Quiz: Security & Compliance

Question

Time left

2mn 15s per Q

Score

0

What is the answer to this questions?


A

Choice 1

B

Choice 2

C

Choice 3

D

Choice 4

1 / 12
AWS Security Services

Security

This domain makes up 26% of the exam and includes the following 4 objectives:
1. Make authenticated calls to AWS services.
2. Implement encryption using AWS services.
3. Implement application authentication and authorization.
4. S3 encryption, Cognito, Security best practices, KMS, IAM, Secure authentication

1

Distributed Session Management
When dealing with session state in EC2-based applications using Elastic load balancers, distributed Session Management is generally thought of as the best practice for managing user sessions :
Having the ELB distribute traffic to all EC2 instances and then having the instance check a caching solution like ElastiCache running Redis or Memcached for session information

2

Security Token, Access Key ID, Secret Access Key
When requested through an STS API call, credentials are returned with Security Token, Access Key ID, Secret Access Key

3

AWS Secrets Manager
AWS Secrets Manager helps to protect the credentials needed to access databases, applications, services, and other IT resources. The service enables users to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Users and applications retrieve secrets with a call to the Secrets Manager APIs, eliminating the need to hard code sensitive information in plaintext. Secrets Manager offers secret rotation with built-in integration for Amazon RDS, Amazon Redshift, and Amazon DocumentDB.

4

Resource Policy
A resource policy can be used to grant API access to one AWS account to users in a different AWS account using Signature Version 4 (SigV4) protocols.

5

AWS Lambda function's execution role
An AWS Lambda function's execution role grants it permission to access AWS services and resources. Users provide this role when a function is created, and Lambda assumes the role when a function is invoked.

6

Snapshots
If a user copies an encrypted snapshot, the copy of the snapshot must also be encrypted. If a user copies an encrypted snapshot across Regions, users cannot use the same AWS KMS encryption key for the copy as used for the source snapshot, because KMS keys are Region-specific. Instead, users must specify a KMS key that is valid in the destination Region.

7

Lazy loading
Lazy loading is a concept where the loading of a record is delayed until it is needed. Lazy loading first checks the cache. If a record is not present, lazy loading retrieves the record from the database, and then stores the record in the cache.

8

EC2 instance key rotation
If an EC2 instance uses an instance role, key rotation is automatic and handled by IAM/STS.

9

VPC endpoints for Amazon S3
VPC endpoints for Amazon S3 provide secure connections to S3 buckets that do not require a gateway or NAT instances. NAT Gateways and Internet Gateways still route traffic over the Internet to the public endpoint for Amazon S3. There is no way to connect to Amazon S3 via VPN.

10

Retrieve User Data from running EC2
To retrieve user data from within a running instance, use the following URI:http://169.254.169.254/latest/user-data

11

What are Micro services, and how they control proficient DevOps rehearses?
Where In conventional engineering , each application is stone monument application implies that anything is created by a gathering of designers, where it has been sent as a solitary application in numerous machines and presented to external world utilizing load balances, where the micro services implies separating your application into little pieces, where each piece serves the distinctive capacities expected to finish a solitary exchange and by separating , designers can likewise be shaped to gatherings and each bit of utilization may pursue diverse rules for proficient advancement stage, as a result of spry improvement ought to be staged up a bit and each administration utilizes REST API (or) Message lines to convey between another administration. So manufacture and arrival of a non-strong form may not influence entire design, rather, some usefulness is lost, that gives the confirmation to productive and quicker CI/CD pipelines and DevOps Practices.

12

What is difference between docker image and docker container?
Docker image is a readonly template that contains the instructions for a container to start. Docker container is a runnable instance of a docker image

13

What is Application Containerization?
It is a process of OS Level virtualization technique used to deploy the application without launching the entire VM for each application where multiple isolated applications or services can access the same Host and run on the same OS.

14

What is Configuration Management?
Configuration Management is the System engineering process. Configuration Management applied over the life cycle of a system provides visibility and control of its performance, functional, and physical attributesrecording their status and in support of Change Management.
List the Software Configuration Management Features.
- Enforcement

- Cooperating Enablement

- Version Control Friendly

- Enable Change Control Processes

15

What Are the Benefits Of Nosql?
- Non-relationals and schema-less data models - Low latency and high performance - Highly scalable

AWS Training Videos