Danh sách quiz

Security Advanced

WAF, Shield, GuardDuty, Macie, Inspector, Secrets Manager, and advanced security patterns.

0/20 đã trả lời
  1. Câu 1. A company hosts a public-facing web application behind an Application Load Balancer. They want to block common web exploits such as SQL injection and cross-site scripting (XSS). Which AWS service should they use?
  2. Câu 2. A company needs to rate-limit API requests from individual IP addresses to prevent abuse of their API Gateway endpoint. They also want to automatically block IPs that exceed 2,000 requests in a 5-minute window. Which solution is MOST effective?
  3. Câu 3. A financial services company needs protection against sophisticated DDoS attacks with 24/7 access to the AWS DDoS Response Team (DRT) and cost protection for scaling during an attack. Which service tier should they subscribe to?
  4. Câu 4. A company subscribes to AWS Shield Advanced and experiences a volumetric DDoS attack that causes their Auto Scaling group to scale out significantly, increasing EC2 costs by $15,000. How can they recover these costs?
  5. Câu 5. A security team wants to continuously monitor their AWS accounts for malicious activity such as unauthorized API calls, cryptocurrency mining on EC2 instances, and compromised credentials. Which service provides this intelligent threat detection?
  6. Câu 6. A company enables GuardDuty across all accounts in their AWS Organization. They want to automatically remediate findings such as disabling compromised IAM access keys. Which integration should they implement?
  7. Câu 7. A healthcare company stores patient records in Amazon S3 and needs to automatically discover and classify sensitive data such as personally identifiable information (PII) and protected health information (PHI). Which service should they use?
  8. Câu 8. A company uses Amazon Macie to scan S3 buckets for sensitive data. They need to detect a custom data pattern (internal employee IDs in the format EMP-XXXXXX) that Macie does not recognize by default. How should they configure Macie?
  9. Câu 9. A company needs to automatically scan their EC2 instances and container images in ECR for software vulnerabilities and unintended network exposure. Which service provides this automated vulnerability management?
  10. Câu 10. A DevOps team wants to integrate vulnerability scanning into their CI/CD pipeline so that container images with critical vulnerabilities are blocked from being deployed to ECS. Which approach uses Amazon Inspector?
  11. Câu 11. A development team hard-codes database credentials in their application configuration files. The security team requires that credentials be stored securely and rotated automatically every 30 days. Which service should they use?
  12. Câu 12. A company uses AWS Secrets Manager to store RDS database credentials. They enable automatic rotation with a 30-day schedule. During the first rotation, the application experiences a brief connection failure. What is the MOST likely cause and recommended fix?
  13. Câu 13. A company needs to provision and manage SSL/TLS certificates for their Application Load Balancer and CloudFront distribution at no additional cost. Which service should they use?
  14. Câu 14. A company needs to use an ACM certificate with a CloudFront distribution. The certificate must cover both example.com and *.example.com. In which Region must the ACM certificate be created?
  15. Câu 15. A company uses GuardDuty, Inspector, Macie, and Firewall Manager across multiple accounts. They need a single pane of glass to view and prioritize all security findings with automated compliance checks against CIS AWS Foundations Benchmark. Which service provides this?
  16. Câu 16. A company enables AWS Security Hub with the AWS Foundational Security Best Practices standard. They want to automatically remediate failed checks, such as enabling S3 bucket encryption when it is found disabled. Which architecture should they implement?
  17. Câu 17. A company uses AWS WAF on their CloudFront distribution. They want to allow requests only from specific countries and block all others, while also protecting against known malicious IP addresses. Which combination of WAF rules should they configure?
  18. Câu 18. A multi-account organization needs to share a database secret stored in Secrets Manager in Account A with a Lambda function in Account B. What is the recommended approach?
  19. Câu 19. Amazon GuardDuty generates a finding of type 'CryptoCurrency:EC2/BitcoinTool.B!DNS' for an EC2 instance. What does this finding indicate, and what is the recommended immediate action?
  20. Câu 20. A company uses Amazon Inspector to scan their EC2 fleet. They receive a critical finding for CVE-2023-XXXXX on 50 instances running Amazon Linux 2. They need to patch all affected instances with minimal downtime. Which approach is MOST operationally efficient?