Practice Test
True or False: AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources.
A. True
B. False
Answer: A. True
Explanation: IAM allows you to manage access to AWS services and resources securely. You can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
Multiple select: Which of the following AWS services provide secure application access?
A. AWS IAM
B. AWS Cognito
C. AWS Compute Optimizer
D. AWS MACIE
Answer: A, B
Explanation: AWS IAM and Cognito are related to application access security. While IAM manages access to AWS services, Cognito provides simple and secure user sign-up, sign-in, and access control to web and mobile apps.
Single select: Which of the following is NOT a feature of AWS IAM?
A. Shared Access to Your AWS account
B. Granular Permissions
C. Centralized Control of AWS account
D. Unlimited scaling
Answer: D
Explanation: IAM does not provide unlimited scaling. It provides shared access, granular permissions, and centralized control to your AWS resources.
True or False: Amazon Cognito can directly integrate with on-premises Active Directory.
A. True
B. False
Answer: B. False
Explanation: Amazon Cognito does not directly integrate with on-premises Active Directory, it is used for user sign-up, sign-in, and access control to web and mobile apps.
Multiple select: In AWS IAM, which of the following are considered secure best practices?
A. Use IAM roles for applications that run on Amazon EC2 instances.
B. Grant everyone full access.
C. Rotate credentials regularly.
D. Use groups to assign permissions.
Answer: A, C, D
Explanation: Using IAM roles for EC2 instances, rotating credentials regularly, and assigning permissions via groups are best practices. Granting everyone full access is not a secure practice.
Single select: Which of the following provides serverless identity verification and user authentication?
A. Amazon Cognito
B. Amazon Connect
C. Amazon Redshift
D. Amazon EC2
Answer: A
Explanation: Amazon Cognito offers serverless identity verification and user authentication, making it easy for developers to add sign-up and sign-in functionality to their mobile and web applications.
True or False: It’s considered a secure practice to use root account credentials to access AWS resources.
A. True
B. False
Answer: B. False
Explanation: It is not considered a secure practice to use root account credentials to access AWS resources. Use of IAM users or roles is recommended.
Multiple select: Which of the following services would secure access to your AWS resources?
A. AWS Security Hub
B. AWS IAM
C. Amazon Inspector
D. Amazon Athena
Answer: A, B
Explanation: AWS Security Hub provides a comprehensive view of your security state in AWS and helps you detect security findings, while IAM is used to secure control access to AWS resources.
Single select: Which of the following Secure Token Service (STS) endpoints does not incur any costs with a signed request?
A. https://sts.amazonaws.com
B. https://sts.us-west-amazonaws.com
C. https://sts.local
D. All incur costs
Answer: A
Explanation: The global STS endpoint https://sts.amazonaws.com does not charge any fee when it receives a signed request.
True or False: A security group acts at the AWS account level.
A. True
B. False
Answer: B. False
Explanation: A security group operates at the instance level, not at the AWS account level.
Interview Questions
What is AWS Secure Token Service (STS) and how does it enable secure application access?
AWS Security Token Service (STS) is a web service that allows you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users. This service allows for secure application access by allowing an application to assume an IAM role for short-term access, limiting the exposure of security credentials and the possibility of credentials being compromised.
How does AWS Identity and Access Management (IAM) help in securing application access?
IAM is a feature of AWS that helps an account owner control who is authenticated (signed in) and authorized (has permissions) to use resources. It provides secure application access by controlling which users or applications can access which AWS resources and what actions they can perform on those resources.
What is a key mechanism for providing secure application access in AWS?
One of the key mechanisms for providing secure application access in AWS is IAM Roles. IAM Roles allow you to delegate permissions to AWS services or users without having to share AWS access keys, thus avoiding the need for long-term credentials.
What is Amazon Cognito and how it supports secure access?
Amazon Cognito is a service that offers an easy way to add user sign-in functionality to your applications. It manages user authentication and authorization processes, thus providing controlled secure access to your applications.
What is the importance of Multi-Factor Authentication (MFA) in AWS for securing application access?
MFA is an essential extra layer of protection for user identities. It adds a second step to the sign-in process and reduces the possibility of unauthorized access even if a user’s password gets compromised.
How does AWS Single Sign-On (SSO) enhance secure application access?
AWS SSO allows users to sign in to multiple AWS accounts and applications using a single set of credentials, managed centrally in AWS or any SAML-enabled identity source. This simplifies credentials management and increases the security of application access.
What tools does AWS provide to encrypt data and guarantee secure access to applications?
AWS provides tools like AWS KMS (Key Management Service) for creating and managing cryptographic keys and controlling their use across a wide range of AWS services and in your applications.
Which AWS service helps monitor and log events related to application access?
AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. By tracking user activity and API usage, CloudTrail helps detect unusual activity patterns and identify potential security issues.
What is AWS WAF and how it offers secure application access?
AWS WAF (Web Application Firewall) is a web firewall service that helps protect your applications from common web exploits like SQL injection and cross-site scripting (XSS). It blocks or allows traffic based on conditions defined in web access control lists (WebACLs).
What are security groups and how they can be used to secure application access in AWS?
Security groups act as a virtual firewall for your Amazon EC2 instances to control incoming and outgoing traffic. By configuring security group rules, you can ensure only legitimate users and applications have access to your AWS resources.
extutorials.com