Practice Test

True or False: Amazon Macie is used for monitoring applications and resources in real-time.

  • True
  • False

Answer: False

Explanation: Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data.

Multiple Select: Which of the following are uses of AWS CloudTrail?

  • a) Track user activity and API usage
  • b) Monitor the health of AWS resources
  • c) Store logs for future analysis
  • d) Automatically classify data

Answer: a, c.

Explanation: AWS CloudTrail is used to track user activity and API usage across AWS infrastructure, and can store the event history for future analysis. It doesn’t classify data or monitor the health of AWS resources.

Single Select: Which AWS service is used to monitor applications, collect and track metrics, collect and monitor log files, and respond to system-wide performance changes?

  • a) AWS CloudTrail
  • b) Amazon CloudWatch
  • c) Amazon Macie
  • d) AWS Athena

Answer: b) Amazon CloudWatch.

Explanation: Amazon CloudWatch is used to collect and track metrics, collect and monitor log files, and respond to system-wide performance changes.

True or False: AWS CloudTrail supports data event logging for AWS Lambda functions.

  • True
  • False

Answer: True.

Explanation: AWS CloudTrail does indeed support data event logging for AWS Lambda functions.

Single Select: What is the primary function of Amazon Macie?

  • a) Data Classification
  • b) Log Monitoring
  • c) Network Traffic Analysis
  • d) Inventory Management

Answer: a) Data Classification.

Explanation: Amazon Macie is primarily used for data classification. It uses machine learning to automatically discover, classify, and protect sensitive data.

True or False: Amazon CloudWatch can be used to track and store AWS API calls for auditing purposes.

  • True
  • False

Answer: False.

Explanation: This is a function of AWS CloudTrail, not CloudWatch which focuses more on performance monitoring.

Multiple Select: What types of data can Amazon Macie identify and classify?

  • a) Personally identifiable information (PII)
  • b) Intellectual property
  • c) Financial data
  • d) Usage patterns

Answer: a, b, c.

Explanation: Amazon Macie can automatically identify and classify sensitive data such as PII, IP, and financial data.

Single Select: Which AWS service allows the effective auditing of activity within your AWS environment?

  • a) Amazon S3
  • b) Amazon CloudWatch
  • c) AWS CloudTrail
  • d) Amazon RDS

Answer: c) AWS CloudTrail.

Explanation: AWS CloudTrail tracks all user activity, making it a great tool for auditing purposes.

True or False: It’s possible to integrate Amazon Macie with AWS CloudTrail for enhanced security data analysis.

  • True
  • False

Answer: True.

Explanation: Indeed, Amazon Macie can be integrated with AWS CloudTrail to enhance the identification of potential security and privacy risks, as well as patterns of risky activity.

Multiple Select: Which of the following AWS services use machine learning algorithms for its operations?

  • a) Amazon CloudWatch
  • b) AWS CloudTrail
  • c) Amazon Macie
  • d) Amazon S3

Answer: c) Amazon Macie.

Explanation: Amazon Macie is the only one among these options that uses machine learning to automatically discover, classify, and protect sensitive data.

Interview Questions

What is the primary function of Amazon Macie?

Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data like Personally Identifiable Information (PII).

How does AWS CloudTrail aid in governance, compliance, operational auditing and risk auditing of your AWS account?

AWS CloudTrail logs, continuously monitors, and retains activity related to actions across your AWS infrastructure, making it easier for your to meet compliance standards and maintain security.

What can be done using Amazon CloudWatch?

CloudWatch is used to collect and track metrics, collect and monitor log files, and set alarms. It provides data and actionable insights for AWS, hybrid, and on-premises applications and infrastructure resources.

What data types can Amazon Macie identify and protect?

Amazon Macie can identify and protect a range of sensitive data types, including personally identifiable information (PII), financial data, intellectual property, and AWS credentials.

Can AWS CloudTrail track API calls?

Yes, AWS CloudTrail can track API calls made on your account and delivers log files to your specified S3 bucket.

What are the two main types of CloudWatch metrics?

CloudWatch provides two types of metrics: system-wide visibility into resource utilization, application performance, and operational health (Basic Metrics) and detailed monitoring for select EC2 instances and EBS volumes (Detailed Metrics).

How does Amazon Macie help to increase the protection of data stored in Amazon S3?

Amazon Macie uses machine learning to recognise and protect sensitive data such as Personally Identifiable Information (PII). It continually checks data access activity for anomalies and generates detailed alerts if it identifies a risk.

How long does AWS CloudTrail keep event history for an AWS account?

AWS CloudTrail retains the event history (recorded API activity) for your AWS account for 90 days.

Is it possible to share Amazon CloudWatch data and alarms with other AWS accounts?

Yes, you can share Amazon CloudWatch dashboards with AWS accounts, IAM users, and also with users who sign in from an active directory.

Can Amazon Macie be integrated with any other AWS services?

Yes, Amazon Macie can be integrated with AWS services such as Amazon CloudWatch and AWS CloudTrail to extend its capabilities to monitor, log, and retain API activity and security events.

What three types of objects does AWS CloudTrail record?

AWS CloudTrail logs management events, data events, and insights events.

What are the main components of Amazon CloudWatch?

The main components of Amazon CloudWatch are Metrics, Alarms, Dashboards, Events, and Logs.

Can we encrypt the data that Amazon Macie classifies?

Yes, Amazon Macie can automatically encrypt the data that it classifies through AWS Key Management Service.

How can we view the events recorded by AWS CloudTrail?

The events recorded by AWS CloudTrail can be viewed through the AWS Management Console, AWS CLI, or via CloudTrail API.

Which default metrics are provided by Amazon CloudWatch for Amazon EC2 instances?

The default metrics provided by Amazon CloudWatch for Amazon EC2 instances include CPU utilization, Disk Reads and Writes, Network Packets In and Out, and Status Check Failed.

Leave a Reply

Your email address will not be published. Required fields are marked *