aws test quiz 9th - 12th Grade Quiz

1.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Your architecture consists of an Application Load Balancer front, an Auto Scaling Group of EC2 instances, backed by an RDS database. Your security team has notified you of cross-site scripting attacks and also SQL injection attacks on the application. You have been asked to take steps to quickly mitigate these attacks. What steps should you take?

Using the AWS WAF service, set up rules which block SQL injection, and cross-site scripting attacks. Associate the rules to the ALB.

Use Amazon Inspector to detect these attacks and manually block the IP addresses from which these attacks come.

Immediately block the offending IP addresses on the NACL.

Configure Amazon GuardDuty to prevent these attacks.

2.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You work for a doctor's surgery in New York City that has thousands of patients. The patients data is stored on-premises, but the backups need to be stored on S3 in the most secure way possible. Which of the following is the most secure way of achieving this?

Encrypt the data locally using your own encryption keys. Upload the data to AWS S3 using HTTP. Use AES 256 server side encryption on the S3 bucket to encrypt the bucket.

Store the data on AWS Fargate and use server-side encryption to encrypt the backups.

Upload the backups directly to a public S3 bucket.

Encrypt the data locally using your own encryption keys. Upload the data to AWS S3 using HTTPS. Use AES 256 server-side encryption on the S3 bucket to encrypt the bucket.

3.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You have a web application running on an Amazon EC2 instance in a Virtual Private Cloud (VPC). You want to allow external users to access your web server over HTTP (port 80) while keeping your server secure. Which of the following actions should you take regarding the associated security group?

Create an inbound rule in the security group that allows incoming traffic on port 80 from your office IP address.

Create an inbound rule in the security group that allows incoming traffic on port 80 from 0.0.0.0/0 (any IP address).

Create an outbound rule in the security group that allows outgoing traffic on port 80 to 0.0.0.0/0 (any IP address) and configure an inbound rule for responses.

You do not need to add rules, by default security groups allow all inbound traffic.

4.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

You are developing an application that will run on EC2 and requires secure access to a backend RDS (Relational Database Service) running on MySQL. The application needs to utilize credentials to access the RDS database while ensuring communication between the application and RDS is encrypted. What is the most secure method of doing this?

Create a Lambda function which creates an IAM user for the EC2 instances running the application to use, hard code the credentials into the application. Have the Lambda function reset the password for the IAM user every 6 hours and update the code in the application. Download the certificate bundle for the AWS Region where the RDS database resides and import this into the EC2 instance used for the application. Modify the parameter group for the MySQL RDS instance to set the require_secure_transport parameter to ON.

Create an IAM user with the necessary permissions to access the RDS database. Configure a credentials file on the EC2 instance running the application so the application can read the credentials from this file when needing to authenticate to the RDS database. Download the certificate bundle for the AWS Region where the RDS database resides and import this to the EC2 instance used for the application. Modify the parameter group for the Microsoft SQL Server RDS instance to set the force ssl flag to on.

Enable IAM Database Authentication on the MySQL RDS instance, create an IAM Role for RDS access, and then associate the IAM role with a database user in RDS. Download the certificate bundle for the AWS Region where the RDS database resides and import this into the EC2 instance used for the application. Modify the parameter group for the MySQL RDS instance to set the require_secure_transport parameter to ON.

Create an IAM User with the necessary permissions to access the RDS database. Configure a credentials file on the EC2 instance running the application, so the application can read the credentials from this file when needing to authenticate to the RDS database. Download the certificate bundle for the AWS Region where the RDS database resides and import this to the EC2 instance used for the application. Modify the parameter group for the MySQL RDS instance to set the require_secure_transport parameter to ON.

5.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A news media company is using an S3 bucket as a website to serve photos of television personalities within the company. The photos are intended to be served nationwide to local affiliates across the company, but you have found that these photos are being accessed and pirated for other websites not affiliated with the company. What can you do to stop this?

Use CloudFront on the front end to serve the photos.

