Practice Test

True or False: AWS Security Hub provides a centralized view of your high-priority security alerts and compliance status.

  • True
  • False

Answer: True

Explanation: AWS Security Hub gives you a comprehensive view of your high-priority security alerts and compliance status across AWS accounts.

True or False: Amazon GuardDuty is an AWS machine learning service that helps discover applications and services in your environment.

  • True
  • False

Answer: False

Explanation: Amazon GuardDuty is a threat detection service that continuously monitors for malicious and unauthorized behavior to protect your AWS accounts and workloads.

Which of these AWS services gives you visibility into resource configuration changes?

  • A. AWS Security Hub
  • B. Amazon GuardDuty
  • C. AWS Config
  • D. Amazon Inspector

Answer: C. AWS Config

Explanation: AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.

Which of these AWS services assesses applications for vulnerabilities or deviations from best practices, including impact and suggestions for improvements?

  • A. AWS Security Hub
  • B. Amazon GuardDuty
  • C. AWS Config
  • D. Amazon Inspector

Answer: D. Amazon Inspector

Explanation: Amazon Inspector is a security vulnerability assessment service that helps improve the security and compliance of applications deployed on AWS.

True or False: AWS Config provides an aggregated view of the audit findings from AWS Security Hub across all of your AWS Accounts.

  • True
  • False

Answer: False

Explanation: AWS Config is used for assessing, auditing, and evaluating configurations of your AWS resources, not for aggregating audit findings from AWS Security Hub.

Can Amazon GuardDuty be used to protect both your AWS accounts and workloads from threats?

  • A. Yes
  • B. No

Answer: A. Yes

Explanation: Amazon GuardDuty continuously monitors for malicious and unauthorized behavior to protect your AWS accounts and workloads.

True or False: AWS Config supports recording of software configuration within EC2 instances.

  • True
  • False

Answer: True

Explanation: Yes, through the AWS Config managed rule “ec2-instance-managed-by-ssm”, it can support recording of EC2 instance software configurations.

Which AWS service can automatically assess applications for vulnerabilities?

  • A. Amazon GuardDuty
  • B. AWS Security Hub
  • C. AWS Config
  • D. Amazon Inspector

Answer: D. Amazon Inspector

Explanation: Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.

True or False: If an unexpected behavior is detected in your AWS environment, Amazon GuardDuty can auto-remediate the issue.

  • True
  • False

Answer: False

Explanation: Amazon GuardDuty can detect malicious or unauthorized behavior and provides detailed results, but doesn’t auto-heal or auto-remediate issues.

Can AWS Config be used to track changes in the configuration of AWS resources?

  • A. Yes
  • B. No

Answer: A. Yes

Explanation: AWS Config provides a detailed view of the resource configuration history, which allows tracking changes.

Interview Questions

What is AWS Security Hub?

AWS Security Hub provides a comprehensive view of your high-priority security alerts and compliance status across AWS accounts. It aggregates, organizes, and prioritizes findings from AWS services such as Amazon Inspector, Amazon GuardDuty, and AWS Config.

What kind of information does an Amazon GuardDuty finding include?

Amazon GuardDuty findings include the account ID in which the finding was generated, a unique identifier for the finding, the region, whether the finding is new or existing, and its severity level.

Can AWS Config record all API calls for an account?

No, AWS Config does not record all API calls for an account. AWS Config captures changes made to supported resources but does not log every single API interaction with AWS services.

What does Amazon Inspector do?

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It assesses applications for vulnerabilities or deviations from best practices.

How does AWS Security Hub represent its findings?

AWS Security Hub uses the standard AWS Security Finding Format (ASFF) to represent its findings. The ASFF provides a single, consistent format for findings data coming into Security Hub.

Can you manually stop AWS Config from recording resource configurations?

Yes, you can choose to stop recording if you do not want AWS Config to record your resource configurations.

What threat insight can Amazon GuardDuty provide?

Amazon GuardDuty can provide threat insights based on machine learning and anomaly detection, such as unusual API calls or potentially unauthorized deployments.

What is an example of an AWS Config rule?

An AWS Config rule could, for example, check whether your Amazon S3 buckets are public or not. If the rule detects a non-compliant resource, AWS Config flags it.

How does Amazon Inspector help with compliance?

Amazon Inspector can automate your compliance auditing process by continuously scanning the systems for security vulnerabilities and deviations from predefined best practices, which helps maintain compliance with industry standards.

Does AWS Security Hub automatically remediate findings it detects?

No, AWS Security Hub does not automatically remediate findings. However, it can be used in tandem with automation workflows – such as those based on AWS Step Functions – to automatically address certain kinds of findings.

What is the main purpose of AWS Config’s configuration timeline?

The configuration timeline is a historical timeline view of changes that have occurred to the resource configurations. It aids in troubleshooting, security analysis, and change management.

Can Amazon GuardDuty analyse data across all AWS accounts within an organization?

Yes, Amazon GuardDuty can analyze data from multiple AWS accounts and consolidate findings into a single AWS account.

Can AWS Security Hub be integrated with third-party tools?

Yes, AWS Security Hub can be integrated with a broad array of third party tools such as SIEM platforms, ticketing systems, or incident management systems to ingest findings.

What is the relationship between AWS Config and AWS CloudTrail?

AWS CloudTrail logs API activity in an AWS account while AWS Config captures changes to resource configurations. Together, they provide comprehensive auditing capabilities for a broad range of compliance scenarios.

What are the benefits of integrating AWS Security Hub with Amazon Inspector?

By integrating AWS Security Hub with Amazon Inspector, organizations can better understand, manage, and reduce their security risks by utilizing Security Hub’s aggregation, organization and prioritization capabilities complemented by Amazon Inspector’s automated security assessments.

Leave a Reply

Your email address will not be published. Required fields are marked *