Question 1: Which statement is true?
You can only attach 1 elastic network interface (ENI) to each EC2 instance launched in VPC
By default, each instance that you launch into a nondefault subnet has a public IPv4 address
To use AWS Private Link, the VPC is required to have a NAT device
Traffics within an Availability Zone, or between Availability Zones in all Regions, are routed over the AWS private global network
Answer: Traffics within an Availability Zone, or between Availability Zones in all Regions, are routed over the AWS private global network
Question 2: What is a Security Group?
Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level
Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level
Control who in your organization has permission to create and manage VPC flow logs
Capture information about the IP traffic going to and from network interfaces in your VPC
Answer: Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level
Question 3: How many types of VPC Endpoints are available?
Many. Each AWS Service will be supported by 1 type of VPC Endpoints
Two: Amazon S3 and DynamoDB
Two: Gateway Endpoint and Interface Endpoint
One: VPC
Answer: Two: Gateway Endpoint and Interface Endpoint
Question 4: Which of these AWS resources cannot be monitored using VPC Flow logs?
VPC
A subnet in a VPC
A network interface attached to EC2
An Internet Gateway attached to VPC
Answer: An Internet Gateway attached to VPC
Question 5: You can route traffic to a NAT Gateway through:
Site-to-Site VPN connection
AWS Direct Connect
VPC Peering
None of the above
Answer: None of the above
Question 6: What AWS service keeps a record of who is interacting with your AWS Account?
Amazon ServiceLog
Amazon Auditor
AWS AccountMonitor
AWS CloudTrail
Answer: AWS CloudTrail
Question 7: Which of the following are monitoring and logging services available on AWS? Select all that apply.
AWS CloudWatch
AWS CloudLogger
Amazon Beehive
Amazon Config
Answer: AWS CloudWatch, Amazon Config
Question 8: Which of the following sections from Trusted Advisor exists under the Well-Architected Framework as a pillar as well?
Cost Transparency
Operational Excellence
Security
Fault Tolerance
Answer: Fault Tolerance
Question 9: If you wanted to accomplish threat detection in your AWS Infrastructure, which of the following services would you use?
AWS GuardDuty
Amazon ThreatDetector
Amazon S3
AWS DynamoDB
Answer: AWS GuardDuty
Question 10: Which AWS Service has an optional agent that can be deployed to EC2 instances to perform a security assessment?
AWS Assessor
Amazon Inspector
AWS EC2Deploy
Amazon Agent
Answer: Amazon Inspector
.png)
0 Comments