Remove public read access from your bucket, then provide your users with presigned URLs to access the photos.

Set up an RDS database to store the photos. Make users register and log in to the site.

Use a Network Access Control List (NACL) to block the IP address of unauthorized users.

6.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You work for a real estate company that hosts some production services on AWS. Unfortunately, a junior system administrator leaves a CSV file containing Personally Identifiable Information (PII) about the businesses customers on a public S3 bucket. You need to prevent this from happening in the future. What AWS service uses machine learning (ML) and pattern matching to discover and protect PII?

Amazon GuardDuty

Amazon Macie

AWS Shield

AWS CloudTrail

7.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Jessica is a Database Administrator who has been given the task to migrate all the team Oracle databases running on on-premises virtual machines to the AWS cloud. During the migration efforts, it was requested that she find an automated way to convert to using an Amazon Aurora PostgreSQL database instead of Oracle as well as replicating any ongoing transactions during the migration itself.

Which AWS service configurations would Jessica use in this scenario?

Manually convert the Oracle database to PostgreSQL on-premises. Use AWS MGN to migrate the server to the AWS cloud. Then, create an AWS DMS task to replicate data changes only and configure the source as the on-premises PostgreSQL database VM and the target as the Amazon EC2 instance running PostgreSQL.

Use the Amazon Aurora Serverless migration conversion tool to easily convert to a PostgreSQL database during the migration.

Create a new AWS DMS task using the Migrate existing data and replicate ongoing changes (CDC) option to migrate to AWS while capturing changed data.

Use the AWS DMS SCT to enable CDC on the migration task so that changed data is captured during the migration efforts.

8.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A small financial technology company has decided to migrate all infrastructure to AWS. They do not have the budget to properly plan and refactor their infrastructure to fit AWS, so they have decided simply to lift-and-shift everything for now. The CEO and CTO have required that all on-premises applications and infrastructure be moved into AWS by end of year, and they will refactor at a later date.

Which solution is the best fit for their migration needs?

Use AWS DMS to migrate all infrastructure to AWS. Then use the AWS SCT to automatically refactor applications to make the best use of the AWS services.

Use AWS MGN to automate the process of lifting and shifting all infrastructure to AWS.

Use AWS MGN to automate the process of lifting and shifting all infrastructure to AWS, and enable the 'Refactor During Migration' option to automatically refactor applications to make the best use of the AWS service.

Use AWS DMS to migrate all infrastructure to AWS.

9.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You work for a medium-sized retail outlet that uses a payment processing system with a backend on AWS. Recently, you had an outage and you need to provision some AWS services locally on-site at each retail branch. This will consist of a small application that will process the transaction on-site and then transmit the processed transaction to the AWS backend when there is internet connectivity. If there is no connectivity, it will wait until there is and then transmit the transaction. You need to design a solution that will bring AWS on-site to the retail locations. The solution needs to account for the small physical space available in some of the stores. Which AWS service would achieve this?

AWS Outposts servers

Amazon S3 File Gateway

AWS Storage Gateway

AWS Outposts rack

10.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Your company has decided to begin migration efforts from on-premises data centers to the AWS cloud. Currently, the data centers host several virtual machines, including vSphere VMs and Hyper-V VMs. You have been asked to find the easiest and most efficient method of migrating all the VMs to AWS as Amazon EC2 AMIs, while also minimizing the potential downtime.

Which AWS service is the best fit for this?

Enable AWS DMS to incrementally perform migrations of all VMs in the data center.

Use AWS Refactor Service (AWS RFS) to incrementally perform migrations of all VMs in the data center.

Start the process via AWS Migration Hub to incrementally perform migrations of all VMs in the data center to AWS as AMIs for Amazon EC2.

Leverage the AWS Application Migration Service to incrementally perform migrations of all VMs in the data center to AWS as AMIs for Amazon EC2.

Create a free account and access millions of resources

Similar Resources on Quizizz

Popular Resources on Quizizz

Discover more resources for Computers