Security – Part A
Simulator Summary
0 of 50 Questions completed
Questions:
Information
You have already completed the simulator before. Hence you can not start it again.
Simulator is loading…
You must sign in or sign up to start the simulator.
You must first complete the following:
Results
Results
0 of 50 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- Current
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 50
1. Question
Which of the following is true regarding Amazon RDS encryption?
CorrectIncorrect -
Question 2 of 50
2. Question
Which of the following is a feature of Amazon S3 server-side encryption?
Correct Answer: B It encrypts data at rest with AES-256 encryption.
Explanation:Amazon S3 server-side encryption uses AES-256 encryption to encrypt data at rest. It does not use client-side encryption with AWS KMS-managed keys, nor does it encrypt data in transit using SSL/TLS. Although it is possible to use a user-defined encryption key, it is not a feature of Amazon S3 server-side encryption.
Option A is incorrect because Amazon S3 server-side encryption does not use client-side encryption with AWS KMS-managed keys.
Option C is incorrect because Amazon S3 server-side encryption does not encrypt data in transit using SSL/TLS.
Option D is incorrect because while it is possible to use a user-defined encryption key, it is not a feature of Amazon S3 server-side encryption.CorrectIncorrect -
Question 3 of 50
3. Question
A data scientist wants to use AWS CloudHSM to generate random numbers for cryptographic operations. Which of the following CloudHSM features should they use?
CorrectIncorrect -
Question 4 of 50
4. Question
A data analyst wants to use AWS CloudHSM to store their encryption keys. Which of the following CloudHSM features should they use?
CorrectIncorrect -
Question 5 of 50
5. Question
A data scientist wants to encrypt data on an EC2 instance using AWS KMS. Which of the following AWS KMS features should they use?
CorrectIncorrect -
Question 6 of 50
6. Question
A data analyst wants to use AWS KMS to protect their data at rest on Amazon S3. Which of the following AWS KMS features should they use?
CorrectIncorrect -
Question 7 of 50
7. Question
A data scientist is working on a project that requires the use of client-side encryption with a high level of security. Which of the following encryption approaches will best suit their needs?
CorrectIncorrect -
Question 8 of 50
8. Question
A data analyst is working on a project that requires the use of client-side encryption. Which of the following encryption approaches will best suit their needs?
CorrectIncorrect -
Question 9 of 50
9. Question
A data analyst needs to encrypt data stored in an Amazon EBS volume and is considering using server-side encryption with Amazon-managed keys (SSE-S3). Which of the following statements is true regarding SSE-S3?
CorrectIncorrect -
Question 10 of 50
10. Question
A data analyst needs to encrypt data stored in an Amazon S3 bucket and is considering using server-side encryption with AWS KMS-managed keys (SSE-KMS). Which of the following statements is true regarding SSE-KMS?
CorrectIncorrect -
Question 11 of 50
11. Question
A data analyst is working with a large dataset that contains sensitive customer data, and needs to mask some of the data fields to protect customer privacy. Which AWS service can the analyst use to meet this requirement?
CorrectIncorrect -
Question 12 of 50
12. Question
A data analyst is working with sensitive customer data and needs to determine the encryption requirements for storing the data in an Amazon S3 bucket. The data should only be accessible by authorized users. Which AWS service can the analyst use to meet these requirements?
CorrectIncorrect -
Question 13 of 50
13. Question
A data analyst needs to implement role-based access control for an Amazon Redshift cluster. Which of the following mechanisms should the analyst use to control access to the cluster?
CorrectIncorrect -
Question 14 of 50
14. Question
A data analytics team wants to implement role-based access control for an Amazon S3 bucket. Which of the following mechanisms should the team use to control access to the bucket?
CorrectIncorrect -
Question 15 of 50
15. Question
A data analyst needs to control access to an Amazon RDS database instance. Which of the following mechanisms should the analyst use to control traffic to and from the instance?
CorrectIncorrect -
Question 16 of 50
16. Question
A data analyst needs to implement access control for a new Amazon EC2 instance. Which of the following mechanisms should the analyst use to control traffic to and from the instance?
CorrectIncorrect -
Question 17 of 50
17. Question
A data analyst needs to implement column-level permissions for a particular table in Amazon Athena. Which of the following authorization methods should the analyst use?
CorrectIncorrect -
Question 18 of 50
18. Question
A data analyst needs to implement table-level permissions for a particular database in Amazon Redshift. Which of the following authorization methods should the analyst use?
CorrectIncorrect -
Question 19 of 50
19. Question
Which AWS service can be used to manage access to Amazon Redshift clusters?
CorrectIncorrect -
Question 20 of 50
20. Question
Which of the following statements is true about Access Control Lists (ACLs) in Amazon S3?
CorrectIncorrect -
Question 21 of 50
21. Question
Which of the following AWS services allows you to use tags to control access to resources?
CorrectIncorrect -
Question 22 of 50
22. Question
Which of the following AWS services allows you to create policies that define who can access which resources within an AWS account?
CorrectIncorrect -
Question 23 of 50
23. Question
Which of the following authentication methods can be used to grant temporary access to AWS resources?
CorrectIncorrect -
Question 24 of 50
24. Question
Which of the following authentication mechanisms can be used to provide secure access to an Amazon RDS instance?
CorrectIncorrect -
Question 25 of 50
25. Question
A data analytics team is using AWS Managed Microsoft AD for authentication of their AWS resources. Which of the following is an appropriate way to implement SSO for AWS resources using AWS Managed Microsoft AD?
