Practice Test
True or False: Amazon Cognito can be used to add user sign-up and sign-in to your mobile and web apps.
Answer: True
Explanation: Amazon Cognito allows you to add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily.
Which of these is not a use case of Amazon Cognito?
- a. User Sign-Up and Sign-In
- b. Managing user identities, including social and enterprise identity providers
- c. Performing real-time threat detection and anomaly detection
- d. Accessing resources securely after sign-in
Answer: c. Performing real-time threat detection and anomaly detection
Explanation: Amazon Cognito is used for managing user identities and secure access, not for threat detection.
What is the primary function of Amazon GuardDuty?
- a. Access Management
- b. Data Management
- c. Threat Detection
- d. Network Management
Answer: c. Threat Detection
Explanation: Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior.
True or False: Amazon Macie is used to protect your AWS workloads against ransomware.
Answer: False
Explanation: Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data like Personally Identifiable Information (PII).
Which of these is not a function of Amazon GuardDuty?
- a. Monitor for compromised instances
- b. Protects data in transit
- c. Detect reconnaissance by attackers
- d. Manage user-sign up and sign-in
Answer: d. Manage user-sign up and sign-in
Explanation: GuardDuty is used for threat detection and protection, not for managing user sign-ins.
Multiple Select: Which of the following are features of Amazon Cognito?
- a. User pool
- b. Identity pool
- c. Data pool
- d. Storage pool
Answer: a. User pool, b. Identity pool
Explanation: Amazon Cognito consists of two components: User Pools, which handle user sign-up and sign-in, and Identity Pools, which grant users access to other AWS services.
True or False: You need to manually set up and maintain the infrastructure for Amazon Macie.
Answer: False
Explanation: Amazon Macie is a fully managed service; no customer maintained infrastructure is required.
Which of these AWS services provides a unified view of the security posture of your AWS accounts?
- a. Amazon Cognito
- b. Amazon GuardDuty
- c. Amazon Macie
- d. AWS Security Hub
Answer: d. AWS Security Hub
Explanation: AWS Security Hub gives you a comprehensive view of your high-priority security alerts and compliance status across your AWS accounts.
Amazon Macie uses what kind of technology to discover sensitive data such as PII?
- a. Data deduplication
- b. Machine learning
- c. Cryptography
- d. Parity checking
Answer: b. Machine learning
Explanation: Amazon Macie uses machine learning to automatically discover, classify, and protect sensitive data.
True or False: Amazon Cognito supports integration with social identity providers such as Facebook, Google, and Amazon.
Answer: True
Explanation: Amazon Cognito allows integration with social identity providers, including Facebook, Google, and Amazon, as well as enterprise identity providers via SAML
Amazon GuardDuty analyzes which of the following for threats?
- a. VPC Flow Logs
- b. DNS logs
- c. CloudTrail event logs
- d. All of the above
Answer: d. All of the above
Explanation: Amazon GuardDuty analyzes VPC Flow Logs, DNS logs, and CloudTrail event logs to identify threats.
Amazon Macie is most commonly used for which of the following?
- a. Securing RDS databases
- b. Protecting EC2 instances
- c. Discovering and protecting sensitive data across S3 resources
- d. Managing user permissions
Answer: c. Discovering and protecting sensitive data across S3 resources
Explanation: Amazon Macie is primarily used to identify and protect sensitive data within Amazon S
In Amazon Cognito, which of these is used to grant users permissions to access AWS services?
- a. User pool
- b. Identity pool
- c. Data pool
- d. Resource pool
Answer: b. Identity pool
Explanation: An Identity pool (federated identities) in Amazon Cognito is used to grant users the permissions they need to access other AWS services.
True or False: Amazon GuardDuty is a regional-based service, meaning findings are restricted to the region they were found in.
Answer: True
Explanation: Amazon GuardDuty is a regional service, so it generates findings only within the region that the resource resides in.
Which service would you use if you wanted to add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily?
- a. AWS CloudTrail
- b. Amazon Macie
- c. Amazon GuardDuty
- d. Amazon Cognito
Answer: d. Amazon Cognito
Explanation: Amazon Cognito is primarily used for managing user identities and secure access, allowing for easy sign-up, sign-in, and access control in web and mobile apps.
Interview Questions
What is Amazon Cognito and what is its primary use case?
Amazon Cognito is a service that helps you manage user identities for your applications across multiple devices. The primary use case is for adding sign-up, sign-in, and access control to your web and mobile apps quickly and easily.
How can Amazon GuardDuty be used within a business context?
Amazon GuardDuty is a threat detection service that uses machine learning, anomaly detection, and integrated threat intelligence in order to identify and prioritize potential threats. A typical use case can be monitoring the organization’s AWS accounts and workloads, and to protect them from possible threats.
What is the primary purpose of Amazon Macie?
Amazon Macie is an AI-powered security service that helps protect the sensitive data in AWS. It automatically discovers, classifies, and protects sensitive data such as Personal Identifiable Information (PII).
How can Amazon Cognito increase the security of mobile apps?
Amazon Cognito provides several security features for mobile apps. It allows you to authenticate users through social identity providers such as Facebook, Google, and Amazon. It also supports Guest access and has built-in security for handling password storage and encryption.
Can Amazon GuardDuty detect threats across all AWS accounts within a business?
Yes, GuardDuty can analyze AWS CloudTrail event logs, Amazon VPC Flow Logs and DNS logs to detect unexpected and potentially unauthorized and malicious activity across your AWS accounts.
Could you mention a use case where Amazon Macie can be used?
A typical use case for Amazon Macie is to discover and protect sensitive data like PII in S3 buckets. It uses machine learning to recognize sensitive data such as names or credit card numbers, and provides dashboards and alerts that give visibility into how this data is being accessed or moved.
How does Amazon Cognito help manage user data for websites?
Amazon Cognito keeps user data in sync across all devices and platforms. Users can login with the same identity, and Cognito enables the application to save user-related data locally on the device that is synchronized in the cloud.
How does Amazon GuardDuty protect an AWS infrastructure from threats?
Amazon GuardDuty continuously monitors for malicious or unauthorized behavior that could indicate a security threat to your AWS infrastructure. When a potential threat is detected, GuardDuty sends a detailed security alert to the GuardDuty console and AWS CloudWatch Events.
How does Amazon Macie help to maintain compliance for data?
Amazon Macie provides governance and compliance management features. It automates the process of discovering and classifying data, and provides dashboards and alerts that help to monitor and rectify any compliance violations.
Can Amazon Cognito work with external identity providers?
Yes. Amazon Cognito integrates with external identity providers via SAML or OIDC, providing a secure and scalable solution that supports a large number of users and a variety of sign-in options.
Does GuardDuty require any changes to the existing AWS applications or workloads?
No. GuardDuty is a threat-detection service that doesn’t require any changes to existing AWS applications or workloads. All threat detection is managed and applied at the AWS layer, meaning there’s no risk or impact to performance.
What type of data does Amazon Macie classify?
Amazon Macie can classify a wide range of data, including personally identifiable information (PII), financial information, API keys or secret key material and proprietary intellectual property.
extutorials.com