Which TWO benefits does cloud security on AWS provide to customers?

Inheritance of AWS compliance certifications

Built-in encryption options for many services

Elimination of all customer security duties

Direct customer access to AWS hardware

Customers manage data center physical security

Which TWO statements correctly describe encryption options on AWS? (Select all that apply)

TLS protects data while it moves over networks

S3 server-side encryption protects stored objects

HTTPS is only used between AWS services internally

Encryption at rest only applies to backups

Encryption is unavailable for AWS managed databases

What is the primary purpose of AWS Config in a governance strategy?

Record resource configurations and changes

Detect account compromise activity

Store downloadable compliance reports

Block malicious network traffic patterns

Which task is the customer's responsibility under the AWS shared responsibility model?

Patching guest operating systems on EC2

Securing the global network backbone

Maintaining physical data center access

Replacing failed storage hardware units

Which TWO services help investigate suspicious sign-in activity on an account?

AWS Artifact compliance reports

AWS Pricing Calculator estimates

Which service generates IAM credential reports useful for access reviews?

AWS IAM credential report feature

AWS Security Hub findings console

Amazon Inspector vulnerability scans

AWS Audit Manager evidence reports

Why must a customer verify a service's compliance scope before storing patient data in AWS?

HIPAA eligibility for workloads varies by service

All AWS services meet healthcare requirements automatically

AWS assigns compliance eligibility per customer account

Compliance requirements apply only to network services

Practice: AWS Cloud Security, Governance, and Compliance

Authored by Wayground CTE

Information technology (IT)

9th Grade

Blooms Level: Remember covered

Practice: AWS Cloud Security, Governance, and Compliance

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

19 questions

Show all answers

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which AWS service continuously monitors accounts for malicious activity using machine learning?

AWS Audit Manager

Amazon CloudWatch

Amazon Inspector

Amazon GuardDuty

Answer explanation

GuardDuty analyzes logs and network activity to detect threats using machine learning. Inspector scans workloads for software vulnerabilities, not malicious activity.

Tags

Blooms Level: Remember

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A developer enables HTTPS on a web application. Which encryption type is being used?

Encryption in transit

Tokenization of data

Client-side hashing

Encryption at rest

Answer explanation

HTTPS protects data moving between client and server, which is encryption in transit. Encryption at rest applies to stored data, such as an EBS volume.

Tags

Blooms Level: Apply

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which AWS service collects metrics and sends alarms for operational resource monitoring?

AWS Config

AWS CloudTrail

AWS Artifact

Amazon CloudWatch

Answer explanation

CloudWatch handles metrics, logs, and alarms for operational monitoring. CloudTrail is a common mix-up but tracks API activity, not performance metrics.

Tags

Blooms Level: Remember

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which service scans EC2 instances and container images for software vulnerabilities?

Amazon GuardDuty

AWS Security Hub

AWS Shield Standard

Amazon Inspector

Answer explanation

Inspector performs automated vulnerability assessments on workloads and container images. GuardDuty detects threats from account activity, not software flaws.

Tags

Blooms Level: Remember

MULTIPLE SELECT QUESTION

3 mins • 2 pts

Which TWO services help auditors review changes and activity in an AWS account?

Amazon Route 53

AWS CloudTrail

Amazon CloudFront

AWS Config

AWS Shield

Answer explanation

CloudTrail records API calls and Config tracks resource configuration changes. Together they support audit and governance reviews of account activity.

Tags

Blooms Level: Apply

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Where should a compliance officer download an SOC 2 report for an external audit?

AWS Audit Manager

AWS Security Hub

AWS Artifact

AWS Trusted Advisor

Answer explanation

Artifact is the self-service portal for AWS compliance reports and agreements. Audit Manager helps build your own audit evidence, not download AWS-issued reports.

Tags

Blooms Level: Apply

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which statement best describes the AWS approach to compliance across services?

Only EC2 services hold compliance certifications

Compliance scope varies by individual AWS service

All AWS services share identical compliance certifications

Compliance applies only in the United States

Answer explanation

Each AWS service is certified against specific frameworks; not every service holds every certification. Customers must verify service-level scope before assuming coverage.

Tags

Blooms Level: Understand

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Popular Resources on Wayground

20 questions

Math Review

Quiz

•

3rd Grade

15 questions

Fast food

Quiz

•

7th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

19 questions

Classifying Quadrilaterals

Quiz

•

3rd Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

10 questions

Identify Fractions, Mixed Numbers & Improper Fractions

Quiz

•

3rd - 4th Grade

Discover more resources for Information technology (IT)

20 questions

Cartoon Characters!

Quiz

•

KG - 5th Grade

10 questions

Movie Trivia

Quiz

•

KG - 2nd Grade

15 questions

Memorial Day Trivia

Quiz

•

KG - 12th Grade

12 questions

Name that Candy

Quiz

•

KG - 12th Grade

20 questions

Guess The App

Quiz

•

KG - Professional Dev...

20 questions

Guess that Disney

Quiz

•

KG - 5th Grade

16 questions

cartoons

Quiz

•

KG - 6th Grade

16 questions

Fun Fun Fun Fun!!!!!!!!!!!!!!

Quiz

•

KG - 5th Grade

Practice: AWS Cloud Security, Governance, and Compliance

Which AWS service continuously monitors accounts for malicious activity using machine learning?

GuardDuty analyzes logs and network activity to detect threats using machine learning. Inspector scans workloads for software vulnerabilities, not malicious activity.

A developer enables HTTPS on a web application. Which encryption type is being used?

HTTPS protects data moving between client and server, which is encryption in transit. Encryption at rest applies to stored data, such as an EBS volume.

Which AWS service collects metrics and sends alarms for operational resource monitoring?

CloudWatch handles metrics, logs, and alarms for operational monitoring. CloudTrail is a common mix-up but tracks API activity, not performance metrics.

Which service scans EC2 instances and container images for software vulnerabilities?

Inspector performs automated vulnerability assessments on workloads and container images. GuardDuty detects threats from account activity, not software flaws.

Which TWO services help auditors review changes and activity in an AWS account?

CloudTrail records API calls and Config tracks resource configuration changes. Together they support audit and governance reviews of account activity.

Where should a compliance officer download an SOC 2 report for an external audit?

Artifact is the self-service portal for AWS compliance reports and agreements. Audit Manager helps build your own audit evidence, not download AWS-issued reports.

Which statement best describes the AWS approach to compliance across services?

Each AWS service is certified against specific frameworks; not every service holds every certification. Customers must verify service-level scope before assuming coverage.

Which service centralizes security findings from GuardDuty, Inspector, and Macie into one dashboard?

Security Hub aggregates findings across security services into a unified view. CloudWatch monitors performance metrics, not consolidated security findings.

Which TWO benefits does cloud security on AWS provide to customers?

Customers inherit AWS controls and can enable native encryption features. AWS still owns physical security, and customers keep responsibility for their data.

Which service automates the collection of evidence for compliance audits?

Audit Manager continuously collects evidence mapped to compliance frameworks. Artifact only provides AWS-issued compliance reports for download, not automated evidence collection.

Access all questions and much more by creating a free account

Popular Resources on Wayground

Discover more resources for Information technology (IT)