You have a request ? Contact Us Join Us
Home
AWS
Cloud

Addressing Security Risk | Coursera Quiz Answers

Answer of Coursera AWS Fundamentals Specialization
Estimated read time: 12 min
Coursera: Addressing Security Risk Answers
Addressing Security Risk | Coursera
Enroll Course

Week 1 - Quiz 1

1. What security mechanism can add an extra layer of protection to your AWS account in addition to a username password combination?
  • T​ransport Layer Protocol or TCP
  • M​ulti-factor Authentication or MFA
  • I​ris Scan Service or ISS
  • S​cure Bee Service or SBS
2. If a user wanted to read from a DynamoDB table what policy would you attach to their user profile?
  • AmazonDynamoDBFullAccess
  • AWSLambdaInvocation-DynamoDB
  • AmazonDynamoDBReadOnlyAccess
  • AWSLambdaDynamoDBExecutionRole
3. What are valid MFA or Multi-factor Authentication options available to use on AWS? Select all  that apply.
  • Blizzard Authenticator
  • AWS IoT button
  • Gemalto token
  • YubiKey
  • Google Authenticator
4. What format is an Identity and Access Management policy document in?
  • X​ML
  • H​TML
  • C​SV
  • J​SON
5. Which are valid options for interacting with your AWS account? Select all that apply.
  • Command Line Interface
  • Software Development Kit
  • Application Programming Interface
  • AWS Console

Week 1 - Quiz 2

1. Which solution below grants AWS Management Console access to an DevOps engineer?
  • Enable Single sign-on on AWS accounts by using federation and AWS IAM
  • Create a user for the security engineer in AWS Cognito User Pool
  • Create IAM user for the engineer and associate relevant IAM managed policies to this IAM user
  • Use AWS Organization to scope down IAM roles and grant the security engineer access to this IAM roles
2. Which of these IAM policies cannot be updated by you?
  • managed policy
  • customer managed policy
  • inline policy
  • group policy
3. Which of these services can establish a trusted relationship between your corporate Active Directory and AWS?
  • Amazon Cognito
  • AWS SSO
  • I​AM
  • A​D Connector
4. What is the main difference between Cognito User Pool and Cognito Identity Pool?
  • User Pool cannot use public identity providers (e.g Facebook, Amazon, …) while Identity Pool can
  • Identity Pools provide temporary AWS credentials
  • Only User Pools has feature to enable MFA
  • User Pools support both authenticated and unauthenticated identities
5. How do you audit IAM user’s access to your AWS accounts and resources?
  • Using CloudTrail to look at the API call and timestamp
  • Using CloudWatch event to notify you when an IAM user sign in
  • Using AWS Config to notify you when IAM resources are changed
  • Use Trusted Advisor to show a list of sign in events from all users

Week 2 - Quiz 1

1. Which statement is true?
  • You can only attach 1 elastic network interface (ENI) to each EC2 instance launched in VPC
  • By default, each instance that you launch into a nondefault subnet has a public IPv4 address
  • To use AWS Private Link, the VPC is required to have a NAT device
  • Traffics within an Availability Zone, or between Availability Zones in all Regions, are routed over the AWS private global network
2. W​hat is a Security Group?
  • Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level
  • Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level
  • Control who in your organization has permission to create and manage VPC flow logs
  • Capture information about the IP traffic going to and from network interfaces in your VPC
3. How many types of VPC Endpoints are available?
  • Many. Each AWS Service will be supported by 1 type of VPC Endpoints
  • Two: Amazon S3 and DynamoDB
  • Two: Gateway Endpoint and Interface Endpoint
  • One: VPC
4. Which of these AWS resources cannot be monitored using VPC Flow logs?
  • V​PC
  • A​ subnet in a VPC
  • A network interface attached to EC2
  • An Internet Gateway attached to VPC
5. You can route traffic to a NAT Gateway through:
  • Site-to-Site VPN connection
  • AWS Direct Connect
  • VPC Peering
  • None of the above

