AWS CLOUD PRACTITIONER ESSENTIALS MODULE 6 EXAM

PDF Download

AWS CLOUD PRACTITIONER ESSENTIALS MODULE 6 EXAM

QUESTIONS

Actual Qs and Ans Expert-Verified Explanation

This Exam contains:

-Guarantee passing score -68 Questions and Answers -format set of multiple-choice -Expert-Verified Explanation

Question 1: What does shared responsibility model divide into?

Answer:

The shared responsibility model divides into customer responsibilities (commonly referred to as "security in the cloud") and AWS responsibilities (commonly referred to as "security of the cloud").

Question 2: What else does the Customer Compliance Center include?

Answer:

It includes an auditor learning path. This learning path is designed for individuals in auditing, compliance, and legal roles who want to learn more about how their internal operations can demonstrate compliance using the AWS Cloud.Question 3: AWS Shield Standard uses a variety of analysis techniques to detect malicious traffic in real time and automatically mitigates it.

Answer:

What is AWS Shield Advanced?

Question 4: What is an example of a a

Answer:

What is an example of a denial-of-service (DoS) attack?Question 5: An attacker might flood a website or application with excessive network traffic until the targeted website or application becomes overloaded and is no longer able to respond. If the website or application becomes unavailable, this denies service to users who are trying to make legitimate requests.

Answer:

What is a distributed denial-of-service attack?

Question 6: AWS Identity and Access Management (IAM)

Answer:

enables you to manage access to AWS services and resources securely.

Question 7: Multi-factor authentication (MFA)

Answer:

In IAM, multi-factor authentication (MFA) provides an extra layer of security for your AWS account.Question 8: It checks against the list of rules that you have configured in the web ACL. If a request did not come from one of the blocked IP addresses, it allows access to the application.

Answer:

What happens when a request comes from one of the blocked IP addresses that you have specified in the web ACL?

Question 9: It is denied access.

Answer:

What is Amazon Inspector?Question 10: Enables you to perform encryption operations through the use of cryptographic keys.

Answer:

What is a cryptographic key?

Question 11: What happens when organizing separate accounts into OUs?

Answer:

You can more easily isolate workloads or applications that have specific security requirements. For instance, if your company has accounts that can access only the AWS services that meet certain regulatory requirements, you can put these accounts into one OU. Then, you can attach a policy to the OU that blocks access to all other AWS services that do not meet the regulatory requirements.Question 12: In a distributed denial-of-service (DDoS) attack, multiple sources are used to start an attack that aims to make a website or application unavailable. This can come from a group of attackers, or even a single attacker. The single attacker can use multiple infected computers (also known as "bots") to send excessive traffic to a website or application.

Answer:

What is AWS shield?

Question 13: What is IAM roles best practice?

Answer:

IAM roles are ideal for situations in which access to services or resources needs to be granted temporarily, instead of long-term.

Question 14: What is a denial-of-service (DoS) attack?

Answer:

A deliberate attack that originates from a single source to make a website or application unavailable to users.

Question 15: What happens when you apply a policy to an OU?

Answer:

All the accounts in the OU automatically inherit the permissions specified in the policy.

Question 16: AWS Organizations

Answer:

Suppose that your company has multiple AWS accounts. You can use AWS Organizations to consolidate and manage multiple AWS accounts within a central location.

Question 17: What is AWS artifacts?

Answer:

A service that provides on-demand access to AWS security and compliance reports and select online agreements.

Question 18: A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data.

Answer:

What else can AWS KMS allow you to do?Question 19: What do the compliance whitepapers and documentation contain in the Customer Compliance Center?

Answer:

-AWS answers to key compliance questions -An overview of AWS risk and compliance -An auditing security checklist

Question 20: What is Customer Compliance Center?

Answer:

Contains resources to help you learn more about AWS compliance.Question 21: An automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API.

Answer:

What does Amazon Inspector do?Question 22: In AWS Organizations, how do you centrally control permissions for the accounts in your organization?

Answer:

You use service control policies (SCPs). SCPs enable you to place restrictions on the AWS services, resources, and individual API actions that users and roles in each account can access.Question 23: You are configuring service control policies (SCPs) in AWS Organizations. Which identities and resources can SCPs be applied to? (Select TWO.)

Answer:

An organizational unit (OU) -An individual member account