AWS Fundamentals: Addressing Security Risk Coursera All Quiz Answers

Here you can find all quiz answers of the AWS Fundamentals: Addressing Security Risk course. Amazon Web Services (AWS) is a cloud technology developed by Amazon. It was launched in 2002 more than 20 years ago. It provides on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered, pay-as-you-go basis.

We would highly suggest everyone study the course material, engage with the community and participate in the discussions. This will not only help you understand the course material better but also help you retain the knowledge for a longer time.

Table of Contents

AWS Fundamentals Addressing Security Risk All Weeek Quiz Answers

AWS Fundamentals: Addressing Security Risk Week 1 Quiz Answers

Q1. What security mechanism can add an extra layer of protection to your AWS account in addition to a username-password combination?

Transport Layer Protocol or TCP
Mult-factor Authentication or MFA
Iris Scan Service or ISS
Scure Bee Service or SBS

Q2. If a user wanted to read from a DynamoDB table what policy would you attach to their user profile?

AmazonDynamoDBFullAccess
AWSLambdaInvocation-DynamoDB
AmazonDynamoDBReadOnlyAccess
AWSLambdaDynamoDBExecutionRole

Q3. What are valid MFA or Multi-factor Authentication options available to use on AWS? Select all that apply.

Gemalto token
Blizzard Authenticator
yubiKey
Google Authenticator
AWS IoT button

Q4. What format is an Identity and Access Management policy document in?

XML
HTML
CSV
JSON

Q5. Which are valid options for interacting with your AWS account? Select all that apply.

Command Line Interface
Software Development Kit
Application Programming Interface
AWS Console

Week 1 Quiz 2

Q1. Which solution below grants AWS Management Console access to a DevOps engineer?

Enable Single sign-on on AWS accounts by using federation and AWS IAM
Create a user for the security engineer in AWS Cognito User Pool
Create IAM user for the engineer and associate relevant IAM managed policies to this IAM user
Use AWS Organization to scope down IAM roles and grant the security engineer access to this IAM roles

Q2. Which of these IAM policies cannot be updated by you?

managed policy
customer managed policy
inline policy
group policy

Q3. Which of these services can establish a trusted relationship between your corporate Active Directory and AWS?

Amazon Cognito
AWS SSO
IAM
AD Connector

Q4. What is the main difference between Cognito User Pool and Cognito Identity Pool?

User Pool cannot use public identity providers (e.g Facebook, Amazon, …) while Identity Pool can
Identity Pools provide temporary AWS credentials
Only User Pools has feature to enable MFA
User Pools support both authenticated and unauthenticated identities

Q5. How do you audit IAM user’s access to your AWS accounts and resources?

Using CloudTrail to look at the API call and timestamp
Using CloudWatch event to notify you when an IAM user sign in
Using AWS Config to notify you when IAM resources are changed
Use Trusted Advisor to show a list of sign in events from all users

AWS Fundamentals Addressing Security Risk Week 2 Quiz Answers

Q1. Which statement is true?

You can only attach 1 elastic network interface (ENI) to each EC2 instance launched in VPC
By default, each instance that you launch into a nondefault subnet has a public IPv4 address
To use AWS Private Link, the VPC is required to have a NAT device
Traffics within an Availability Zone, or between Availability Zones in all Regions, are routed over the AWS private global network

Q2. What is a Security Group?

Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level
Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level
Control who in your organization has permission to create and manage VPC flow logs
Capture information about the IP traffic going to and from network interfaces in your VPC

Q3. How many types of VPC Endpoints are available?

Many. Each AWS Service will be supported by 1 type of VPC Endpoints
Two: Amazon S3 and DynamoDB
Two: Gateway Endpoint and Interface Endpoint
One: VPC

Q4. Which of these AWS resources cannot be monitored using VPC Flow logs?