Week 2 - Quiz 2

1. What AWS Services keeps a record of who is interacting with your AWS Account?
  • Amazon ServiceLog
  • Amazon Auditor
  • AWS AccountMonitor
  • AWS CloudTrail
2. Which of the following are monitoring and logging services available on AWS? Select all that apply.
  • AWS CloudLogger
  • Amazon Beehive
  • AWS CloudWatch
  • Amazon Config
3. Which of the following sections from Trusted Advisor exists under the AWS Services as a pillar as well?
  • Cost Transparency
  • Operational Excellence
  • Security
  • Fault Tolerance
4. If you wanted to accomplish threat detection in your AWS Infrastructure, which of the following services would you use?
  • AWS GuardDuty
  • Amazon ThreatDetector
  • Amazon S3
  • AWS DynamoDB
5. Which AWS Service has an optional agent that can be deployed to EC2 instances to perform a security assessment?
  • AWS Assessor
  • Amazon Inspector
  • AWS EC2Deploy
  • Amazon Agent

Week 3 - Quiz 1

1. What requirement must you adhere to in order to deploy an AWS CloudHSM?
  • Run the HSM in two regions
  • Provision the HSM in a VPC
  • Deploy an EBS volume for the HSM
  • Call AWS Support first to enable it
2. What AWS KMS keys are used to encrypt and decrypt data in AWS?
  • Customer master keys
  • AWS master keys
  • Seller recrypt keys
  • User recrypt keys
3. How much data can you encrypt/decrypt using an Customer Master Key?
  • Up to 4MB
  • Up to 4TB
  • Up to 1MB
  • Up to 4KB

Week 3 - Quiz 2

1. The purpose of encrypting data when it is in transit between systems and services is to prevent (choose 3 correct answers):
  • unauthenticated server and client communication
  • eavesdropping
  • unauthorized alterations
  • unauthorized copying
2. Which protocol below is an industry-standard cryptographic protocol used for encrypting data at the transport layer?
  • HTTPS
  • T​LS
  • X.509
  • IPSec
3. How do you encrypt an existing un-encrypted EBS volume?
  • EBS volumes are encrypted at rest by default
  • Enable Encryption by Default feature
  • Take a snapshot for EBS volume, and create new encrypted volume for this snapshot
  • Enable encryption for EC2 instance, which will encrypt the attached EBS volumes
4. Can you encrypt just a subset of items in a DynamoDB table?
  • ​Yes
  • N​o
5. When you enable encryption for RDS DB instance, what would not be encrypted?
  • JBDC connection
  • Transaction logs
  • Automated backups
  • Read Replicas
  • Snapshots
6. Which of the following is a valid storage service on AWS?
  • AWS Lambda
  • Amazon Relational Database Service
  • Amazon Honey Service
  • AWS Virtual Private Cloud
  • Amazon Complicated Storage Service

Week 4 Quiz

1. W​hich of the following are valid Pillars of the Well-Architected Framework? Choose two.
  • Infrastructure
  • Redundancy
  • Speed
  • Security
  • Cost Optimization
2. W​hat language does Amazon Athena support?
  • ​SQL
  • J​ava
  • C​++
  • dogescript
3. What is the name of the model that shows how security is handled by AWS and it’s customers in the AWS Cloud?
  • Cloud Security Model
  • Role Based Model
  • Shared Responsibility Model
  • AWS Authentication Model
4. What AWS Service is best suited for storing objects?
  • Amazon Simple Storage Service
  • Amazon Elastic Beanstalk
  • Amazon DynamoDB
  • Amazon Object Store
5. What AWS service can be used to manage multiple AWS Accounts for consolidated billing?
  • AWS Multiple-man
  • AWS Account Manager
  • AWS Billing
  • AWS Organizations
6. Which AWS Service supports threat detection by continuously monitoring for malicious or unauthorized behavior?
  • Amazon IDP
  • Amazon Knight
  • Amazon Monitor
  • Amazon GuardDuty
7. What is a customer access endpoint?
  • A customer token
  • A signed code segment
  • A URL entry point for a web service
  • A websocket for customer connections

