AWS Certified Solutions Architect - Associate (SAA-C03)

Application configuration and credentials security

#AWS Certified Solutions Architect - Associate (SAA-C03)

Table of Contents

Practice Test

True or False: It is recommended to store sensitive application configuration information, such as database passwords, in plain text within the code.

  • Answer: False

Explanation: Storing plain text sensitive data within the code exposes the application to security vulnerabilities if the codebase is exposed or compromised. Therefore, it is not recommended and secure ways like AWS Secret Manager should be used.

Which AWS service can be used to save database credentials securely?

  • A) AWS S3
  • B) AWS IAM
  • C) AWS Secret Manager
  • D) AWS EC2

Answer: C) AWS Secret Manager

Explanation: AWS Secret Manager allows secure storage and retrieval of credentials, API keys, and other secrets, making it ideal for database credential storage.

In an AWS CloudFormation template, which logical ID links to the resource where you want to store credentials?

  • A) AWSCredentials
  • B) AWS::SecretsManager::Secret
  • C) AWS::IAM::AccessKey
  • D) AWS::DynamoDB::Table

Answer: B) AWS::SecretsManager::Secret

Explanation: The AWS::SecretsManager::Secret resource type creates a secret and stores it in Secrets Manager.

True or False: AWS IAM Access Keys should be shared with team members on need basis.

  • Answer: False

Explanation: Sharing AWS IAM Access Keys with team members is not a valid practice as it may lead to unauthorized access of resources. Each team member should have their own access keys.

Where should HTTP sessions be stored in a distributed system for the best security?

  • A) In a database on the application server
  • B) On the client’s browser cookies
  • C) In a distributed caching system
  • D) Within the application’s source code

Answer: C) In a distributed caching system

Explanation: Storing HTTP sessions in a distributed cache increases the security and scalability of the application while reducing the dependence on the stability of individual servers.

True or False: It’s acceptable to use root account credentials regularly for day-to-day interactions with AWS.

  • Answer: False

Explanation: It is generally not suggested to use root account credentials regularly due to their vast permissions. We should create IAM users with only necessary permissions for regular use.

Which AWS service allows you to decouple applications and components by providing a buffer between the component producing and saving data and the component receiving the data.

  • A) AWS SQS
  • B) AWS SNS
  • C) AWS RDS
  • D) AWS EC2

Answer: A) AWS SQS

Explanation: AWS SQS enables you to move data between distributed application components and helps to build a more responsive and scalable system.

Which AWS service would you use to manage keys and perform cryptographic operations?

  • A) AWS KMS
  • B) AWS S3
  • C) AWS EC2
  • D) AWS VPC

Answer: A) AWS KMS

Explanation: AWS Key Management Service (KMS) makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services.

True or False: Multi-factor authentication (MFA) can enhance account security in AWS.

  • Answer: True

Explanation: Multi-Factor Authentication (MFA) provides extra security because it requires users to authenticate through more than one mechanism before granting access to AWS resources.

Which AWS service allows you to centrally manage users and their privileges?

  • A) AWS Lambda
  • B) AWS IAM
  • C) AWS S3
  • D) AWS RDS

Answer: B) AWS IAM

Explanation: AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely.

Interview Questions

What is the AWS Identity and Access Management (IAM) service?

AWS Identity and Access Management (IAM) is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS.

What is AWS Key Management Service (KMS)?

AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data.

Can you manage a third-party application configuration in AWS?

Yes, you can manage third-party application configuration using AWS Systems Manager Parameter Store.

What is AWS Secrets Manager?

AWS Secrets Manager is a secrets management service that helps you protect access to your applications, services, and IT resources. It enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.

What is AWS Systems Manager Parameter Store?

AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management.

Why do we use AWS IAM roles?

AWS IAM roles are used to delegate permissions that determine who is trusted to assume the role. Roles do not have long-term credentials such as passwords or access keys associated with them, making them more secure for delegation and less likely to be exploited by unauthorized users.

How can you improve the security of your AWS account?

You can use multi-factor authentication (MFA), create individual IAM users, apply IAM policies, regularly rotate your access keys, and monitor activity in your AWS account using AWS CloudTrail and Amazon CloudWatch.

What happens when you delete an AWS KMS customer master key (CMK)?

When you schedule an AWS KMS CMK for deletion, it is first disabled and cannot be used for cryptographic operations. It is deleted after the waiting period (default 30 days). You cannot cancel the deletion process after it has begun.

What is the recommended method for managing database credentials on AWS?

It is recommended to use AWS Secrets Manager to handle database credentials as it automatically rotates, manages, and retrieves database credentials, API keys, and other secrets throughout their lifecycle.

How can an application on an Amazon EC2 instance securely access AWS services?

An application on Amazon EC2 can securely access AWS services by using IAM Roles for EC2 instances. The roles provide temporary permissions that applications can use when they make calls to other AWS resources.

What does AWS KMS use to encrypt and decrypt data?

AWS Key Management Service (KMS) uses managed cryptographic keys, also known as Customer Master Keys (CMKs), to encrypt and decrypt data.

How can one determine which actions an IAM policies allow or deny?

You can use the IAM policy simulator to test and validate the actions a policy allows or denies.

How can you grant a user permission to access a resource in AWS?

In AWS, you can grant a user permission to access a resource by attaching an IAM policy to the user that allows access to the specific resource.

What is the primary principle of security in AWS?

The primary principle of security in AWS is the shared responsibility model, where security and compliance is a responsibility shared by AWS and the customer.

Can you store sensitive configuration data such as passwords in AWS Systems Manager Parameter Store?

Yes, AWS Systems Manager Parameter Store supports public and private hierarchies and versioning of parameter values, which makes it possible to store configuration data and secrets in a structured and secure manner.

Related Post

AWS Certified Solutions Architect - Associate (SAA-C03)

Multi-tier architectures

extutorials.com
AWS Certified Solutions Architect - Associate (SAA-C03)

Caching strategies and services (for example, Amazon ElastiCache)

extutorials.com
AWS Certified Solutions Architect - Associate (SAA-C03)

Storage access patterns

extutorials.com

Leave a Reply

Your email address will not be published. Required fields are marked *