Share credentials so a colleague can perform a task for you
Do not enable MFA for easier access
Answer is Don't use the root user account
You only want to use the root account to create your first IAM user, and for a few account and service management tasks. For every day and administration tasks, use an IAM user with permissions.
Question 82
What are IAM Policies?
AWS services performable actions
JSON documents to define Users, Groups or Roles' permissions
Rules to set up a password for IAM Users
Answer is JSON documents to define Users, Groups or Roles' permissions
An IAM policy is an entity that, when attached to an identity or resource, defines their permissions.
Question 83
Under the shared responsibility model, what is the customer responsible for in IAM?
Infrastructure security
Compliance validation
Configuration and vulnerability analysis
Assigning users proper IAM Policies
Answer is Assigning users proper IAM Policies
Customers are responsible for defining and using IAM policies.
Question 84
Which of the following statements is TRUE?
The AWS CLI can interact with AWS using commands in your command-line shell, while the AWS SDK can interact with AWS programmatically.
The AWS SDK can interact with AWS using commands in your command-line shell, while the AWS CLI can interact with AWS programmatically.
Answer is The AWS CLI can interact with AWS using commands in your command-line shell, while the AWS SDK can interact with AWS programmatically.
Question 85
Which principle should you apply regarding IAM Permissions?
Grant most privilege
Grant least privilege
Grant permissions if your employee asks you to
Restrict root account permissions
Answer is Grant least privilege
That's right! Don't give more permissions than the user needs.
Question 86
What should you do to increase your root account security?
Enable Multi-Factor Authentication (MFA)
Remove permissions from the root account
Use AWS only through the Command Line Interface (CLI)
Answer is Enable Multi-Factor Authentication (MFA)
You want to enable MFA in order to add a layer of security, so even if your password is stolen, lost or hacked your account is not compromised.
Question 87
To install a PCI-compliant workload on AWS, which of the following tasks is required?
Use any AWS service and implement PCI controls at the application layer
Use an AWS service that is in-scope for PCI compliance and raise an AWS support ticket to enable PCI compliance at the application layer
Use any AWS service and raise an AWS support ticket to enable PCI compliance on that service
Use an AWS service that is in scope for PCI compliance and apply PCI controls at the application layer
Answer is Use an AWS service that is in scope for PCI compliance and apply PCI controls at the application layer
According to the AWS shared responsibility model, who is responsible for managing IAM user access and secret keys?
IAM access and secret keys are static, so there is no need to rotate them.
The customer is responsible for rotating keys.
AWS will rotate the keys whenever required.
The AWS Support team will rotate keys when requested by the customer.
Answer is The customer is responsible for rotating keys.
The customer is responsible for IAM user access and secret keys.
Question 89
Who is accountable for security and compliance under the AWS shared responsibility model?
The customer is responsible.
AWS is responsible.
AWS and the customer share responsibility.
AWS shares responsibility with the relevant governing body.
Answer is AWS and the customer share responsibility.
Security and Compliance is a shared responsibility between AWS and the customer. This shared model can help relieve the customer's operational burden as
AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates.
What is the customer's responsibility while using Amazon RDS?
Patching and maintenance of the underlying operating system.
Managing automatic backups of the database.
Controlling network access through security groups.
Replacing failed instances in the event of a hardware failure.
Answer is Controlling network access through security groups.
Use security groups to control what IP addresses or Amazon EC2 instances can connect to your databases on a DB instance. When you first create a DB instance, its firewall prevents any database access except through rules specified by an associated security group.