Question 1: Which solution below grants AWS Management Console access to a DevOps engineer?
A. Enable Single sign-on on AWS accounts by using federation and AWS IAM
B. Create a user for the security engineer in AWS Cognito User Pool
C. Create IAM user for the engineer and associate relevant IAM managed policies to this IAM user
D. Use AWS Organization to scope down IAM roles and grant the security engineer access to these IAM roles
Answer: 3. Create IAM user for the engineer and associate relevant IAM managed policies to this IAM user
Question 2: Which of these IAM policies cannot be updated by you?
A. Managed policy
B. Customer managed policy
C. Inline policy
D. Group policy
Answer: Inline policy
Question 3: Which of these services can establish a trusted relationship between your corporate Active Directory and AWS?
A. Amazon Cognito
B. AWS SSO
C. IAM
D. AD Connector
Answer: AD Connector
Question 4: What is the main difference between Cognito User Pool and Cognito Identity Pool?
A. User Pool cannot use public identity providers (e.g Facebook, Amazon, ...) while Identity Pool can
B. Identity Pools provide temporary AWS credentials
C. Only User Pools have the feature to enable MFA
D. User Pools support both authenticated and unauthenticated identities
Answer: User Pools support both authenticated and unauthenticated identities
Question 5: How do you audit IAM user’s access to your AWS accounts and resources?
A. Using CloudTrail to look at the API calls and timestamps
B. Using CloudWatch events to notify you when an IAM user signs in
C. Using AWS Config to notify you when IAM resources are changed
D. Use Trusted Advisor to show a list of sign-in events from all users
Answer: Using CloudTrail to look at the API calls and timestamps
Question 6: What security mechanism can add an extra layer of protection to your AWS account in addition to a username-password combination?
A. Transport Layer Protocol or TCP
B. Multifactor Authentication or MFA
C. Iris Scan Service or ISS
D. Secure Bee Service or SBS
Answer: Multifactor Authentication or MFA
Question 7: If a user wanted to read from a DynamoDB table, what policy would you attach to their user profile?
A. AmazonDynamoDBFullAccess
B. AWSLambdaInvocation-DynamoDB
C. AmazonDynamoDBReadOnlyAccess
D. AWSLambdaDynamoDBExecutionRole
Answer: AmazonDynamoDBReadOnlyAccess
Question 8: What are valid MFA or Multi-factor Authentication options available to use on AWS? Select all that apply.
A. Gemalto token
B. Blizzard Authenticator
C. YubiKey
D. Google Authenticator
E. AWS IoT button
Answer: Gemalto token, YubiKey, Google Authenticator
Question 9: What format is an Identity and Access Management policy document in?
A. XML
B. HTML
C. CSV
D. JSON
Answer: JSON
Question 10: Which are valid options for interacting with your AWS account? Select all that apply.
A. Command Line Interface
B. Software Development Kit
D. Application Programming Interface
E. AWS Console
Answer: Command Line Interface, Software Development Kit, Application Programming Interface, AWS Console
.png)
0 Comments