Security - Part A - ExamsDigest Training

Which of the following is true regarding Amazon RDS encryption?

Encryption is always enabled by default.
Encryption is available only for specific database engines.
Encryption can be enabled or disabled at any time.
Encryption is performed using a user-defined encryption key.

Which of the following is a feature of Amazon S3 server-side encryption?

Correct Answer: B It encrypts data at rest with AES-256 encryption.

Explanation:Amazon S3 server-side encryption uses AES-256 encryption to encrypt data at rest. It does not use client-side encryption with AWS KMS-managed keys, nor does it encrypt data in transit using SSL/TLS. Although it is possible to use a user-defined encryption key, it is not a feature of Amazon S3 server-side encryption.

Option A is incorrect because Amazon S3 server-side encryption does not use client-side encryption with AWS KMS-managed keys.
Option C is incorrect because Amazon S3 server-side encryption does not encrypt data in transit using SSL/TLS.
Option D is incorrect because while it is possible to use a user-defined encryption key, it is not a feature of Amazon S3 server-side encryption.

It uses client-side encryption with AWS KMS-managed keys.
It encrypts data at rest with AES-256 encryption.
It encrypts data in transit using SSL/TLS.
It encrypts data using a user-defined encryption key.

A data scientist wants to use AWS CloudHSM to generate random numbers for cryptographic operations. Which of the following CloudHSM features should they use?

CloudHSM custom key store
CloudHSM high-availability cluster
CloudHSM Classic
CloudHSM single-tenant HSM

A data analyst wants to use AWS CloudHSM to store their encryption keys. Which of the following CloudHSM features should they use?

CloudHSM custom key store
CloudHSM high-availability cluster
CloudHSM Classic
CloudHSM single-tenant HSM

A data scientist wants to encrypt data on an EC2 instance using AWS KMS. Which of the following AWS KMS features should they use?

AWS KMS Customer Master Key
AWS KMS Envelope Encryption
AWS KMS Custom Key Store
AWS KMS Multi-Region Keys

A data analyst wants to use AWS KMS to protect their data at rest on Amazon S3. Which of the following AWS KMS features should they use?

Customer-managed CMKs
AWS-managed CMKs
AWS PrivateLink
AWS KMS Custom Key Store

A data scientist is working on a project that requires the use of client-side encryption with a high level of security. Which of the following encryption approaches will best suit their needs?

AClient-Side Encryption with AES-128
Client-Side Encryption with RSA-2048
Client-Side Encryption with AWS KMS-Managed Customer Master Key (CMK)
Client-Side Encryption with AWS CloudHSM-Managed Customer Master Key (CMK)

A data analyst is working on a project that requires the use of client-side encryption. Which of the following encryption approaches will best suit their needs?

Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)
Client-Side Encryption with AWS KMS-Managed Customer Master Key (CMK)
Client-Side Encryption with AWS CloudHSM-Managed Customer Master Key (CMK)

A data analyst needs to encrypt data stored in an Amazon EBS volume and is considering using server-side encryption with Amazon-managed keys (SSE-S3). Which of the following statements is true regarding SSE-S3?

SSE-S3 provides an audit trail of encryption and decryption activity.
SSE-S3 encrypts data using keys managed by AWS KMS.
SSE-S3 provides granular access controls for individual objects.
SSE-S3 provides client-side encryption for data at rest.

A data analyst needs to encrypt data stored in an Amazon S3 bucket and is considering using server-side encryption with AWS KMS-managed keys (SSE-KMS). Which of the following statements is true regarding SSE-KMS?

SSE-KMS encrypts data using keys managed by Amazon S3.
SSE-KMS provides client-side encryption for data at rest.
SSE-KMS provides granular access controls for individual objects.
SSE-KMS provides an audit trail of encryption and decryption activity.

A data analyst is working with a large dataset that contains sensitive customer data, and needs to mask some of the data fields to protect customer privacy. Which AWS service can the analyst use to meet this requirement?

Amazon QuickSight
Amazon Redshift
AWS Glue
Amazon SageMaker

A data analyst is working with sensitive customer data and needs to determine the encryption requirements for storing the data in an Amazon S3 bucket. The data should only be accessible by authorized users. Which AWS service can the analyst use to meet these requirements?

Amazon EMR
Amazon SNS
Amazon S3
AWS KMS

A data analyst needs to implement role-based access control for an Amazon Redshift cluster. Which of the following mechanisms should the analyst use to control access to the cluster?

IAM policies
Access keys
Presigned URLs
Cluster security groups

A data analytics team wants to implement role-based access control for an Amazon S3 bucket. Which of the following mechanisms should the team use to control access to the bucket?

IAM policies
Access keys
Presigned URLs
Bucket policies

A data analyst needs to control access to an Amazon RDS database instance. Which of the following mechanisms should the analyst use to control traffic to and from the instance?

AWS Firewall Manager
AWS KMS
Network ACLs
Security groups

A data analyst needs to implement access control for a new Amazon EC2 instance. Which of the following mechanisms should the analyst use to control traffic to and from the instance?

