Time limit: 0
Quiz Summary
0 of 20 Questions completed
Questions:
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Quiz complete. Results are being recorded.
Results
0 of 20 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- Not categorized 0%
-
Unfortunately, you didn’t pass the quiz, but hey, you have unlimited access.😎
Practice makes you perfect! 👊 -
Congratulations! 🥳
You have passed the quiz successfully! You are one step closer to pass the real exam!
We hope to see you again on another certification path.✌️
Good luck with the exam! Stay strong.👊
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- Current
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 20
1. Question
You are building an application that will be hosted in ECS which needs to be configured to run its tasks and services using the Fargate launch type. The application will have four different tasks where each task will access various AWS resources that are different from the other tasks.
Which of the following solutions can provide your application in ECS access to the required AWS resources?
CorrectIncorrect -
Question 2 of 20
2. Question
By default, Amazon S3 encrypts your data at the object level as it writes it to disks in its data centers and decrypts it when someone accesses it as long as the request is authenticated. Now, you need to add an extra layer of audit trail that shows when your Customer Master Keys (CMK) was used and by whom.
Which option will you choose to manage the encryption keys?
CorrectIncorrect -
Question 3 of 20
3. Question
For compliance purposes, you need to assess how well your resource configurations comply with internal practices, industry guidelines, and regulations.
Which of the following tools will you use to meet the requirement?
CorrectIncorrect -
Question 4 of 20
4. Question
Your company is using AWS Organizations to manage its multiple AWS accounts which are being used by its IT, accounting, and HR departments. To avoid security issues, it is of utmost importance to test the impact of service control policies (SCPs) on your IAM policies and resource policies before applying them.
Which of the following AWS services can you use to test and troubleshoot IAM and resource-based policies?
CorrectIncorrect -
Question 5 of 20
5. Question
Imagine that your organization has multiple AWS accounts to isolate a development environment from a production environment. Users in the development account might occasionally need to access resources in the production account.
What is the most efficient way to promote an update from the development environment to the production environment?
CorrectIncorrect -
Question 6 of 20
6. Question
In which of the following scenarios you DON’T need to contact your administrator to help you diagnose and fix common issues that you might encounter when working with Systems Manager and IAM?
CorrectIncorrect -
Question 7 of 20
7. Question
Which of the following lifecycle event hooks runs last in an Amazon ECS deployment?
CorrectIncorrect -
Question 8 of 20
8. Question
You are preparing the CodeDeploy application specification (AppSpec) that uses AWS Lambda compute platform. In the deployment, you need to configure CodeDeploy to run a task after the traffic is shifted to the deployed Lambda function version.
Which deployment lifecycle will you configure in this scenario?
CorrectIncorrect -
Question 9 of 20
9. Question
Your organization already uses an identity provider software package such as Microsoft Active Directory that supports SAML 2.0 (Security Assertion Markup Language 2.0).
Which of the following solution will you implement if the users that have identities in Microsoft Active Directory need to work with AWS resources?
CorrectIncorrect -
Question 10 of 20
10. Question
You are working on a project that uses Microsft SQL Server 2019 Standard Edition for a database. To add an extra layer of security you need to configure the DB to encrypts data before it is written to storage, and automatically decrypts data when the data is read from storage.
Which of the following actions will you follow to achieve this?
CorrectIncorrect -
Question 11 of 20
11. Question
AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management.
Which of the following Parameter Store features can benefit your organization? (Choose all that apply.)
CorrectIncorrect -
Question 12 of 20
12. Question
You are using a Lambda authorizer (formerly known as a custom authorizer) to control access to your API. You need to implement a custom authorization scheme that uses a bearer token authentication strategy such as OAuth to determine the caller’s identity.
Which of the following methods should you implement to meet the requirement?
CorrectIncorrect -
Question 13 of 20
13. Question
You are using the AWS Key Management Service (KMS) to create and manage encryption keys across a wide range of AWS services, and also to add an extra layer of security in your application.
Which of the following types of Customer master keys (CMKs) would you choose to have full control over these CMKs, including establishing and maintaining their key policies?
CorrectIncorrect -
Question 14 of 20
14. Question
One of the most important things you can do as a customer to ensure the security of your resources is to maintain careful control over who has access to them. This is especially true if any of your AWS users have programmatic access. Programmatic access allows you to invoke actions on your AWS resources either through an application that you write or through a third-party tool.
Which of the following actions are considered best practices to help you protect your account and prevent accidental or malicious account activity? (Choose all that apply.)
CorrectIncorrect -
Question 15 of 20
15. Question
Which of the following is the practice of encrypting plaintext data with a data key, and then encrypting the data key under another key?
CorrectIncorrect -
Question 16 of 20
16. Question
You are building the cloud architecture of an application that will be hosted in an EC2 instance. The application will process the data and it will upload the results to an S3 bucket.
Which of the following is the best approach to implement this architecture?
CorrectIncorrect -
Question 17 of 20
17. Question
You want to add multi-factor authentication (MFA) to increase the security of your app by adding another authentication method, and not relying solely on user name and password.
Which of the following step is a prerequisite before starting the configuration?
CorrectIncorrect -
Question 18 of 20
18. Question
Many companies that distribute content over the internet want to restrict access to documents, business data, media streams, or content that is intended for selected users, such as users who have paid a fee.
What they can do to securely serve this private content over the internet?
CorrectIncorrect -
Question 19 of 20
19. Question
Which of the following AWS Services enables you to replace hardcoded credentials in your code with an API to ensure that the secret can’t be compromised by someone examining your code?
CorrectIncorrect -
Question 20 of 20
20. Question
You are developing an application that uses Amazon S3. During development, you use your testing-only AWS account to create a bucket named my-data-test, and configures your application to make requests to my-data-test. You are deploying your application, but you forgot to reconfigure the application to use a bucket in your production AWS account. In production, your application makes requests to my-data-test, which succeeds. This results in production data being written to the bucket in your test account.
Which of the following features should you use in order to prevent this scenario from happening again?
CorrectIncorrect