COURSE 2 – ADDRESSING SECURITY RISK QUIZ ANSWERS

Week 1

Coursera AWS Fundamentals Specialization

Enroll in AWS Fundamental Specialization

TABLE OF CONTENT

INTRODUCTION

We will review some basic concepts such as “least privilege” and the “Shared Responsibility Model.” You will learn about AWS compliance programs and look at securing AWS accounts using AWS IAM.

WEEK 1 QUIZ 1

1. What security mechanism can add an extra layer of protection to your AWS account in addition to a username password combination?

  • T​ransport Layer Protocol or TCP
  • M​ult-factor Authentication or MFA (CORRECT)
  • I​ris Scan Service or ISS
  • S​cure Bee Service or SBS

2. If a user wanted to read from a DynamoDB table what policy would you attach to their user profile?

  • AmazonDynamoDBFullAccess
  • AWSLambdaInvocation-DynamoDB
  • AmazonDynamoDBReadOnlyAccess (CORRECT)
  • AWSLambdaDynamoDBExecutionRole

3. What are valid MFA or Multi-factor Authentication options available to use on AWS? Select all  that apply.

  • Blizzard Authenticator
  • AWS IoT button
  • Gemalto token (CORRECT)
  • YubiKey (CORRECT)
  • Google Authenticator (CORRECT)

4. What format is an Identity and Access Management policy document in?

  • X​ML
  • H​TML
  • C​SV
  • J​SON (CORRECT)

5. Which are valid options for interacting with your AWS account? Select all that apply.

  • Command Line Interface (CORRECT)
  • Software Development Kit (CORRECT)
  • Application Programming Interface (CORRECT)
  • AWS Console (CORRECT)

WEEK 1 QUIZ 2

1. Which solution below grants AWS Management Console access to an DevOps engineer?

  • Enable Single sign-on on AWS accounts by using federation and AWS IAM
  • Create a user for the security engineer in AWS Cognito User Pool
  • Create IAM user for the engineer and associate relevant IAM managed policies to this IAM user (CORRECT)
  • Use AWS Organization to scope down IAM roles and grant the security engineer access to this IAM roles

2. Which of these IAM policies cannot be updated by you?

  • managed policy (CORRECT)
  • customer managed policy
  • inline policy
  • group policy

3. Which of these services can establish a trusted relationship between your corporate Active Directory and AWS?

  • Amazon Cognito
  • AWS SSO
  • I​AM
  • A​D Connector (CORRECT)

4. What is the main difference between Cognito User Pool and Cognito Identity Pool?

  • User Pool cannot use public identity providers (e.g Facebook, Amazon, …) while Identity Pool can
  • Identity Pools provide temporary AWS credentials (CORRECT)
  • Only User Pools has feature to enable MFA
  • User Pools support both authenticated and unauthenticated identities

5. How do you audit IAM user’s access to your AWS accounts and resources?

  • Using CloudTrail to look at the API call and timestamp (CORRECT)
  • Using CloudWatch event to notify you when an IAM user sign in
  • Using AWS Config to notify you when IAM resources are changed
  • Use Trusted Advisor to show a list of sign in events from all users

CONCLUSION

TBW