Security Foundations and Governance Questions
Practice questions for Security Foundations and Governance topic in AWS Certified Security - Specialty. 28 questions covering this domain.
A platform team wants a configurable account template that standardizes the provisioning of new AWS accounts with pre-approved configurations inside a...
A team wants a single CloudFormation template to deploy baseline security resources consistently across multiple AWS accounts and Regions from a centr...
A compliance team wants a service that uses prebuilt frameworks, automatically collects evidence for in-scope AWS accounts on an ongoing basis, and he...
An auditor asks for AWS compliance reports and agreements that can be downloaded at no additional cost and submitted as audit artifacts. Which AWS ser...
A company is scaling its AWS environment and wants the recommended boundary for permission, security, costs, and workloads, while centrally creating a...
A management account administrator attaches a restrictive service control policy at the organization root and expects it to limit permissions in the m...
A team writes an SCP and assumes that it will grant the permissions users need as long as the SCP allows those actions. Why is this assumption incorre...
A team wants AWS Trusted Advisor to surface security checks beyond the seven core checks available at the basic support level. Which prerequisite is r...
A compliance team needs to deploy a baseline set of resources (CloudTrail trail, Config recorder, IAM password policy) consistently to every account i...
A platform team wants developers to self-service launch only pre-approved, security-vetted infrastructure templates (with parameter constraints and IA...
Which AWS Control Tower feature applies preventive and detective rules across all accounts in a Control Tower organization, mapped to controls like CI...
An organization deploys workloads across multiple Regions and accounts, and wants AWS to provide an opinionated multi-account environment with org set...
Auditors require evidence that an organization's AWS environment meets a specific compliance framework, with controls automatically mapped to AWS data...
Which AWS service consolidates AWS Config configuration and compliance data from many accounts and Regions into a single account view?
A company creates a new AWS account through AWS Control Tower Account Factory. The account is automatically enrolled in the organization and the landi...
A compliance officer requests evidence that a specific Amazon EC2 instance maintained its approved configuration (no open ports other than 443) over t...
Which AWS service provides a centralized catalog of prebuilt and custom security and operational controls mapped to frameworks such as NIST CSF, CIS, ...
A company uses AWS Organizations. An SCP at the root OU allows all services, but an SCP on a child OU denies EC2 actions. A developer in an account wi...
A team uses AWS Organizations and wants to prevent any member account from leaving the organization without management account approval. Which SCP act...
A large enterprise wants a managed solution that automatically provisions a secure multi-account AWS environment, enrolls new accounts with a pre-appr...
Sign in to see all 28 questions
Create a free account to browse all questions — completely free during our launch phase.