Jason
/
safaribook-aws-certified-cloud-practitioner-exam-guide
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Page: chap4_qa
Pages
Home chap1 chap1_qa chap2 chap2_qa chap3 chap3_qa chap4 chap4_qa chap5 chap5_qa chap6 chap6_qa chap7 chap7_qa exam1_ans exam1_ques
2 chap4_qa
Jason Zhu edited this page 2022-10-06 23:52:37 +11:00
Table of Contents

Questions

Q1

You wish to deploy a dev and test environment on AWS. You want to ensure that your developers can access your AWS account using a highly secure authentication process and follow best practices. Which of the following two configuration options will help ensure enhanced security? (Choose two answers)

  1. Configure your IAM accounts with MFA.
  2. Configure your IAM password policy with complexity rules.
  3. Ensure you encrypt your EBS volumes.
  4. Create RDS databases with Multi-AZ.
  5. Provide the root account credential details to your developers.

ANS: 1 & 2 (Correct)

Q2

Your developer is working from home this weekend and needs to access your AWS account using the CLI to configure your RDS database from their local computer. Which type of IAM credentials would they need to configure the AWS CLI tool on their machine?

  1. IAM username and password
  2. Access key IDs and secret access keys
  3. Access keys and secret ID
  4. HTTPS

ANS: 2 (Correct)

Q3

Which AWS service enables you to troubleshoot your IAM policies and identify the sets of permissions that may be denying access to a given AWS service?

  1. IAM policy simulator
  2. CloudWatch
  3. CloudTrail
  4. IAM policy manager

ANS: 1 (Correct)

Q4

Which of the following AWS services is a better option to securely grant your application running on an EC2 instance access to a backend database running on Amazon RDS?

  1. Access keys
  2. IAM role
  3. IAM group
  4. Security group

ANS: 2 (Correct)

Q5

Which format are IAM policy documents written in?

  1. JSON
  2. YAML
  3. XML
  4. JAVA

ANS: 1 (Correct)

Q6

What best practice strategy should you follow when assigning permissions to IAM users and groups?

  1. Follow the principle of least privilege.
  2. Follow the principle of most privilege.
  3. Follow the ITIL principles.
  4. Follow the GDPR principle.

ANS: 1 (Correct)

Q7

Which IAM service enables you to effectively manage users by creating a collection of them based on their job function and assigning them permissions according to their roles to the entire collective?

  1. IAM groups
  2. IAM policies
  3. IAM collection
  4. IAM roles

ANS: 1 (Correct)

Q8

Which feature of IAM enables you to use your existing corporate Active Directory user credentials to log in to the AWS Management Console and therefore offer an SSO service?

  1. Identity federation
  2. IAM user database
  3. Active Directory users and computers
  4. MFA

ANS: 1 (Correct)

Q9

Which AWS service enables you to generate and download a report that lists your IAM users and the state of their various credentials, including passwords, access keys, and MFA devices?

  1. AWS policies
  2. AWS Explorer
  3. Credentials report
  4. User report

ANS: 3 (Correct)

Q10

Which AWS service is responsible for assigning and managing temporary credentials to entities that assume an IAM role?

  1. AWS Password Manager
  2. AWS Security Token Service
  3. AWS Credentials Manager
  4. AWS Credentials Report

ANS: 2 (Correct)