Coursera Answers

AWS Fundamentals: Addressing Security Risk Week 1 Quiz Answer

AWS Fundamentals Addressing Security Risk Week 1 Quiz Answer


AWS Fundamentals: Addressing Security Risk Week 1 Quiz Answer



Week 1 —- Quiz 1 Answer


Question 1)

What security mechanism can add an extra layer of protection to your AWS account in addition to a username-password combination?

  • I​ris Scan Service or ISS
  • S​cure Bee Service or SBS
  • T​ransport Layer Protocol or TCP
  • M​ult-factor Authentication or MFA



Question 2)

If a user wanted to read from a DynamoDB table what policy would you attach to their user profile?


  • AmazonDynamoDBFullAccess
  • AWSLambdaDynamoDBExecutionRole
  • AWSLambdaInvocation-DynamoDB
  • AmazonDynamoDBReadOnlyAccess



Question 3)

What are valid MFA or Multi-factor Authentication options available to use on AWS? Select all that apply.

  • yubiKey
  • Gemalto token
  • Blizzard Authenticator
  • Google Authenticator
  • AWS IoT button



Question 4)

What format is an Identity and Access Management policy document in?

  • J​SON
  • X​ML
  • H​TML
  • C​SV



Question 5)

Which are valid options for interacting with your AWS account? Select all that apply.

  • Software Development Kit
  • Command Line Interface
  • Application Programming Interface
  • AWS Console




Week 1 —- Quiz 2 Answer


Week 1 Quiz 2: AWS Fundamentals: Addressing Security Risk



Question 1)

Which solution below grants AWS Management Console access to a DevOps engineer?


  • Create a user for the security engineer in AWS Cognito User Pool
  • Enable Single sign-on on AWS accounts by using federation and AWS IAM
  • Create IAM user for the engineer and associate relevant IAM managed policies to this IAM user  
  • Use AWS Organization to scope down IAM roles and grant the security engineer access to this IAM roles 



Question 2)

Which of these IAM policies cannot be updated by you?


  • inline policy
  • group policy
  • managed policy
  • customer managed policy



Question 3)

Which of these services can establish a trusted relationship between your corporate Active Directory and AWS?


  • AWS SSO
  • I​AM
  • Amazon Cognito
  • A​D Connector



Question 4)

What is the main difference between Cognito User Pool and Cognito Identity Pool?


  • Only User Pools has feature to enable MFA
  • Identity Pools provide temporary AWS credentials
  • User Pools support both authenticated and unauthenticated identities
  • User Pool cannot use public identity providers (e.g Facebook, Amazon, …) while Identity Pool can



Question 5)

How do you audit IAM user’s access to your AWS accounts and resources?


  • Using CloudWatch event to notify you when an IAM user sign in
  • Using AWS Config to notify you when IAM resources are changed
  • Using CloudTrail to look at the API call and timestamp
  • Use Trusted Advisor to show a list of sign in events from all users