CorrectIncorrect -
Question 26 of 50
26. Question
A data analytics team wants to implement Single Sign-On (SSO) for their AWS resources. Which of the following authentication methods is appropriate for implementing SSO?
CorrectIncorrect -
Question 27 of 50
27. Question
A data analytics team is implementing federated access for their AWS resources. They have decided to use OAuth 2.0 for this purpose. Which of the following is an appropriate authentication method for implementing federated access using OAuth 2.0?
CorrectIncorrect -
Question 28 of 50
28. Question
A data analytics team wants to enable federated access for their AWS resources. They have decided to use Security Assertion Markup Language (SAML) for this purpose. Which of the following is an appropriate authentication method for implementing federated access using SAML?
CorrectIncorrect -
Question 29 of 50
29. Question
Suppose a company wants to implement federated access for its AWS analytics environment. Which of the following is an appropriate authentication method for federated access?
A. AWS Identity and Access Management (IAM) user accounts
B. Web Identity Federation
C. AWS Single Sign-On (SSO)
D. Security Assertion Markup Language (SAML)Correct Answer: C. AWS Single Sign-On (SSO)
AWS Single Sign-On (SSO) is an appropriate authentication method for federated access, as it allows users to sign in to the AWS environment using their existing credentials from their corporate directory. This enables organizations to manage user access and permissions centrally, reducing the administrative burden on IT teams.
Option A is incorrect: IAM user accounts are not an appropriate authentication method for federated access, as they require users to have an AWS account and associated credentials.
Option B is incorrect: Web Identity Federation is used to allow users to access AWS resources using credentials from third-party identity providers like Google, Facebook, or Amazon. It is not used for federated access.
Option D is incorrect: Security Assertion Markup Language (SAML) is a protocol used for exchanging authentication and authorization data between parties. While it is used in federated access scenarios, it is not an authentication method itself.CorrectIncorrect -
Question 30 of 50
30. Question
A company wants to implement federated access for its AWS analytics environment, but it also wants to ensure that users are only able to access resources based on their roles and responsibilities within the organization. Which of the following mechanisms is an appropriate authorization method to meet this requirement?
CorrectIncorrect -
Question 31 of 50
31. Question
You are designing a data analytics solution on AWS for a company with multiple business units. The company wants to implement a single sign-on (SSO) solution for its employees to access the analytics solution. Which AWS service provides a managed SSO solution for AWS accounts and cloud applications?
CorrectIncorrect -
Question 32 of 50
32. Question
Your company has a data analytics solution on AWS that uses multiple AWS services. You want to implement single sign-on (SSO) for your employees to access the solution. Which of the following is a common SSO standard that you can use to implement SSO for your AWS solution?
CorrectIncorrect -
Question 33 of 50
33. Question
Which of the following is the most appropriate method to implement authentication for an Amazon S3 bucket?
CorrectIncorrect -
Question 34 of 50
34. Question
Which of the following is the most appropriate method to implement authentication for an Amazon RDS instance?
CorrectIncorrect -
Question 35 of 50
35. Question
Which of the following is the most appropriate method to implement authorization for an Amazon S3 bucket?
CorrectIncorrect -
Question 36 of 50
36. Question
Which of the following is the most appropriate method to implement authorization for an Amazon EC2 instance?
CorrectIncorrect -
Question 37 of 50
37. Question
Which of the following is an appropriate method to implement Access Control Lists (ACL) in AWS?
CorrectIncorrect -
Question 38 of 50
38. Question
Which of the following AWS services can be used to implement Access Control Lists (ACL) for controlling access to S3 buckets?
CorrectIncorrect -
Question 39 of 50
39. Question
Which AWS service allows you to implement table/column level permissions for your data in Amazon S3?
CorrectIncorrect -
Question 40 of 50
40. Question
Which AWS service provides an SQL-based interface to grant or deny access to specific tables or columns in Amazon Aurora or Amazon Redshift?
CorrectIncorrect -
Question 41 of 50
41. Question
Which AWS service allows you to implement access control mechanisms at the network level, such as security groups, to control traffic to and from your Amazon EC2 instances?
CorrectIncorrect -
Question 42 of 50
42. Question
Which of the following statements accurately describes AWS security groups?
CorrectIncorrect -
Question 43 of 50
43. Question
Which AWS service allows you to implement role-based access control mechanisms to control access to your AWS resources?
CorrectIncorrect -
Question 44 of 50
44. Question
Which of the following statements accurately describes role-based access control?
CorrectIncorrect -
Question 45 of 50
45. Question
Which of the following data types require encryption in transit and at rest for compliance with data protection regulations?
CorrectIncorrect -
Question 46 of 50
46. Question
Which of the following techniques should be used to mask data in a development environment that contains personally identifiable information (PII)?
CorrectIncorrect -
Question 47 of 50
47. Question
Which of the following is an example of server-side encryption for data at rest in an AWS environment?
CorrectIncorrect -
Question 48 of 50
48. Question
Which of the following AWS services provides automatic server-side encryption for data at rest by default?
CorrectIncorrect -
Question 49 of 50
49. Question
What is an example of a client-side encryption approach in an AWS environment?
CorrectIncorrect -
Question 50 of 50
50. Question
Which of the following AWS services supports client-side encryption by default for data stored in it?
CorrectIncorrect