0
0
AWScloud~20 mins

Security pillar principles in AWS - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Security Pillar Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Understanding the Principle of Least Privilege

Which option best describes the principle of least privilege in cloud security?

AAccess is granted only during business hours regardless of role.
BAll users have full access to all resources to ensure flexibility.
CUsers and systems are given only the permissions they need to perform their tasks, no more.
DPermissions are granted based on the user's seniority in the company.
Attempts:
2 left
💡 Hint

Think about minimizing access to reduce risk.

Architecture
intermediate
2:00remaining
Designing Secure Network Architecture

You want to design a secure network architecture in AWS. Which option correctly describes the use of security groups?

ASecurity groups act as virtual firewalls controlling inbound and outbound traffic at the instance level.
BSecurity groups automatically back up EC2 instances every hour.
CSecurity groups are used to encrypt data stored in S3 buckets.
DSecurity groups manage user permissions for AWS Management Console access.
Attempts:
2 left
💡 Hint

Think about controlling traffic to and from servers.

security
advanced
2:00remaining
AWS IAM Role Usage for Secure Access

Which option correctly explains why using AWS IAM roles is more secure than using long-term access keys?

AIAM roles provide temporary credentials that automatically expire, reducing risk if compromised.
BIAM roles allow unlimited access to all AWS services without restrictions.
CIAM roles require manual rotation of credentials every 30 days.
DIAM roles store user passwords securely in AWS Secrets Manager.
Attempts:
2 left
💡 Hint

Think about credential lifespan and risk.

Best Practice
advanced
2:00remaining
Implementing Multi-Factor Authentication (MFA)

What is the main security benefit of enabling Multi-Factor Authentication (MFA) on AWS accounts?

AIt automatically encrypts all data stored in AWS S3 buckets.
BIt requires users to provide two or more verification factors, making unauthorized access much harder.
CIt disables password login and allows only biometric access.
DIt grants users temporary admin privileges during login.
Attempts:
2 left
💡 Hint

Think about adding extra steps to prove identity.

service_behavior
expert
2:00remaining
AWS CloudTrail Behavior for Security Auditing

Which option correctly describes the behavior of AWS CloudTrail in relation to security auditing?

ACloudTrail encrypts data at rest in S3 but does not log any API activity.
BCloudTrail automatically blocks unauthorized API calls in real-time without user intervention.
CCloudTrail manages user permissions and access control policies for AWS resources.
DCloudTrail records API calls and events across AWS accounts, enabling detailed auditing of user and service activity.
Attempts:
2 left
💡 Hint

Think about tracking what actions happen in your AWS account.