Free AWS Practice Test PDF
Download a free AWS practice test PDF with 30 questions, answers and explanations, then continue with online mock exams.
Free AWS PDF with 30 questions
Print it, save it, or use it as a quick cram sheet before taking a timed mock exam.
Download PDF
The PDF includes 30 AWS questions with answers and explanations.
Try AWS questions now
Q1A company has deployed several relational databases on Amazon RDS. Every month, the database software vendor releases new security patches that need to be applied to the database.<br/><br/>What is the MOST efficient way to apply the security patches?
Show answer
✓ Correct answer: Enable automatic patching for the instances using the Amazon RDS console
Periodically, Amazon RDS performs maintenance on Amazon RDS resources. Maintenance most often involves updates to the DB instance's underlying hardware, underlying operating system (OS), or database engine version. Updates to the operating system most often occur for security issues and should be done as soon as possible.<br/><br/>Required patching is automatically scheduled only for patches that are related to security and instance reliability. Such patching occurs infrequently (typically once every few months) and seldom requires more than a fraction of your maintenance window.<br/><br/><img src="asset:assets/questions/7a77e37196bbb338.jpg"><br/><br/>All you need to do to get enable patching is specify the maintenance window in which the patching will take place. This can be done at instance creation time or at any time afterwards.<br/><br/><strong>CORRECT: </strong>"Enable automatic patching for the instances using the Amazon RDS console" is the correct answer.<br/><br/><strong>INCORRECT:</strong> "Connect to each database instance on a monthly basis, and download and apply the necessary security patches from the vendor" is incorrect. Amazon RDS is a managed service and you do not need to do this manually.<br/><br/><strong>INCORRECT:</strong> "In AWS Config, configure a rule for the instances and the required patch level" is incorrect. This service is used for auditing and evaluating resource configurations.<br/><br/><strong>INCORRECT:</strong> "Use AWS Systems Manager to automate database patching according to a schedule" is incorrect. Systems Manager can be used to manage EC2 instances but it cannot be used to patch RDS instances.
Q2Security and Compliance is a shared responsibility between AWS and the customer. <br/><br/>Which amongst the below-listed options are AWS responsibilities? (Select TWO)
Show answer
✓ Correct answer: Security of the AWS cloud
Amazon Elastic Compute Cloud (Amazon EC2) is categorized as Infrastructure as a Service (IaaS). Hence this is the customer's responsibility. AWS is responsible for patching and fixing flaws within the infrastructure. But customers are responsible for patching their guest OS and applications. Security of the data in the cloud is the customer's responsibility. Security of the cloud is AWS’s responsibility. AWS is responsible for patching and fixing flaws within the infrastructure.
Q3Which of the following services can be used to block network traffic to an instance? (Select TWO.)
Show answer
✓ Correct answer: Security groups
<a target="_blank" href="https://www.bing.com/aclick?ld=e86ns1BXUKxOqC12wno4QM7zVUCUxFxCkVSzlpCGKPTw7gOpC2OQ8CwOPmuxKsVjqHvqd76tBdqhoBKF-DuTEkVCrALAWRuQDzt1TU-iEmT5dBtyQAkZqW_ZiTLgz5arvhGnyHbQ8HEpwO0f96vMzvm69X0Ygb2wAzzZtkeP_DJ4wCgT3XLh_0GMGvdUThJwR3agDV4WHOVdE3mW5HVVIYD1DShts_ej5S3BP4U2jYm_QuUyS0-kIuhEg6YDE9oH1OQNapyM44toat-sX7-1rl8r_gy2E&u=aHR0cHMlM2ElMmYlMmZhd3MuYW1hem9uLmNvbSUyZmZyZWUlMmYlM2ZhbGwtZnJlZS10aWVyLnNvcnQtYnklM2RpdGVtLmFkZGl0aW9uYWxGaWVsZHMuU29ydFJhbmslMjZhbGwtZnJlZS10aWVyLnNvcnQtb3JkZXIlM2Rhc2MlMjZhd3NmLkZyZWUlMjUyMFRpZXIlMjUyMFR5cGVzJTNkKmFsbCUyNmF3c2YuRnJlZSUyNTIwVGllciUyNTIwQ2F0ZWdvcmllcyUzZGNhdGVnb3JpZXMlMjUyM2NvbXB1dGUlMjZ0cmslM2RiNTI4YWY3NC02NDUzLTQ4ZmMtYjVlMy00ZDBmZjU3ZDFmMjMlMjZzY19jaGFubmVsJTNkcHMlMjZzX2t3Y2lkJTNkQUwhNDQyMiExMCE3MTk0OTUyMDEyMDEwMCE3MTk1MDA0Mjk2MzAwNyUyNmVmX2lkJTNkZmE0MTQzN2EyZDNkMTgxMzViY2YyNjAyMzIxNjNhMTYlM2FHJTNhcw&rlid=fa41437a2d3d18135bcf260232163a16">Security groups and network ACLs are two AWS services that can be used to block network traffic to an instance. Security groups are virtual firewalls that control the inbound and outbound traffic for your instances at the instance level. You can specify which protocols, ports, and source or destination IP addresses are allowed or denied for each instance.Security groups are stateful, which means that they automatically allow return traffic for any allowed inbound or outbound traffic123. Network ACLs are virtual firewalls that control the inbound and outbound traffic for your subnets at the subnet level. You can create rules to allow or deny traffic based on protocols, ports, and source or destination IP addresses.Network ACLs are stateless, which means that you have to explicitly allow return traffic for any allowed inbound or outbound traffic456.
Q4Which of the below allows you to restrict access to individual objects in an S3 bucket?
Show answer
✓ Correct answer: Access Control Lists
Access Control Lists let you control access to individual objects within an S3 bucket, whereas Bucket Policies allow you to control access to entire buckets. In relation to S3, Bucket Control Lists and Access Policies do not exist as configuration items.
Q5A company has been using an AWS managed IAM policy for granting permissions to users but needs to add some permissions.<br/><br/>How can this be achieved?
Show answer
✓ Correct answer: Create a custom IAM policy.
AWS managed policies cannot be edited so if you need to add permissions to users that are not granted in the policy you must create your own custom IAM policy.<br/><br/><strong>CORRECT: </strong>"Create a custom IAM policy" is the correct answer.<br/><br/><strong>INCORRECT:</strong> "Edit the AWS managed policy" is incorrect. You cannot edit AWS managed policies.<br/><br/><strong>INCORRECT:</strong> "Create a Service Control Policy" is incorrect. SCPs are used in AWS Organizations to restrict available permissions. They do not grant permissions.<br/><br/><strong>INCORRECT:</strong> "Create a rule in AWS WAF" is incorrect. WAF is a web application firewall used for protecting resources from web-based attacks.
Q6In AWS, which service assists with governance, compliance, and risk auditing?
Show answer
✓ Correct answer: AWS CloudTrail
AWS CloudTrail is a service that allows you to manage your AWS account's governance, compliance, operational auditing, and risk auditing.<br/><br/>You can track, monitor, and retain account activity associated with actions throughout your AWS infrastructure with CloudTrail. CloudTrail logs all actions made through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.<br/><br/>Security analysis, resource change tracking, and troubleshooting are all made easier with this event history.
Full AWS bank + unlimited mocks
Try 30 questions free. Unlock the complete AWS question bank, every explanation, and unlimited timed mock exams. Practice on any device.
Unlock AWS →