Infrastructure Security Questions
Practice questions for Infrastructure Security topic in AWS Certified Security - Specialty. 36 questions covering this domain.
A company must identify unintended network access paths relative to its security requirements and demonstrate compliance with segmentation rules. Whic...
Which statement accurately describes the protection scope of AWS Shield Standard and AWS Shield Advanced?
A company wants to verify that all network paths between certain resources and internet gateways include expected controls such as network firewalls a...
A company wants to attach AWS WAF protection directly to a supported application entry point. Which resource can AWS WAF protect?
A security team wants centralized visibility into all application access attempts to support investigations and audits while enforcing a zero-trust st...
A company wants an analysis that flags paths from an internet gateway to network interfaces, except for approved web servers that are a legitimate exc...
Which statement about AWS Shield Standard is correct?
A security engineer creates an AWS WAF web ACL that matches requests from untrusted IP addresses. How can the protected service respond when a request...
A company wants to remove its VPN requirement for access to internal web applications and evaluate each access request in real time by using identity ...
Which AWS WAF managed rule group blocks requests from IP addresses identified by the Amazon threat intelligence team as actively engaged in malicious ...
A team needs to mirror network packets from a specific Amazon EC2 elastic network interface to a security analysis tool for deep packet inspection. Wh...
Which Amazon Route 53 feature blocks DNS queries from VPC resources to known malicious or unwanted domains using AWS-managed and custom domain lists?
A multi-account organization needs centralized egress inspection for all VPC traffic going to the internet, including IDS/IPS and domain filtering. Wh...
A security team wants centralized configuration of AWS WAF, AWS Shield Advanced, security groups, and AWS Network Firewall across an organization, inc...
An application uses an Application Load Balancer with AWS WAF. The team wants WAF logs delivered for long-term analysis with the lowest cost and full ...
Which AWS service is a managed network firewall that provides stateful inspection, intrusion prevention (IPS), and domain-name filtering at the VPC le...
An application team wants traffic between an EC2 instance and Amazon S3 in the same Region to remain on the AWS network without traversing the interne...
An ALB must terminate TLS using a certificate generated by an internal private CA. Which AWS-native combination is recommended?
A company wants to block all outbound DNS requests from its VPCs to the internet except for allowed domain categories. Which AWS-native service provid...
A company's Amazon EKS cluster runs workloads in a private VPC. The team wants to ensure that container images used in the cluster are scanned for kno...
Sign in to see all 36 questions
Create a free account to browse all questions — completely free during our launch phase.