Module 9: Knowledge Check AWS Academy Cloud Architecting [102862]

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/9

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 5:51 PM on 4/28/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

10 Terms

1
New cards

Which are characteristics of an AWS Identity and Access Management (IAM) group? (Select TWO.)

A) A group can belong to another group.

B) A user can belong to more than one group.

C) A group can have security credentials.

D) New users added to a group inherit the group's permissions.

E) Permissions in a group policy always override permissions in a user policy.

B, D - A user can belong to more than one group, New users added to a group inherit the group's permissions.

2
New cards

What is an advantage of using attribute-based access control (ABAC) over role-based access control (RBAC)?

A) ABAC requires less testing than RBAC.

B) ABAC permissions explicitly identify the resources that they protect.

C) ABAC will likely require fewer policies than RBAC.

D) ABAC permissions are more secure than RBAC permissions.

C ABAC will likely require fewer policies than RBAC

3
New cards

A developer is a member of an AWS Identity and Access Management (IAM) group that has a group policy attached to it. The group policy allows access to Amazon S3 and Amazon EC2 and denies access to Amazon Elastic Container Service (Amazon ECS). The developer also has a user policy attached which allows access to Amazon ECS and Amazon CloudFront. WHich option describes the user's access?

A) Access to Amazon ECS and Amazon CloudFront, but no access to Amazon S3 and Amazon EC2

B) Access to Amazon S3 and Amazon EC2, but no access to Amazon ECS and Amazon CloudFront

C) Access to Amazon S3, Amazon EC2, and Amazon CloudFront, but no access to Amazon ECS

D) Access to Amazon S3, Amazon EC2, Amazon ECS, and Amazon CloudFront

C - Access to Amazon S3, Amazon EC2, and Amazon CloudFront, but no access to Amazon ECS

4
New cards

What is a benefit of identity federation with the AWS Cloud?

A) It eliminates the need for defining permissions in AWS Identity and Access Management (IAM) to secure the access to AWS resources.

B) It centralizes the storage and management of user identities inside of the AWS Cloud.

C) It assigns roles to authenticated users to control their access to AWS resources.

D) It enables the use of an external identity provider to authenticate workforce users and give them access to AWS resources.

D It enables the use of an external identity provider to authenticate workforce users and give them access to AWS resources

5
New cards

WHich service enables identity federation for accessing a web application running in the AWS Cloud?

A) AWS CloudHSM

B) AWS WAF

C) Amazon Cognito

D) AWS Key Management Service (AWS KMS)

C - Amazon Cognito

6
New cards

Which service helps centrally manage billing, control access, compliance and security, and share resources across multiple AWS accounts?

A) AWS Systems Manager

B) AWS Organizations

C) AWS Identity and Access Management (IAM)

D) Amazon Cognito

B AWS Organizations

7
New cards

A technology company has multiple production accounts grouped into a production organizational unit (OU) in AWS Organizations. The company wants to prevent all AWS Identity and Access Management (IAM) users in the production accounts from deleting AWS CloudTrail logs. How can a system administrator enforce this restriction?

A) Create an IAM policy and attach it to each IAM user in the production accounts.

B) Create a service control policy (SCP), and attach it to the production OU.

C) Create a tag policy and attach it to the production accounts.

D) Create an Amazon S3 bucket policy and associate with all buckets containing AWS CloudTrail logs.

B Create a service control policy (SCP), and attach it to the production OU.

8
New cards

A developer is writing a client application that encrypts sensitive data using a data key before sending it to a server application. The client application sends the data key to the server application so that the server application can decrypt the sensitive information. The developer is concerned that the confidentiality of the sensitive data might be compromised if the data key is stolen. Which type of encryption should the developer use to fully protect the sensitive information?

A) Asymmetric encryption

B) Symmetric encryption

C) Server-side encryption

D) Envelope encryption

D Envelope encryption

9
New cards

Which function does the AWS Key Management Service (AWS KMS) provide? (Select TWO.)

A) Authenticate external users

B) Create symmetric and asymmetric keys

C) Create AWS Identity and Access Management (IAM) access keys

D) Store encrypted data

E) Rotate Keys

B, E Create symmetric and asymmetric keys, Rotate Keys

10
New cards

Which AWS service discovers and protects sensitive information stored on Amazon S3 in an AWS account?

A) AWS Audit Manager

B) Amazon Macie

C) Amazon Detective

D) AWS Resource Access Manager (AWS RAM)

B Amazon Macie