AWS WAF
AWS Shield
Security groups
Network ACLs

A data analyst needs to implement column-level permissions for a particular table in Amazon Athena. Which of the following authorization methods should the analyst use?

S3 bucket policies
AWS Key Management Service (KMS)
Identity and Access Management (IAM) policies
Encryption at rest

A data analyst needs to implement table-level permissions for a particular database in Amazon Redshift. Which of the following authorization methods should the analyst use?

IAM roles
Resource tags
Access keys
Password-based authentication

Which AWS service can be used to manage access to Amazon Redshift clusters?

Amazon Cognito
AWS Identity and Access Management (IAM)
AWS Security Token Service (STS)
AWS Key Management Service (KMS)

Which of the following statements is true about Access Control Lists (ACLs) in Amazon S3?

ACLs can only be used to control access to S3 buckets, not individual objects.
ACLs are more flexible than bucket policies and IAM policies for controlling access to S3 resources.
ACLs are only used for authentication, not authorization.
ACLs can grant or deny individual users or groups access to individual objects in an S3 bucket.

Which of the following AWS services allows you to use tags to control access to resources?

Amazon S3
Amazon EC2
AWS Identity and Access Management (IAM)
AWS Resource Access Manager (RAM)

Which of the following AWS services allows you to create policies that define who can access which resources within an AWS account?

Amazon EC2
Amazon S3
AWS IAM
mazon Redshift

Which of the following authentication methods can be used to grant temporary access to AWS resources?

AWS Identity and Access Management (IAM) roles
Security Assertion Markup Language (SAML)
OAuth
OpenID Connect (OIDC)

Which of the following authentication mechanisms can be used to provide secure access to an Amazon RDS instance?

Username and password
Multi-factor authentication (MFA)
AWS Identity and Access Management (IAM) roles
Security Assertion Markup Language (SAML)

A data analytics team is using AWS Managed Microsoft AD for authentication of their AWS resources. Which of the following is an appropriate way to implement SSO for AWS resources using AWS Managed Microsoft AD?

Use SAML-based federation with an external IdP.
Use OAuth 2.0 with an external IdP.
Use AWS SSO service with AWS Managed Microsoft AD.
Use OpenID Connect (OIDC) with an external IdP.

A data analytics team wants to implement Single Sign-On (SSO) for their AWS resources. Which of the following authentication methods is appropriate for implementing SSO?

Password authentication
IAM user authentication
Active Directory (AD) authentication
Certificate-based authentication

A data analytics team is implementing federated access for their AWS resources. They have decided to use OAuth 2.0 for this purpose. Which of the following is an appropriate authentication method for implementing federated access using OAuth 2.0?

Password authentication
MFA authentication
Identity provider (IdP) authentication
Certificate-based authentication

A data analytics team wants to enable federated access for their AWS resources. They have decided to use Security Assertion Markup Language (SAML) for this purpose. Which of the following is an appropriate authentication method for implementing federated access using SAML?

Password authentication
MFA authentication
IAM user authentication
Identity provider (IdP) authentication

Suppose a company wants to implement federated access for its AWS analytics environment. Which of the following is an appropriate authentication method for federated access?
A. AWS Identity and Access Management (IAM) user accounts
B. Web Identity Federation
C. AWS Single Sign-On (SSO)
D. Security Assertion Markup Language (SAML)

Correct Answer: C. AWS Single Sign-On (SSO)

AWS Single Sign-On (SSO) is an appropriate authentication method for federated access, as it allows users to sign in to the AWS environment using their existing credentials from their corporate directory. This enables organizations to manage user access and permissions centrally, reducing the administrative burden on IT teams.

Option A is incorrect: IAM user accounts are not an appropriate authentication method for federated access, as they require users to have an AWS account and associated credentials.
Option B is incorrect: Web Identity Federation is used to allow users to access AWS resources using credentials from third-party identity providers like Google, Facebook, or Amazon. It is not used for federated access.
Option D is incorrect: Security Assertion Markup Language (SAML) is a protocol used for exchanging authentication and authorization data between parties. While it is used in federated access scenarios, it is not an authentication method itself.

AWS Identity and Access Management (IAM) user accounts
Web Identity Federation
AWS Single Sign-On (SSO)
Security Assertion Markup Language (SAML)

A company wants to implement federated access for its AWS analytics environment, but it also wants to ensure that users are only able to access resources based on their roles and responsibilities within the organization. Which of the following mechanisms is an appropriate authorization method to meet this requirement?

AWS Identity and Access Management (IAM) policies
Resource-based policies
User-based policies
AWS Organizations service control policies (SCPs)

You are designing a data analytics solution on AWS for a company with multiple business units. The company wants to implement a single sign-on (SSO) solution for its employees to access the analytics solution. Which AWS service provides a managed SSO solution for AWS accounts and cloud applications?

AWS Cognito
AWS IAM
AWS Organizations
AWS SSO

Your company has a data analytics solution on AWS that uses multiple AWS services. You want to implement single sign-on (SSO) for your employees to access the solution. Which of the following is a common SSO standard that you can use to implement SSO for your AWS solution?

