Network Security, Compliance, and Governance Questions
Practice questions for Network Security, Compliance, and Governance topic in AWS Certified Advanced Networking - Specialty. 48 questions covering this domain.
A security analyst wants to diagnose whether an overly restrictive security group is blocking traffic to an instance. Which AWS feature is explicitly ...
An organization wants one service to subscribe all member accounts in AWS Organizations to AWS Shield Advanced, automatically include new in-scope acc...
Which inspection engine does AWS Network Firewall use for stateful inspection?
Which statement about AWS Shield Standard is correct?
During an incident, a TCP SYN flood is exhausting connection state on load balancers and firewalls. In AWS Shield terminology, what class of attack is...
A security team wants higher levels of DDoS protection than the automatically included AWS protection provides. Which service should the team subscrib...
A company must inspect outbound VPC traffic, allow traffic only to known AWS service domains or IP endpoints, and block access to a custom list of kno...
An organization frequently adds new CloudFront distributions and wants a central service that can automatically apply protections to matching resource...
A security engineer wants a web request filtering service that can allow a request, return an HTTP 403 response, or send a custom response based on cr...
A SOC needs packet copies for threat monitoring, and it wants capture to occur at the elastic network interface where it cannot be disabled or tampere...
A company needs to protect an Application Load Balancer backed web application from common web exploits by filtering HTTP requests based on source IP ...
A security team needs a service that can perform deep packet inspection on traffic entering or leaving a VPC and can use stateful protocol detection t...
An organization uses AWS Resource Access Manager (RAM) to share a Transit Gateway across accounts in AWS Organizations. What does RAM enable in this s...
A company must enforce that only specific accounts and roles can connect to a particular AWS PrivateLink endpoint service. Which mechanism enforces th...
Which AWS WAF rule type counts requests over a five-minute window from a source IP and triggers an action when the count exceeds the configured thresh...
Which AWS service centrally manages firewall rules across multiple AWS accounts and resources for AWS WAF, AWS Network Firewall, AWS Shield Advanced, ...
A regulated workload requires that traffic between an on-premises router and AWS over Direct Connect be encrypted and that the encryption be terminate...
An ALB-fronted application is being targeted by an HTTP flood that rotates through millions of source IPs, exceeding standard rate-based rule effectiv...
Which feature lets Route 53 sign records in a public hosted zone and provide cryptographic assurance against DNS spoofing for resolvers that validate ...
An ACM-issued public certificate must be used with an Amazon CloudFront distribution. In which Region must the certificate be requested or imported?
Sign in to see all 48 questions
Create a free account to browse all questions — completely free during our launch phase.