Security and Compliance Questions
Practice questions for Security and Compliance topic in AWS Certified DevOps Engineer - Professional. 32 questions covering this domain.
An application team wants to remove hard-coded database credentials from source code and rotate them automatically on a schedule. Which AWS service sh...
A security engineer wants a service that automatically discovers EC2 instances, ECR container images, and Lambda functions, continually scans them for...
When Amazon GuardDuty is enabled in an AWS account, which foundational data sources does it start ingesting automatically?
A security team wants a service that discovers sensitive data in Amazon S3 by using machine learning and pattern matching and then generates findings....
A development team wants secret rotation without redeploying applications every time credentials change. Which Secrets Manager behavior makes this pos...
A security operations team wants to automatically update or route findings when specific security checks fail and trigger downstream automated respons...
A security leader wants one delegated administrator account to centrally manage vulnerability scanning across all accounts in an AWS Organization and ...
A security architect needs to identify Amazon S3 buckets and IAM roles that are shared with principals outside the organization's zone of trust. Which...
A security program wants one place to aggregate findings from GuardDuty, Inspector, Macie, and supported third-party products while also running check...
A team wants to delegate temporary, scoped use of a specific KMS key to another principal without modifying the key policy. Which mechanism should the...
Which AWS WAF rule action allows the request to proceed but logs and increments matched-rule metrics for visibility?
A security engineer wants Amazon GuardDuty to detect malware on Amazon EC2 instances and container workloads by scanning attached EBS volumes when Gua...
A compliance program needs a service that continuously collects evidence from AWS resources and maps it to controls in frameworks such as PCI DSS, HIP...
Which AWS KMS feature enables automatic yearly rotation of cryptographic key material for symmetric customer-managed keys?
A security operations engineer wants to launch a Systems Manager Automation runbook directly from the AWS Security Hub console for selected findings. ...
A compliance team wants to deploy a curated bundle of AWS Config rules and remediation actions across many accounts in AWS Organizations from a centra...
An organization needs an AWS-managed private certificate authority hierarchy with a root CA and subordinate CAs to issue private TLS certificates to i...
A compliance team wants all Amazon S3 buckets in an AWS Organization to have server-side encryption enabled. They want noncompliant buckets identified...
A team wants to prevent any developer from creating IAM users with the `CreateLoginProfile` action in any account in their AWS Organization, while sti...
Which AWS service provides a managed threat detection service that continuously analyzes CloudTrail management events, VPC Flow Logs, and DNS logs to ...
Sign in to see all 32 questions
Create a free account to browse all questions — completely free during our launch phase.