Knowledge Check

AWS Securing Access Knowledge Check

Question 1

Which statement reflects a design principle of the security pillar of the Well-Architected Framework?

• Apply security at all layers of an architecture. ✓
• Ensure that staff are actively monitoring potential risks manually.
• Do not deploy a solution to production until you’re certain that no security risks exist.
• Decentralize privilege management.

Question 2

Which statements about responsibility are accurate based on the AWS shared responsibility model? (Select TWO.)

• AWS is responsible for the configuration of security groups.
• AWS is responsible for host-based firewall configurations.
• Customers are responsible for the installation, maintenance, and decommissioning of the hardware that they use in the AWS data center.
• AWS is responsible for the physical security of data centers. ✓
• Customers are responsible for managing their user data. ✓

Question 3

Which options are characteristics of the principle of least privilege? (Select TWO.)

• Grant access only as needed. ✓
• Craft security policies that limit access to specific tasks. ✓
• Monitor actions and changes.
• Always use groups.
• Use encryption.

Question 4

Which statement about AWS Identity and Access Management (IAM) is true?

• With IAM, you can manage encryption for items that require encryption at rest.
• With IAM, you can grant principals granular access to resources. ✓
• IAM provides an audit trail of who performed an action, what action they performed, and when they performed it.
• IAM provides an extra layer of security by offering anomaly detection on resources.

Question 5

Which statements describe AWS Identity and Access Management (IAM) roles? (Select TWO.)

• They are uniquely associated to an individual.
• They provide permanent security credentials.
• Individuals, applications, and services can assume roles. ✓
• They can only be used by accounts that are associated to the person who creates the role.
• They provide temporary security credentials. ✓

Question 6

Which statement reflects a best practice for the root user on an AWS account?

• Create an admin user and perform most admin tasks with this user instead of the root user. ✓
• Create two root users with separate credentials and distribute them to two different individuals.
• Remove unneeded permissions from the root user account.
• To avoid getting locked out of the account, do not enable multi-factor authentication (MFA) on the root account.

Question 7

How does AWS Identity and Access Management (IAM) evaluate a policy?

• It checks for explicit allow statements before it checks for explicit deny statements.
• An explicit deny statement does not override an explicit allow statement.
• It checks for explicit deny statements before it checks for explicit allow statements. ✓
• If the policy doesn’t have any explicit deny statements or explicit allow statements, users have access by default.

Question 8

Which statement about AWS Identity and Access Management (IAM) policies is accurate?

• Resource-based policies are attached to a user, group, or role.
• Resource-based policies allow access by default.
• Identity-based policies can only be attached to a single entity.
• Identity-based policies are attached to a user, group, or role. ✓

Question 9

Which AWS Identity and Access Management (IAM) policy element includes information about whether to allow or deny a request?

• Effect ✓
• Principal
• Condition
• Action

Question 10

Which option accurately describes the statement element in an AWS Identity and Access Management (IAM) policy?

• The statement element contains other elements that together define what is allowed or denied. ✓
• A policy can only have one statement element.
• The statement element is an optional part of an IAM policy.
• The statement element does not apply to identity-based policies.