Welcome to FrankensTest

1.- What is the primary function of the AWS IAM service?

1. Identity and access management

2. Access key management

3. SSH key pair management

4. Federated access management

2.- Which of the following are requirements you can include in an IAM password policy? (Select THREE.)

1. Require at least one uppercase letter.

2. Require at least one number.

3. Require at least one space or null character.

4. Require at least one nonalphanumeric character.

3.- Which of the following should you do to secure your AWS root user? (Select TWO.)

1. Assign the root user to the “admins” IAM group.

2. Use the root user for day-to-day administration tasks.

3. Enable MFA

4. Create a strong password.

4.- How does multi-factor authentication work?

1. Instead of an access password, users authenticate via a physical MFA device.

2. In addition to an access password, users also authenticate via a physical MFA device.

3. Users authenticate using tokens sent to at least two MFA devices.

4. Users authenticate using a password and also either a physical or virtual MFA device.

5.- Which of the following SSH commands will successfully connect to an EC2 Amazon Linux instance with an IP address of 54.7.35.103 using a key named mykey.pem?

1. echo "mykey.pem ubuntu@54.7.35.103" | ssh -i

2. ssh -i mykey.pem ec2-user@54.7.35.103

3. ssh -i mykey.pem@54.7.35.103

4. ssh ec2-user@mykey.pem:54.7.35.103 -i

6.- What’s the most efficient method for managing permissions for multiple IAM users?

1. Assign users requiring similar permissions to IAM roles.

2. Assign users requiring similar permissions to IAM groups.

3. Assign IAM users permissions common to others with similar administration responsibilities.

4. Create roles based on IAM policies, and assign them to IAM users.

7.- What is an IAM role?

1. A set of permissions allowing access to specified AWS resources

2. A set of IAM users given permission to access specified AWS resources

3. Permissions granted a trusted entity over specified AWS resources

4. Permissions granted an IAM user over specified AWS resources

8.- How can federated identities be incorporated into AWS workflows? (Select TWO.)

1. You can provide users authenticated through a third-party identity provider access to backend resources used by your mobile app.

2. You can use identities to guide your infrastructure design decisions.

3. You can use authenticated identities to import external data (like email records from Gmail) into AWS databases.

4. You can provide admins authenticated through AWS Microsoft AD with access to a Microsoft SharePoint farm running on AWS.

9.- Which of the following are valid third-party federated identity standards? (Select TWO.)

1. Secure Shell

2. SSO

3. SAML 2.0

4. Active Directory

10.- What information does the IAM credential report provide?

1. A record of API requests against your account resources

2. A record of failed password account login attempts

3. The current state of your account security settings

4. The current state of security of your IAM users’ access credentials

11.- What text format does the credential report use?

1. JSON

2. CSV

3. ASCII

4. XML

12.- Which of the following IAM policies is the best choice for the admin user you create in order to replace the root user for day-to-day administration tasks?

1. AdministratorAccess

2. AmazonS3FullAccess

3. AmazonEC2FullAccess

4. AdminAccess

13.- What will you need to provide for a new IAM user you’re creating who will use “programmatic access” to AWS resources?

1. A password

2. A password and MFA

3. An access key ID

4. An access key ID and secret access key

14.- What will IAM users with AWS Management Console access need to successfully log in?

1. Their username, account_number, and a password

2. Their username and password

3. Their account number and secret access key

4. Their username, password, and secret access key

15.- Which of the following will encrypt your data while in transit between your office and Amazon S3?

1. DynamoDB

2. SSE-S3

3. A client-side master key

4. SSE-KMS

16.- Which of the following AWS resources cannot be encrypted using KMS?

1. Existing AWS Elastic Block Store volumes

2. RDS databases

3. S3 buckets

4. DynamoDB databases

17.- What does KMS use to encrypt objects stored on your AWS account?

1. SSH master key

2. KMS master key

3. Client-side master key

4. Customer master key

18.- Which of the following standards governs AWS-based applications processing credit card transactions?

1. SSE-KMS

2. FedRAMP

3. PCI DSS

4. ARPA

19.- What is the purpose of the Service Organization Controls (SOC) reports found on AWS Artifact?

1. They can be used to help you design secure and reliable credit card transaction applications.

2. They attest to AWS infrastructure compliance with data accountability standards like Sarbanes–Oxley.

3. They guarantee that all AWS-based applications are, by default, compliant with Sarbanes–Oxley standards.

4. They’re an official, ongoing risk-assessment profiler for AWS-based deployments.

20.- What role can the documents provided by AWS Artifact play in your application planning? (Select TWO.)

1. They can help you confirm that your deployment infrastructure is compliant with regulatory standards.

2. They can provide insight into various regulatory and industry standards that represent best practices.

3. They can provide insight into the networking and storage design patterns your AWS applications use.

4. They represent AWS infrastructure design policy.

AWS Practitioner Chapter 05

Questions from the book AWS Certified Cloud Practitioner Study Guide by Ben Piper and David Clinton.