Practice Test

True/False: AWS Secrets Manager allows you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.

  • True
  • False

Answer: True

Explanation: AWS Secrets Manager protects access to applications, services, and IT resources. This eliminates upfront and ongoing investment in maintaining your own infrastructure for managing secrets.

Which AWS service allows you to automate response to system events such as deployments or upgrades?

  • a) AWS Secrets Manager
  • b) AWS Systems Manager
  • c) AWS CloudWatch
  • d) AWS CodeDeploy

Answer: b) AWS Systems Manager

Explanation: AWS Systems Manager gives you visibility and control of your infrastructure. It’s not just about secret management, it allows you to understand and control the state of your AWS resources.

True/False: AWS Secrets Manager automatically replaces all the secrets in your applications with new secrets as often as you’d like.

  • True
  • False

Answer: False

Explanation: AWS Secrets Manager does not automatically replace secrets. It can rotate credentials but the actual update in your applications should be managed by the application owners.

In ______________, you can control access to AWS services and resources securely.

  • a) AWS Secrets Manager
  • b) AWS Systems Manager
  • c) IAM Policy
  • d) CloudWatch

Answer: c) IAM Policy

Explanation: IAM Policy is a document that formally states one or more permissions to secure resources by AWS services.

True/False: IAM policy is a JSON document in which you specify the permissions you want to grant to a user.

  • True
  • False

Answer: True

Explanation: IAM policy is a simple JSON document where you explicitly define the permissions.

True/False: It is recommended to store AWS credentials in code.

  • True
  • False

Answer: False

Explanation: This is against AWS best practices. Accidental exposure can compromise your resources.

Multiple Choice: Which of the following options are benefits of AWS Secrets Manager?

  • a) Automated secret rotation
  • b) Cost-effective
  • c) Easy integration with other AWS services
  • d) All of the above

Answer: d) All of the above

Explanation: AWS Secrets Manager provides all of these benefits and more, providing a convenient and secure solution for managing secrets.

IAM roles are a secure way to grant permissions to entities that you trust. Which of the following entities can assume a role?

  • a) An AWS service
  • b) An external user
  • c) Both A and B
  • d) Neither A nor B

Answer: c) Both A and B

Explanation: IAM roles allow both AWS services and external users to assume roles with the necessary permissions.

AWS Secrets Manager encrypts secrets at rest using which of the following?

  • a) KMS-Managed keys
  • b) SSL
  • c) SSH
  • d) AES

Answer: a) KMS-Managed keys

Explanation: AWS Secrets Manager uses KMS-Managed keys to encrypt secrets at rest.

True/False: AWS Systems Manager helps you to maintain security and compliance by scanning your instances against your desired configurations.

  • True
  • False

Answer: True

Explanation: AWS Systems Manager enables you to scan your instances for any deviation in configuration from what is desired, maintaining both security and compliance.

Which AWS Service is a single place to manage keys and cryptographic material for use across AWS services and your applications?

  • a) AWS Key Manager
  • b) AWS Brewer
  • c) AWS KMS (Key Management Service)
  • d) AWS Certificate Manager

Answer: c) AWS KMS (Key Management Service)

Explanation: AWS KMS combines secure, scalable encryption and key management services to help protect your data you store in AWS.

True/False: You cannot reuse existing IAM role policies for creating new roles.

  • True
  • False

Answer: False

Explanation: IAM enables you to reuse existing role policies for creating new roles, making management and control of permissions scalable.

True/False: AWS Systems Manager Agent (SSM Agent) is Amazon software than can be installed on EC2 instances, and it allows you to remotely manage these instances.

  • True
  • False

Answer: True

Explanation: SSM Agent is installed by default on instances created from Amazon Linux AMIs, but it can also be installed on any EC2 instance running Windows Server or various distributions of the Linux OS.

Which of the following statements about AWS password policy is incorrect?

  • a) It can enforce password complexity rules.
  • b) It allows all IAM users to change their own passwords.
  • c) It prevents IAM users from reusing previous passwords.
  • d) It cannot enforce automatic password expiration.

Answer: d) It cannot enforce automatic password expiration.

Explanation: AWS IAM enables you to specify a password policy with complexity requirements and mandatory rotation periods.

AWS Secrets Manager uses which AWS service to encrypt secrets before storing them?

  • a) AWS S3
  • b) AWS KMS
  • c) AWS Certificate Manager
  • d) AWS EC2

Answer: b) AWS KMS

Explanation: AWS Secrets Manager encrypts the protected text of a secret by using AWS Key Management Service (AWS KMS).

Interview Questions

What is the purpose of AWS Access Keys?

AWS Access Keys are used to securely access AWS resources programmatically, for instance, via the AWS CLI or SDKs.

Describe the two components of AWS Access Keys.

AWS Access Keys consists of two parts: an Access Key ID, which is used to identify the user, and a Secret Access Key, which is used to encrypt and decrypt AWS API requests.

What is AWS Secrets Manager?

AWS Secrets Manager is a secrets management service that helps you protect access to your applications, services, and IT resources. It enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.

Can you store raw text, binary data, JSON, or even key-value pairs in AWS Secrets Manager?

Yes, you can store all these types of data in AWS Secrets Manager.

What is AWS Systems Manager?

AWS Systems Manager gives you visibility and control of your infrastructure on AWS. Its services are designed to help you automate management tasks, apply operational best practices, and promote a secure and compliant environment.

How can you rotate secrets stored in AWS Secrets Manager?

AWS Secrets Manager offers secret rotation functionality. You can even set up automatic rotating of secrets without implementing additional code.

How are secrets stored in AWS Secrets Manager protected?

Secrets stored in AWS Secrets Manager are protected through encryption. The service uses AWS Key Management Service (KMS) for encryption and decryption of secrets.

What is AWS password policy?

AWS password policy is a set of rules defined to enhance security by encouraging users to employ strong passwords and use them properly. It can enforce requirements such as password length, requiring special characters, and mandatory resets after a certain period.

Can you control the permissions of an AWS Access Key?

Yes. The permissions of an AWS Access Key are tied to the user to whom they belong. By modifying user permissions or using policy conditions for access, you can control the access level of the keys.

What happens when an AWS Access Key is deactivated?

When an AWS Access Key is deactivated, it remains associated with the user but cannot be used to make requests to AWS.

Can you have active on-demand secret rotation with AWS Secrets Manager without any application changes?

Yes, you can. AWS Secrets Manager’s secret rotation feature lets you define a rotation schedule, which can be on a daily, monthly, or custom schedule.

How can you use AWS Systems Manager to improve security?

AWS Systems Manager enables you to apply operational best practices, automate system updates, monitor system performance, and view detailed system inventories, which improve security by ensuring that your systems are always up-to-date and configured properly.

What happens if you lose the Secret Access Key component of your AWS Access Key?

If you lose the Secret Access Key you cannot retrieve it. However, you can create a new set of access keys at any time.

Leave a Reply

Your email address will not be published. Required fields are marked *