VPC
A subnet in a VPC
A network interface attached to EC2
An Internet Gateway attached to VPC

Q5. You can route traffic to a NAT Gateway through:

Site-to-Site VPN connection
AWS Direct Connect
VPC Peering
None of the above

Week 2 Quiz 2

Q1. What AWS Services keeps a record of who is interacting with your AWS Account?1 point

Amazon ServiceLog
Amazon Auditor
AWS AccountMonitor
AWS CloudTrail

Q2. Which of the following are monitoring and logging services available on AWS? Select all that apply.

AWS CloudWatch
AWS CloudLogger
Amazon Beehive
Amazon Config

Q3. Which of the following sections from Trusted Advisor exists under the Well-Architected Framework as a pillar as well?

Cost Transparency
Operational Excellence
Security
Fault Tolerance

Q4. If you wanted to accomplish threat detection in your AWS Infrastructure, which of the following services would you use?

AWS GuardDuty
Amazon ThreatDetector
Amazon S3
AWS DynamoDB

Q5. Which AWS Service has an optional agent that can be deployed to EC2 instances to perform a security assessment?

AWS Assessor
Amazon Inspector
AWS EC2Deploy
Amazon Agent

AWS Fundamentals Addressing Security Risk Week 3 Quiz Answers

Q1. What requirement must you adhere to in order to deploy an AWS CloudHSM?

Run the HSM in two regions
Provision the HSM in a VPC
Deploy an EBS volume for the HSM
Call AWS Support first to enable it

Q2. What AWS KMS keys are used to encrypt and decrypt data in AWS?

Customer master keys
AWS master keys
Seller recrypt keys
User recrypt keys

Q3. How much data can you encrypt/decrypt using a Customer Master Key?

Up to 4MB
Up to 4TB
Up to 1MB
Up to 4KB

Week 3 Quiz 2

Q1. The purpose of encrypting data when it is in transit between systems and services is to prevent (choose 3 correct answers):

unauthenticated server and client communication
eavesdropping
unauthorized alterations
unauthorized copying

Q2. Which protocol below is an industry-standard cryptographic protocol used for encrypting data at the transport layer?

HTTPS
TLS
X.509
IPSec

Q3. How do you encrypt an existing unencrypted EBS volume?

EBS volumes are encrypted at rest by default
Enable Encryption by Default feature
Take a snapshot for EBS volume, and create new encrypted volume for this snapshot
Enable encryption for EC2 instance, which will encrypt the attached EBS volumes

Q4. Can you encrypt just a subset of items in a DynamoDB table?

Yes
No

Q5. When you enable encryption for the RDS DB instance, what would not be encrypted?

JBDC connection
Transaction logs
Automated backups
Read Replicas
Snapshots

AWS Fundamentals: Addressing Security Risk Week 4 Quiz Answers

Q1. Which of the following are valid Pillars of the Well-Architected Framework? Choose two.

Security
Iinfrastructure
Cost Optimization
Redundancy
Speed

Q2. What language does Amazon Athena support?

SQL
Java
C++
dogescript

Q3. What is the name of the model that shows how security is handled by AWS and its customers in the AWS Cloud?

Cloud Security Model
Role Based Model
Shared Responsibility Model
AWS Authentication Model

Q4. What AWS service is best suited for storing objects?

Amazon Simple Storage Service
Amazon Elastic Beanstalk
Amazon DynamoDB
Amazon Object Store

Q5. What AWS service can be used to manage multiple AWS accounts for consolidated billing?

AWS Multiple-man
AWS Account Manager
AWS Billing
AWS Organizations

Q6. What type of database is Amazon DynamoDB?

Relational
NoSQL
OnlySQL
Dynamic

Q7. What is a customer access endpoint?

A customer token
A signed code segment
A URL entry point for a web service
A websocket for customer connections

AWS Fundamentals: Addressing Security Risk End of Course Assessment Answers

Questions of the End of Course Assessment of this course are randomly picked from quizzes. So check the above Quizzes for End, of Course, Assessment Quiz Answers.