AWS CLOUD - ALC

Which of the below statement correctly describes the principle of least privilege? Which of the below statement correctly describes the principle of least privilege?

1 Mark(s)

All users should have the same set of permissions
A user should have just the bare minimum permissions to access services required (Correct)
Root account must not be used for day-to-day activities
A user should always be assigned to a group and have permissions as defined by the group

Which of the following statements are correct with regards to IAM? Which of the following statements are correct with regards to IAM?

1 Mark(s)

IAM controls who can access AWS resources
IAM updates the user on potential issues AWS is facing
IAM controls how a user can control resources
IAM reports the API calls made on behalf of the user

Which of the following is an example of security in the cloud? Which of the following is an example of security in the cloud?

1 Mark(s)

Which AWS services are used with the content (Correct)
Country in which content is stored
Compliance with computer security guidelines and regulations
Physical security of the data centers

For which of the below services is it the customer's responsibility to perform all required security configurations and management tasks? For which of the below services is it the customer's responsibility to perform all required security configurations and management tasks?

1 Mark(s)

AWS S3
AWS RDS
AWS EC2
AWS VPC

Which of the below is not an IAM best practice? Which of the below is not an IAM best practice?

1 Mark(s)

Use IAM groups
Give IAM users maximum privilege for access.
Use roles for applications
Apply MFA

Which of the following are included in AWS assurance programs? Which of the following are included in AWS assurance programs?

1 Mark(s)

Customer testimonials
Certificates and attestations (Correct)
Laws, Regulations, Privacy (Correct)
Partner validations

Which steps can be taken so as to ensure that the access key and secret access keys on an EC2 instance are not compromised? Which steps can be taken so as to ensure that the access key and secret access keys on an EC2 instance are not compromised?

1 Mark(s)

Store the access key/secret access key in encrypted format on the instance
Store the access key/secret access key in encrypted format on an S3 bucket
Assign a correct IAM role to the EC2 instance
Enable multi-factor authentication for the root and the EC2 user

Which of the following is not a valid mechanism using which AWS communicates with customers regarding its security and control environment? Which of the following is not a valid mechanism using which AWS communicates with customers regarding its security and control environment?

1 Mark(s)

NDA to customers
Direct access to customers to AWS data centers and infrastructure
Whitepapers and blogs
Legal agreements to customers

Identify the correct statement Identify the correct statement

1 Mark(s)

A classic load balancer should be used by its public IP addesss.
A classic load balancer should be used by its domain name.
A classic load balancer should be used by its host name.
A classic load balancer should be used by its private IP addesss.

Which of the following is not a part of AWS risk and compliance programs? Which of the following is not a part of AWS risk and compliance programs?

1 Mark(s)

Risk Management
Information Security
Global infrastructure security
Control Environment

When configuring autoscaling, where do we specify the VPC configuration? When configuring autoscaling, where do we specify the VPC configuration?

1 Mark(s)

Launch template
Autoscaling Group
Autoscaling policy
Launch configuration

For which of the below does IAM not control access to? For which of the below does IAM not control access to?

1 Mark(s)

Application Services
Networking
Database
Compute

What are the access types in IAM? What are the access types in IAM?

1 Mark(s)

Root user access
Console Access
Federated Access
Programmatic access

Which service seamlessly enables hybrid storage between on-premises storage environments and the AWS Cloud? Which service seamlessly enables hybrid storage between on-premises storage environments and the AWS Cloud?

1 Mark(s)

VPN
Direct Connect
Glacier
Storage Gateway

Which of the below is not a compliance communication responsibility of customer to AWS? Which of the below is not a compliance communication responsibility of customer to AWS?

1 Mark(s)

Customers communicate their use and configuration information to AWS at all times.
Customers do not need to communicate their configurations to AWS.
Both AWS and Customers communicate their security and configuration details to each other.
Both AWS and Customers communicate keep their security and configuration details isolated from each other.

Which of the following item is not included in security status checklist? Which of the following item is not included in security status checklist?

1 Mark(s)

User groups to assign permissions
Apply IAM password policy
Delete root access keys
Create Individual IAM Groups

In the shared responsibility model AWS is responsible for which of the below? In the shared responsibility model AWS is responsible for which of the below?

1 Mark(s)

Security of the cloud
Security for the cloud
Security in the cloud
Security on the cloud

Which of the following AWS services helps the customer to follow best practices? Which of the following AWS services helps the customer to follow best practices?

1 Mark(s)

AWS Systems Manager
Trusted Advisor
AWS Shield
Trusted Advisor

What is the purpose of an internet gateway? What is the purpose of an internet gateway?

1 Mark(s)

It is attached to public subnet to allow connections to internet
It is used to control traffic enetering the subnets
It allows instances in private subnets to communicate over the internet?
• It is used to connect to other service VPC endpoints

Which of the following are valid trusted entity types for creating roles? (Choose any 3) Which of the following are valid trusted entity types for creating roles? (Choose any 3)

1 Mark(s)

Web Identity (Correct)
Cross Account (Correct)
Consolidated billing
AWS Service

What is federated IAM access? What is federated IAM access?

1 Mark(s)

Accessing AWS account with root username and password.
Accessing AWS account with access key and secret access keys.
Accessing AWS services using external identity providers like Facebook/Google.
• Accessing Aws services with existing Corporate Identity credentials.

Which of the following is a document which is a formal statement of one or more permissions? Which of the following is a document which is a formal statement of one or more permissions?

1 Mark(s)

Policy
Permission
Role
Template

Which of the following is a best practice for the root account? Which of the following is a best practice for the root account?

1 Mark(s)

Use root account for critical activities.
Delete the root account as soon as administrator account is created.
Revoke all permissions from root account.
Delete root account access keys.

Which of the below is not required to create a security group rule? Which of the below is not required to create a security group rule?

1 Mark(s)

Traffic Ports
Traffic Protocols
Traffic permission -- Allow/Deny
Traffic Destination

How does a newly created user access the AWS services? How does a newly created user access the AWS services?

1 Mark(s)

Using IAM username and password.
User username and roles.
Using access-key and secret access key.
Using IAM username and secret access key.

Which of the below are some security benefits of AWS cloud? Which of the below are some security benefits of AWS cloud?

1 Mark(s)

Secure Global Infrastructure
Meet compliance regulation
Data storage
Shared responsibility model

Which of the following tasks are performed by AWS for data security? Which of the following tasks are performed by AWS for data security?

1 Mark(s)

Decommission storage devices using industry - standard practices
Encrypt data on all storage devices
Perform patching on EC2 instances
Replicate data across multiple regions

Which of the below are types of permissions used by AWS? Which of the below are types of permissions used by AWS?

1 Mark(s)

User-Based and Resource Based
Service-Based
Resource Based and Product Based
Product-Based and Service-Based

Which of the following services allows user to centrally manage commonly deployed IT services and meet compliance requirements? Which of the following services allows user to centrally manage commonly deployed IT services and meet compliance requirements?

1 Mark(s)

AWS Shield
Trusted Advisor
AWS Service Catalog
AWS Inspector

After creating a new IAM user, which of the following must be done before they can successfully make API calls? After creating a new IAM user, which of the following must be done before they can successfully make API calls?

1 Mark(s)

Assign a password policy to the user
Enable multi-factor authentication
Create a new set of access key and secret access key for the user
Assign the user to a group and assign necessary permissions to the group

AWS CLOUD - ALC - TEST 04 : Question 1 of 30