End of Course Assessment

1. Which statement is true?
  • You can only attach 1 elastic network interface (ENI) to each EC2 instance launched in VPC
  • By default, each instance that you launch into a nondefault subnet has a public IPv4 address
  • To use AWS Private Link, the VPC is required to have a NAT device
  • Traffics within an Availability Zone, or between Availability Zones in all Regions, are routed over the AWS private global network
2. How many types of VPC Endpoints are available?
  • Many. Each AWS Service will be supported by 1 type of VPC Endpoints
  • Two: Amazon S3 and DynamoDB
  • Two: Gateway Endpoint and Interface Endpoint
  • One: VPC
3. Which of these AWS resources cannot be monitored using VPC Flow logs?
  • VPC
  • A subnet in a VPC
  • A network interface attached to EC2
  • An Internet Gateway attached to VPC
4. Which of the following are monitoring and logging services available on AWS? Select all that apply.
  • AWS CloudLogger
  • Amazon Beehive
  • AWS CloudWatch
  • Amazon Config
5. Which of the following sections from Trusted Advisor exists under the Well-Architected Framework as a pillar as well?
  • Cost Transparency
  • Operational Excellence
  • Security
  • Fault Tolerance
6. Which solution below grants AWS Management Console access to an DevOps engineer?
  • Enable Single sign-on on AWS accounts by using federation and AWS IAM
  • Create a user for the security engineer in AWS Cognito User Pool
  • Create IAM user for the engineer and associate relevant IAM managed policies to this IAM user
  • Use AWS Organization to scope down IAM roles and grant the security engineer access to this IAM roles
7. Which of these services doesn’t authenticate users to access AWS resources using existing credentials on their current corporate identity?
  • Amazon Cognito
  • AWS SSO
  • IAM
  • AD Connector
8. What is the main difference between Cognito User Pool and Cognito Identity Pool?
  • User Pool cannot use public identity providers (e.g Facebook, Amazon, …) while Identity Pool can
  • Identity Pools provide temporary AWS credentials
  • Only User Pools has feature to enable MFA
  • User Pools support both authenticated and unauthenticated identities
9. What security mechanism can add an extra layer of protection to your AWS account in addition to a username password combination?
  • Transport Layer Protocol or TCP
  • Mult-factor Authentication or MFA
  • Iris Scan Service or ISS
  • Scure Bee Service or SBS
10. If a user wanted to read from a DynamoDB table what policy would you attach to their user profile?
  • AmazonDynamoDBFullAccess
  • AWSLambdaInvocation-DynamoDB
  • AmazonDynamoDBReadOnlyAccess
  • AWSLambdaDynamoDBExecutionRole
11. What are valid MFA or Multi-factor Authentication options available to use on AWS? Select all that apply.
  • Blizzard Authenticator
  • AWS IoT button
  • Gemalto token
  • YubiKey
  • Google Authenticator
12. What requirement must you adhere to in order to deploy an AWS CloudHSM?
  • Run the HSM in two regions
  • Provision the HSM in a VPC
  • Deploy an EBS volume for the HSM
  • Call AWS Support first to enable it
13. How much data can you encrypt/decrypt using an Customer Master Key?
  • Up to 4MB
  • Up to 4TB
  • Up to 1MB
  • Up to 4KB
14. The purpose of encrypting data when it is in transit between systems and services is to prevent (choose 3 correct answers):
  • unauthenticated server and client communication
  • eavesdropping
  • unauthorized alterations
  • unauthorized copying
15. Which protocol below is an industry-standard cryptographic protocol used for encrypting data at the transport layer?
  • HTTPS
  • TLS
  • X.509
  • IPSec
16. How do you encrypt an existing un-encrypted EBS volume?
  • EBS volumes are encrypted at rest by default
  • Enable Encryption by Default feature
  • Take a snapshot for EBS volume, and create new encrypted volume for this snapshot
  • Enable encryption for EC2 instance, which will encrypt the attached EBS volumes
17. When you enable encryption for RDS DB instance, what would not be encrypted?
  • JBDC connection
  • Transaction logs
  • Automated backups
  • Read Replicas
  • Snapshots
18. What language does Amazon Athena support?
  • SQL
  • Java
  • C++
  • Dogescript
19. What is the name of the model that shows how security is handled by AWS and it’s customers in the AWS Cloud?
  • Cloud Security Model
  • Role Based Model
  • Shared Responsibility Model
  • AWS Authentication Model
20. What is a customer access endpoint?
  • A customer token
  • A signed code segment
  • A URL entry point for a web service
  • A websocket for customer connections
Related Articles
#AWS #Cloud #Coursera

Post a Comment

© 2025 TeamsCloud ‧ All rights reserved. Developed by Teams
Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
More Details
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.