AWS Shared Responsible Model
AWS Identity & Access Management (IAM)
Protect your infrastructure from DDoS attacks
Q1 - How would an AWS customer easily apply common access controls to a large set of users?
A. Apply an IAM policy to an IAM group.
B. Apply an IAM policy to an IAM role.
C. Apply the same IAM policy to all IAM users with access to the same workload.
D. Apply an IAM policy to an Amazon Cognito user pool.
Q2 - Under the shared responsibility model, which of the following tasks are the responsibility of the AWS customer? (Choose two.)
A. Ensuring that application data is encrypted at rest
B. Ensuring that AWS NTP servers are set to the correct time
C. Ensuring that users have received security training in the use of AWS services
D. Ensuring that access to data centers is restricted
E. Ensuring that hardware is disposed of properly
Q3 - Which of the following services falls under the responsibility of the customer to maintain operating system configuration, security patching, and networking?
A. Amazon RDS
B. Amazon EC2
C. Amazon ElastiCache
D. AWS Fargate
Q4 - Amazon Relational Database Service (Amazon RDS) offers which of the following benefits over traditional database management?
A. AWS manages the data stored in Amazon RDS tables.
B. AWS manages the maintenance of the operating system.
C. AWS automatically scales up instance types on demand.
D. AWS manages the database type.
Q5 - Which of the following is a component of the shared responsibility model managed entirely by AWS?
A. Patching operating system software
B. Encrypting data
C. Enforcing multi-factor authentication
D. Auditing physical data center assets
Q6 - Which of the following tasks is the responsibility of AWS?
A. Encrypting client-side data
B. Configuring AWS Identity and Access Management (IAM) roles
C. Securing the Amazon EC2 hypervisor
D. Setting user password policies
Q7 - According to the AWS shared responsibility model, what is the sole responsibility of AWS?
A. Application security
B. Edge location management
C. Patch management
D. Client-side data
Q8 - Which AWS IAM feature is used to associate a set of permissions with multiple users?
A. Multi-factor authentication
C. Password policies
D. Access keys
Q9 - Which of the following services provides on-demand access to AWS compliance reports?
A. AWS IAM
B. AWS Artifact
C. Amazon GuardDuty
D. AWS KMS
Q10 - As part of the AWS shared responsibility model, which of the following operational controls do users fully inherit from AWS?
A. Security management of data center
B. Patch management
C. Configuration management
D. User and access management
AWS Shared Responsibility Model* https://aws.amazon.com/compliance/shared-responsibility-model/
AWS IAM* https://aws.amazon.com/iam/
Amazon Inspector https://aws.amazon.com/inspector/
AWS Shield https://aws.amazon.com/shield/
AWS Compliance Center https://atlas.aws/
AWS Artifact https://aws.amazon.com/artifact/
AWS DDoS Best practice https://d1.awsstatic.com/whitepapers/Security/DDoS_White_Paper.pdf
Amazon GuardDuty https://aws.amazon.com/guardduty/
AWS Config https://aws.amazon.com/config/
AWS Trusted Advisor Best Practice https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/
AWS Shield Standard vs Advanced https://console.aws.amazon.com/wafv2/shield?#/ddp/onboard/info
How AWS Shield works https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html