Unit 1 - Practice Quiz

INT364 50 Questions
0 Correct 0 Wrong 50 Left
0/50

1 Which component of the AWS Global Infrastructure consists of one or more discrete data centers with redundant power, networking, and connectivity?

A. Edge Location
B. Availability Zone
C. AWS Region
D. Local Zone

2 Which factor should primarily be considered when choosing an AWS Region to reduce latency for end-users?

A. Number of Availability Zones
B. Compliance requirements
C. Cost of services
D. Proximity to the end-users

3 What is the primary function of AWS Edge Locations?

A. To host EC2 instances
B. To manage IAM policies
C. To store cold data archives
D. To provide low-latency content delivery via CloudFront

4 Which pillar of the AWS Well-Architected Framework focuses on the ability to run and monitor systems to deliver business value and to continually improve processes and procedures?

A. Performance Efficiency
B. Security
C. Reliability
D. Operational Excellence

5 Which design principle is recommended by the AWS Well-Architected Framework regarding capacity planning?

A. Always over-provision to ensure performance
B. Guess capacity needs based on averages
C. Manually adjust capacity once a month
D. Stop guessing capacity needs

6 In the Shared Responsibility Model, which of the following is the customer's responsibility?

A. decommissioning storage devices
B. Patching the underlying host infrastructure
C. Physical security of data centers
D. Client-side data encryption

7 What is the primary purpose of AWS Identity and Access Management (IAM)?

A. To manage DNS records
B. To deploy applications
C. To securely control access to AWS services and resources
D. To monitor network traffic

8 Which IAM entity represents a person or service that interacts with AWS?

A. IAM Group
B. IAM User
C. IAM Role
D. IAM Policy

9 What is the recommended best practice for the AWS account root user?

A. Enable Multi-Factor Authentication (MFA) and lock away credentials
B. Share the password with the development team
C. Use it for daily administrative tasks
D. Create access keys for the root user for API access

10 Which IAM feature allows you to associate permissions with a collection of users?

A. IAM Role
B. IAM Group
C. IAM Policy
D. Access Key

11 What format are IAM policies written in?

A. YAML
B. HTML
C. XML
D. JSON

12 Which principle suggests granting only the permissions required to perform a task?

A. Principle of Maximum Authority
B. Principle of Shared Responsibility
C. Principle of Root Access
D. Principle of Least Privilege

13 An IAM Role is best described as:

A. A permanent identity with long-term credentials
B. A group of users with shared permissions
C. A document defining password policies
D. An identity with permission policies that can be assumed by a user or service

14 What is the default effect of an IAM policy if no Allow or Deny is explicitly stated?

A. Conditional Allow
B. Explicit Deny
C. Implicit Deny
D. Implicit Allow

15 Which AWS service enables you to manage access across multiple AWS accounts centrally?

A. Amazon CloudWatch
B. AWS Config
C. Amazon Inspector
D. AWS Organizations

16 What mechanism allows users from an external identity provider (IdP) like Active Directory to access AWS resources without creating IAM users?

A. IAM Groups
B. Access Keys
C. Identity Federation
D. MFA

17 Which industry standard is commonly used for federating users into AWS?

A. SAML 2.0
B. FTP
C. HTTP
D. HTML5

18 To allow an application running on an EC2 instance to access an S3 bucket securely, what should you configure?

A. Make the S3 bucket public
B. Attach an IAM Role to the EC2 instance
C. Create a new IAM User for the instance
D. Embed Access Keys in the application code

19 Which API call is used to obtain temporary security credentials when assuming a role?

A. sts:GetSessionToken
B. iam:CreateUser
C. iam:GetRole
D. sts:AssumeRole

20 What is the primary service used for creating and managing cryptographic keys in AWS?

A. AWS Key Management Service (KMS)
B. AWS Shield
C. Amazon Macie
D. AWS Secrets Manager

21 Which type of encryption protects data while it is stored on a disk?

A. Encryption at Rest
B. SSL/TLS
C. Encryption in Transit
D. End-to-End Encryption

22 What does Server-Side Encryption (SSE) on Amazon S3 imply?

A. The data is encrypted during transfer over the internet only
B. AWS stores the encryption keys on the user's computer
C. AWS encrypts the data after it is received and before saving it to disk
D. The user encrypts data before uploading

23 Which AWS service protects against Distributed Denial of Service (DDoS) attacks?

A. AWS Artifact
B. AWS WAF
C. Amazon Inspector
D. AWS Shield

24 Which service helps protect your web applications from common web exploits like SQL injection and cross-site scripting?

