWS Shield
• C. AWS Detective
• D. Amazon Macie

3. Which of the following AWS Security tools can protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources?

• A. AWS WAF
• B. AWS GuardDuty
• C. AWS Shield
• D. AWS NACL

4. Which AWS service uses machine learning to classify sensitive information stored in your Amazon S3 buckets and monitor access patterns for anomalies that indicate risks or suspicious behavior, such as large quantities of source code being downloaded?

• A. Amazon Macie
• B. Amazon X-Ray
• C. AWS Shield
• D. AWS WAF

5. Which AWS service enables companies looking to migrate to the AWS cloud to obtain copies of various compliance documents such as ISO certifications, PCI, and SOC reports?

• A. AWS Artifact
• B. AWS Config
• C. AWS CloudWatch
• D. AWS security reports

6. To fulfill strict compliance requirements, you need to create and manage your encryption keys using FIPS 140-2 Level 3-validated HSM devices. Which type of encryption service would you recommend?

• A. AWS KMS
• B. AWS CloudHSM
• C. Certificate Manager
• D. BitLocker

Answers

1. A and B
2. B
3. A
4. A
5. A
6. B