Security and Compliance Questions
Practice questions for Security and Compliance topic in AWS Certified CloudOps Engineer - Associate. 32 questions covering this domain.
An application creates IAM roles and immediately depends on those changes in a critical high-availability request path. Why is this design risky?
Amazon Inspector reports a vulnerability on an EC2 instance. Under which condition can Inspector lower its environment-specific risk score for that fi...
A security team wants to identify S3 buckets and IAM roles that are shared with principals outside the account or organization. Which AWS service shou...
A development team wants to remove hard-coded database passwords from application code and automatically rotate those credentials. Which AWS service s...
A company uses Amazon CloudFront and wants to deploy an ACM certificate for its distribution. In which AWS Region must that certificate be requested o...
A company needs a service that protects the highest-level encryption keys by keeping AWS KMS keys inside validated HSMs and never leaving the service ...
A security operations team enables GuardDuty and wants to know which data sources are analyzed automatically for foundational threat detection. Which ...
A compliance team needs continuous evaluation of AWS resource configurations and notifications when a resource violates an internal rule. Which servic...
A CloudOps engineer must allow auditors to access read-only views across multiple AWS accounts using their existing corporate identities. Which AWS se...
Which AWS service discovers, classifies, and protects sensitive data such as PII stored in Amazon S3 using machine learning?
A CloudOps engineer needs to investigate the root cause of a GuardDuty finding by visualizing related events across CloudTrail, VPC Flow Logs, and fin...
A team needs prebuilt sets of AWS Config rules and remediation actions aligned with industry frameworks like CIS or PCI DSS. Which AWS Config capabili...
An organization wants to enforce that no member account can disable AWS CloudTrail or modify its trails. Which capability is purpose-built for this gu...
A team must ensure that all newly created S3 buckets in any account block public access by default. Which combination of controls aligns with AWS guid...
Which AWS service centrally aggregates and prioritizes security findings from GuardDuty, Inspector, Macie, IAM Access Analyzer, and partner products?
Amazon CloudTrail must record S3 object-level read and write API activity in selected buckets for forensic analysis. Which feature should be enabled?
Which AWS KMS feature automatically rotates the backing key material for a customer-managed key on an annual basis without changing the key ID or alia...
A team wants to use a single AWS KMS key to encrypt data in one Region and then read that encrypted data in another Region without re-encryption. Whic...
Which AWS Config feature automatically applies remediation actions to non-compliant resources without manual intervention?
AWS Control Tower is being used to govern a multi-account AWS environment. The team wants to prevent any account from disabling AWS CloudTrail. Which ...
Sign in to see all 32 questions
Create a free account to browse all questions — completely free during our launch phase.