AWS Certified Solutions Architect - Associate (SAA-C03)

Data access and governance

Practice Test

True or False: IAM roles can be used to delegate permissions to AWS services.

  • True
  • False

Answer: True

Explanation: IAM roles are a secure way to grant permissions to entities that you trust. These could be AWS services like EC2, or user applications.

In AWS, which of the following can be used to restrict access to data stored in S3?

  • A) IAM Policy
  • B) S3 Bucket Policy
  • C) Access Control List (ACL)
  • D) Service Control Policy

Answer: A) IAM Policy, B) S3 Bucket Policy and C) Access Control List (ACL)

Explanation: All three options can be used to restrict access to data in S IAM Policy is used to manage permissions and specify what actions are allowed or denied. S3 Bucket Policy is applied directly to an S3 bucket to control access while ACLs provide an additional layer of control over buckets and objects.

True or False: CloudTrail logs can be used for governance, compliance, operational auditing, and risk auditing of your AWS account.

  • True
  • False

Answer: True

Explanation: CloudTrail captures detailed event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services. This can be used for governance, compliance, and auditing purposes.

In AWS, which service helps you to manage secrets?

  • A) AWS Secrets Manager
  • B) AWS Key Management Service
  • C) AWS Cryptographic services
  • D) AWS CloudHSM

Answer: A) AWS Secrets Manager

Explanation: AWS Secrets Manager helps you protect access to your IT resources. This service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.

Which AWS service helps you to classify, secure, and monitor sensitive data?

  • A) Macie
  • B) Athena
  • C) Glue
  • D) Shield

Answer: A) Macie

Explanation: AWS Macie is a fully managed data privacy and security service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS.

True or False: You need to encrypt data at rest in AWS directly through the Amazon S3 console.

  • True
  • False

Answer: False

Explanation: While you can enable encryption on S3 directly, AWS also provides SDKs and APIs for common programming languages so you can manage encryption programmatically.

Multiple Select: Which of the following are recommended for data governance in AWS?

  • A) Implement Access Controls
  • B) Audit actions
  • C) Encrypt sensitive data
  • D) Share AWS account credentials with all team members

Answer: A) Implement Access Controls, B) Audit actions and C) Encrypt sensitive data

Explanation: In data governance, it’s essential to control who has access to data, monitor actions on data, and encrypt sensitive data. Sharing AWS account credentials with all team members is not recommended.

Which AWS service is used to enforce compliance controls across your AWS accounts?

  • A) CloudWatch
  • B) Config
  • C) Shield
  • D) CloudTrail

Answer: B) Config

Explanation: AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.

True or False: AWS recommends that you root your AWS account regularly.

  • True
  • False

Answer: False

Explanation: AWS recommends using IAM users for everyday interaction with AWS, instead of the root account. The root account should be used sparingly and protected with strong security measures.

Single Select: Which feature in AWS allows you to control who is authenticated (signed in) and authorized (have permissions) to use resources?

  • A) IAM
  • B) EC2
  • C) S3
  • D) DynamoDB

Answer: A) IAM

Explanation: AWS Identity and Access Management (IAM) controls who is authenticated and authorized to use resources, making it a key component of data access and governance.

Interview Questions

What is the AWS service that provides data governance and compliance solutions?

AWS features a service called AWS GovCloud (US) which assists customers with data-sensitive workloads and strict compliance and regulatory requirements.

Which AWS service should you use to track changes in AWS resources for governance, compliance, operational auditing, and risk auditing purposes?

AWS Config is used to track changes in AWS resources.

What is Amazon S3 used for in terms of data governance?

Amazon Simple Storage Service (S3) is used for backup, restore, and archive operations, and supports policy-based management for data governance.

How does AWS help ensure that access to data is suitably regulated?

AWS helps regulate data access through Identity and Access Management (IAM) service, which enables you to manage access to AWS services and resources securely.

What function does AWS Key Management Service (KMS) provide in relation to data governance?

AWS KMS provides encryption and key management service which is designed to help protect data across AWS services and your applications.

What AWS service allows users to manage secure access to AWS services and resources through policies?

The Amazon Web Services (AWS) Identity and Access Management (IAM) allows users to manage secure access to AWS services and resources through policies.

How can businesses ensure that their data is stored and handled in compliance with regional laws when employing AWS services?

With the AWS GovCloud (US), businesses have the ability to execute restricted data processing in an environment which adheres closely to specific U.S. regulatory standards, ensuring data is handled in compliance with regional laws.

Which AWS service assists in achieving continuous monitoring and operational auditing?

AWS CloudTrail assists in achieving continuous monitoring and operational auditing.

What does AWS Lambda allow developers to do in terms of data access and governance?

AWS Lambda allows developers to run code without provisioning or managing servers, facilitating the automatic execution of policies when certain changes occur to data access.

How does Amazon Macie protect sensitive data?

Amazon Macie uses machine learning to recognize sensitive data such as personally identifiable information (PII) and provides dashboards and alerts that give visibility into how data is being accessed or moved.

What role does AWS Shield play in data access and governance?

AWS Shield provides managed Distributed Denial of Service (DDoS) protection to safeguard applications and data from infrastructure layer DDoS attacks.

Can you restrict AWS resource permissions to only certain users using IAM?

Yes, AWS IAM lets you manage access to AWS services and resources by creating users and groups, and setting permissions to allow or deny their access to AWS resources.

What is the function of AWS Secrets Manager in the context of data governance?

AWS Secrets Manager protects access to applications, services, and IT resources without upfront long-term commitment. This eliminates the upfront and on-going expense and time to manage secrets and protect access to your applications and data.

How does AWS Certificate Manager (ACM) contribute to data governance?

AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.

What is AWS CloudHSM, and what is its purpose?

AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys. It’s designed to help satisfy compliance requirements for data security by using dedicated Hardware Security Module (HSM) instances within a VPC.

Related Post

AWS Certified Solutions Architect - Associate (SAA-C03)

Multi-tier architectures

extutorials.com
AWS Certified Solutions Architect - Associate (SAA-C03)

Caching strategies and services (for example, Amazon ElastiCache)

extutorials.com
AWS Certified Solutions Architect - Associate (SAA-C03)

Storage access patterns

extutorials.com

Leave a Reply

Your email address will not be published. Required fields are marked *

You Missed

AZ-900 Microsoft Azure Fundamentals

Describe Azure Resource Manager and Azure Resource Manager templates (ARM templates)

AZ-900 Microsoft Azure Fundamentals

Describe virtual networking, including the purpose of Azure Virtual Networks, Azure virtual subnets, peering, Azure DNS, Azure VPN Gateway, and Azure ExpressRoute

AZ-900 Microsoft Azure Fundamentals

Describe the purpose of Azure Arc

AZ-900 Microsoft Azure Fundamentals

Identify appropriate use cases for each cloud service (IaaS, PaaS, SaaS)