AWS Associate & Security L-4
Alice's Secure AWS Adventure
Alice is a cloud engineer setting up a secure application on AWS.
First, she creates IAM (1) users and roles (7) to ensure only authorized people and services can access her resources. She uses policies (6) to define exactly what each role can and cannot do — a fine-grained control.
To monitor what’s happening in her AWS account, she enables CloudTrail (3), so every API call is logged. But that’s not enough — she wants real-time security alerts, so she turns on GuardDuty (2), which watches for suspicious activity, like unusual API usage or access from unknown IPs.
Next, she sets up her web app behind a Shield (4) service to protect it from DDoS attacks. On top of that, she configures Security Groups (10) — the virtual firewalls — to allow only necessary traffic into her EC2 instances.
Since her app stores personal user data in S3, Alice uses Macie (5) to automatically scan for PII (like emails or credit card numbers). She also enables KMS (8) to encrypt all sensitive data with managed keys.
When the app needs credentials to connect to a third-party API, Alice stores them securely in Secrets Manager (9), ensuring secrets are rotated automatically and not hardcoded in the app.
With everything in place, Alice feels confident her cloud setup is secure, compliant, and resilient against threats.
Question 1.
Which AWS service is ideal for serverless event-driven functions?
Question 2.
What service is used to store and retrieve any amount of object data?
Question 3.
Which AWS service decouples components using message queues?
Question 4.
What AWS service is best for caching frequently accessed data?
Question 5.
Which service provides global DNS management?
Question 6.
Which AWS service handles time-series monitoring and alarms?
Question 7.
What service manages secrets like API keys securely?
Question 8.
Which AWS storage service is designed for long-term archival ?
Question 9.
What AWS service supports automatic deployment of infrastructure using templates?
Question 10.
What service allows real-time analysis of streaming data?
Question 11.
Which database service is fully managed and supports SQL engines like MySQL and PostgreSQL?
Question 12.
What AWS service helps detect threats using machine learning?
Question 13.
What service allows traffic distribution across multiple EC2 instances?
Question 14.
Which service is used to connect on-premises networks to AWS securely?
Question 15.
Which tool lets you manage EC2 patching, automation, and state config?
Question 16.
Which AWS service is used to manage access to AWS resources?
Question 17.
Which AWS service records API calls for your account?
Question 18.
Which service protects applications from DDoS attacks?
Question 19.
What tool is used for data classification and PII detection in S3?
Question 20.
What is used to restrict network traffic to EC2 instances?
Question 21.
Which AWS service helps classify and protect sensitive data?
Question 22.
Which AWS service provides centralized logging?
Question 23.
Which AWS service scans for vulnerabilities in EC2 instances?
Question 24.
Which AWS feature controls user access permissions?
Question 25.
Which AWS service provides real-time threat intelligence?
Question 26.
Which AWS service prevents SQL injection and XSS attacks?
Question 27.
Which AWS feature enforces MFA (Multi-Factor Authentication)?
Question 28.
What AWS service allows federated access to AWS accounts?
Question 29.
What AWS service scans S3 buckets for security risks?
Question 30.
Which AWS security tool allows private network connections to AWS services?
Question 32.
Which service helps you securely manage and rotate encryption keys?
Question 33.
Which AWS service automatically remediates security compliance violations?