OAuth
SAML
OpenID Connect
LDAP

Which of the following is the most appropriate method to implement authentication for an Amazon S3 bucket?

Use AWS Identity and Access Management (IAM) roles
Use access keys
Use user-based authentication
Use resource-based policies

Which of the following is the most appropriate method to implement authentication for an Amazon RDS instance?

Use AWS Identity and Access Management (IAM) roles
Use access keys
Use user-based authentication
Use network access control lists (ACLs)

Which of the following is the most appropriate method to implement authorization for an Amazon S3 bucket?

Use AWS Identity and Access Management (IAM) policies
Use bucket policies
Use access control lists (ACLs)
Use resource-based policies

Which of the following is the most appropriate method to implement authorization for an Amazon EC2 instance?

Use AWS Identity and Access Management (IAM) policies
Use security groups
Use network access control lists (ACLs)
Use user-based policies

Which of the following is an appropriate method to implement Access Control Lists (ACL) in AWS?

Implementing AWS Identity and Access Management (IAM) roles
Using network security groups (NSGs) to control inbound and outbound traffic
Using AWS Key Management Service (KMS) to manage encryption keys
Implementing AWS Single Sign-On (SSO) for centralized user access management

Which of the following AWS services can be used to implement Access Control Lists (ACL) for controlling access to S3 buckets?

Amazon CloudFront
AWS Lambda
AWS Key Management Service (KMS)
Amazon S3 Bucket Policies

Which AWS service allows you to implement table/column level permissions for your data in Amazon S3?

AWS Identity and Access Management (IAM)
AWS Key Management Service (KMS)
Amazon Cognito
Amazon S3 Access Points

Which AWS service provides an SQL-based interface to grant or deny access to specific tables or columns in Amazon Aurora or Amazon Redshift?

Amazon Cognito
AWS Identity and Access Management (IAM)
AWS Secrets Manager
AWS Glue DataBrew

Which AWS service allows you to implement access control mechanisms at the network level, such as security groups, to control traffic to and from your Amazon EC2 instances?

Amazon Route 53
Amazon Virtual Private Cloud (VPC)
AWS Lambda
Amazon Elastic Container Service (ECS)

Which of the following statements accurately describes AWS security groups?

Security groups act as a firewall for your Amazon S3 buckets.
Security groups control access to your Amazon Redshift clusters.
Security groups are used to control inbound and outbound traffic to your Amazon EC2 instances.
Security groups provide authentication mechanisms for your AWS accounts.

Which AWS service allows you to implement role-based access control mechanisms to control access to your AWS resources?

AWS Identity and Access Management (IAM)
Amazon S3
Amazon Elastic Compute Cloud (EC2)
Amazon DynamoDB

Which of the following statements accurately describes role-based access control?

Role-based access control uses Access Control Lists (ACLs) to control access to resources.
Role-based access control uses IP addresses to control access to resources.
Role-based access control assigns roles to users or groups based on their job functions or responsibilities.
Role-based access control provides multi-factor authentication for AWS accounts.

Which of the following data types require encryption in transit and at rest for compliance with data protection regulations?

Non-sensitive data
Publicly available data
Personally identifiable information (PII)
Metadata

Which of the following techniques should be used to mask data in a development environment that contains personally identifiable information (PII)?

Tokenization
Obfuscation
Encryption
Redaction

Which of the following is an example of server-side encryption for data at rest in an AWS environment?

Using AWS Key Management Service (KMS) to encrypt Amazon S3 objects
Encrypting data using client-side encryption in an application before storing it in Amazon S3
Encrypting data using a third-party encryption tool before storing it in Amazon RDS
Using SSL/TLS to encrypt data in transit between an application and Amazon Redshift

Which of the following AWS services provides automatic server-side encryption for data at rest by default?

Amazon DynamoDB
Amazon ElastiCache
Amazon RDS
Amazon EC2

What is an example of a client-side encryption approach in an AWS environment?

Storing data in an Amazon S3 bucket with server-side encryption
Using Amazon RDS encryption at rest with AWS Key Management Service (KMS)
Encrypting data in an application before sending it to Amazon S3
Using Amazon Elastic Block Store (EBS) encryption at rest with AWS KMS

Which of the following AWS services supports client-side encryption by default for data stored in it?

Amazon RDS
Amazon Redshift
Amazon S3
Amazon Glacier

Security – Part A

Simulator Summary

Information

Results

Results

Categories

1. Question

2. Question

3. Question

4. Question

5. Question

6. Question

7. Question

8. Question

9. Question

10. Question

11. Question

12. Question

13. Question

14. Question

15. Question

16. Question

17. Question

18. Question

19. Question

20. Question

21. Question

22. Question

23. Question

24. Question

25. Question

26. Question

27. Question

28. Question

29. Question

30. Question

31. Question

32. Question

33. Question

34. Question

35. Question

36. Question

37. Question

38. Question

39. Question

40. Question

41. Question

42. Question

43. Question

44. Question

45. Question

46. Question

47. Question

48. Question

49. Question

50. Question