A. AWS Shield
B. AWS WAF
C. AWS Firewall Manager
D. Amazon GuardDuty

25 Amazon GuardDuty is best described as:

A. An automated vulnerability assessment service
B. A firewall for EC2 instances
C. An intelligent threat detection service
D. A compliance reporting tool

26 Which service automatically discovers, classifies, and protects sensitive data (like PII) in AWS?

A. AWS Config
B. Amazon Inspector
C. Amazon Macie
D. AWS Secrets Manager

27 Which service is used to assess applications for exposure, vulnerabilities, and deviations from best practices?

A. AWS Trusted Advisor
B. Amazon Inspector
C. AWS Shield
D. AWS WAF

28 What does the 'Sustainability' pillar of the Well-Architected Framework focus on?

A. Ensuring high availability
B. Reducing cost
C. Minimizing the environmental impacts of running cloud workloads
D. Managing access controls

29 Which AWS service records API calls for your account and delivers log files to you?

A. AWS X-Ray
B. Amazon CloudWatch
C. AWS CloudTrail
D. AWS Config

30 In IAM, what is the 'PowerUserAccess' managed policy?

A. Full access to all services including IAM
B. Full access to all services excluding IAM management
C. Read-only access to all services
D. Access to billing information only

31 What feature allows you to grant cross-account access to S3 resources explicitly within the S3 service?

A. Security Groups
B. NACLs
C. Bucket Policies
D. Service Control Policies

32 Which cryptographic method uses a public key for encryption and a private key for decryption?

A. Hashing
B. Symmetric encryption
C. Asymmetric encryption
D. Obfuscation

33 What is 'Envelope Encryption'?

A. Encrypting the email used to send keys
B. Wrapping a physical hard drive in a secure envelope
C. Encrypting plaintext data with a data key, then encrypting the data key with a master key
D. Encrypting data only at the network edge

34 Which AWS feature can be used to ensure that EBS volumes created by users are always encrypted?

A. EBS Snapshots
B. VPC Flow Logs
C. AWS Config Rules
D. IAM Roles

35 When designing for failure in the Cloud, what is a key concept?

A. Vertical scaling only
B. Decoupling components
C. Tightly coupled components
D. Single point of failure

36 What is the purpose of Service Control Policies (SCPs) in AWS Organizations?

A. To manage encryption keys
B. To grant permissions to IAM users
C. To configure firewall rules
D. To define the maximum available permissions for member accounts

37 Which credential is required for programmatic access to AWS via the CLI?

A. Access Key ID and Secret Access Key
B. MFA Token only
C. User Name and Password
D. SSH Key Pair

38 What is the function of AWS Secrets Manager?

A. To rotate, manage, and retrieve database credentials and API keys
B. To encrypt EBS volumes
C. To firewall web applications
D. To store IAM user passwords

39 Which pillar of the Well-Architected Framework focuses on the ability to prevent financial loss?

A. Reliability
B. Cost Optimization
C. Performance Efficiency
D. Security

40 Which security service provides on-demand access to AWS compliance reports (e.g., SOC, PCI)?

A. Amazon Inspector
B. AWS Config
C. AWS Artifact
D. AWS Shield

41 In IAM, what is the 'Principal' in a policy statement?

A. The entity (user/role) allowed or denied access
B. The resource being accessed
C. The condition under which access is granted
D. The action being performed

42 What is the difference between a Security Group and a Network ACL (NACL)?

A. Security Groups are stateful; NACLs are stateless
B. Security Groups act at the subnet level; NACLs act at the instance level
C. There is no difference
D. Security Groups are stateless; NACLs are stateful

43 Which AWS service allows you to manage encryption keys in a dedicated, single-tenant hardware security module (HSM)?

A. Amazon S3
B. AWS CloudHSM
C. AWS Secrets Manager
D. AWS KMS

44 How often should IAM Access Keys be rotated according to best practices?

A. Regularly
B. Only when a breach occurs
C. Never
D. Once every 10 years

45 Which IAM tool helps you identify unused credentials and excessive permissions?

A. AWS Cost Explorer
B. AWS CloudFormation
C. IAM Credential Report / Access Analyzer
D. Route 53

46 If an explicit Deny and an explicit Allow exist for the same request, which one takes precedence?

A. Explicit Allow
B. The policy with the most permissions
C. The most recent policy
D. Explicit Deny

47 Which is a valid use case for Web Identity Federation?

A. Connecting an on-premise data center to VPC
B. Authenticating users via Google or Facebook to access AWS resources
C. Managing EC2 instances
D. Encrypting S3 buckets

48 What is the 'Condition' element in an IAM JSON policy used for?

A. To list the allowed actions
B. To specify the resource ARN
C. To define who can access the resource
D. To specify circumstances under which the policy grants permission

49 Which service acts as a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads?

A. Amazon Macie
B. Amazon GuardDuty
C. AWS Shield
D. AWS WAF

50 What type of scaling is described as adding more power (CPU, RAM) to an existing machine?

A. Diagonal Scaling
B. Horizontal Scaling
C. Vertical Scaling
D. Auto Scaling