AWS CERTIFIED CLOUD PRACTITIONER MODULE 6 -

PDF Download

AWS CERTIFIED CLOUD PRACTITIONER MODULE 6 -

SECURITY EXAM QUESTIONS

Actual Qs and Ans Expert-Verified Explanation

This Exam contains:

-Guarantee passing score -37 Questions and Answers -format set of multiple-choice -Expert-Verified Explanation

Question 1: Which service helps protect your applications against distributed

denial-of-service (DDoS) attacks?

Answer:

AWS Shield

Question 2: Which statement best describes the principle of least privilege?

Answer:

Granting only the permissions that are needed to perform specific tasks

Question 3: AWS Artifact Reports

Answer:

-provide compliance reports from third-party auditors -global, regional, and industry-specific security standards and regulations

Question 4: IAM policies

Answer:

document that allows or denies permissions to use AWS services and resources

Question 5: least privilege

Answer:

security principles that prevents users or roles from having more permissions than needed to perform their tasks

Question 6: AWS WAF

Answer:

web application firewall that lets you monitor network requests that come into your web applications

Question 7: SCPs

Answer:

service control policies -enable you to place restrictions in the AWS services, accounts, and individual API actions that users and roles in each account access

Question 8: Which task can AWS Key Management Service (AWS KMS) perform?

Answer:

Create cryptographic keys.

Question 9: Amazon Inspector

Answer:

performs automated security assessments -checks for security vulnerabilities and deviations from security best practices -provides a list of security findings and list is organized by priority security level

Question 10: Best practice for IAM roles

Answer:

IAM roles are ideal for situations in which access to services or resources needs to be granted temporarily, instead of long-term

Question 11: IAM roles

Answer:

identity you can assume to gain temporary access to permissions

Question 12: AWS IAM

Answer:

AWS Identity and Access Management -enables you to manage access to AWS services and resources securely Question 13: You are configuring service control policies (SCPs) in AWS Organizations. Which identities and resources can SCPs be applied to? (Select TWO.)

Answer:

-An individual member account -An organizational unit (OU)

Question 14: AWS Organizations

Answer:

consolidates and manages multiple AWS accounts within a central location

Question 15: AWS Shield

Answer:

service that protects applications against DDoS attacks

Question 16: shared responsibility model for customers

Answer:

responsible for the security of everything that they create and put in the AWS Cloud including content, who has access to the content, and how access rights are managed, granted, and revoked

Question 17: shared responsibility model for AWS

Answer:

security of the cloud and global infrastructure that runs on all of the services offered in the AWS cloud including AWS Regions, Availability Zones, and edge locations -physical security of data centers, hardware and software infrastructure, network infrastructure, and virtualization of infrastructure

Question 18: Customer Compliance Center

Answer:

contains resources to help you learn more about AWS compliance

Question 19: IAM users

Answer:

-represents the person or application that interacts with AWS services and resources consisting of a name and credentials -root user must give IAM users permissions

Question 20: AWS Shield Standard

Answer:

automatically protects all AWS customers at no cost from DDoS attacks

Question 21: Which tasks are the responsibilities of customers? (Select TWO.)

Answer:

-Setting permissions for Amazon S3 objects -Patching software on Amazon EC2 instances

Question 22: cryptographic key

Answer:

random string of digits used for locking(encrypting) and unlocking(decrypting) data

Question 23: OUs

Answer:

organizational units -grouping of accounts to make managing accounts with similar business or security requirements easier

Question 24: MFA

Answer:

multi-factor authentication -adding an extra layer of security to signing in

Question 25: AWS Shield Advanced

Answer:

-paid service that provides detailed diagnostics and the ability to detect and mitigate sophisticated DDoS attacks -integrates Amazon CloudFront, Amazon Route 53, Elastic Load-Balancing