Enhance your understanding of AWS security best practices with this concise quiz designed for beginners. Discover key principles, common threats, and practical techniques for securing cloud environments using widely recommended approaches.
Which setting is recommended to strengthen authentication by requiring users to change their passwords on a regular basis?
Explanation: Enabling password rotation requires users to change their passwords frequently, reducing the risk if a password is compromised. Using only numbers in passwords weakens their strength, while not setting password expiration leaves accounts vulnerable over time. Allowing short, simple passwords creates security risks by making them easier to guess.
What does the principle of least privilege recommend when assigning permissions in a cloud environment?
Explanation: Granting only the minimum permissions needed helps prevent unauthorized access and limits potential damage from compromised accounts. Granting administrator access to all users or giving everyone the same rights are overly broad and risky. Granting access based on job titles alone may not accurately reflect necessary permissions.
How does multi-factor authentication (MFA) improve account security for cloud services?
Explanation: MFA adds an additional layer of security by requiring something users know (like a password) and something they have (like a code). Automatic logouts help but are not as strong as MFA, allowing unlimited login attempts increases risk, and PIN codes alone do not provide sufficient security.
Why is it important to use encryption for data transmitted between services in a cloud environment?
Explanation: Encryption for data in transit ensures that if the data is intercepted, it cannot be easily read or modified. It does not make data load faster or reduce storage costs, and unencrypted data is not always corrupted but is more vulnerable to eavesdropping.
What is the primary function of a security group in managing virtual servers in a cloud environment?
Explanation: Security groups act as virtual firewalls, controlling allowed traffic to and from servers. They do not manage passwords, perform backups, or update software patches. Those other tasks require different security or administrative tools.
Which backup strategy helps ensure that data can be recovered after accidental deletion or ransomware?
Explanation: Regular automated backups provide consistent, up-to-date data copies for recovery if data is lost or damaged. Deleting old backups reduces options for recovery, and storing all data in one location creates a single point of failure. Backing up only once means recent changes could be lost.
In the cloud shared responsibility model, what is the customer's responsibility regarding user permissions?
Explanation: Customers must manage user access, ensuring only authorized individuals have appropriate permissions. Physical security, hardware repairs, and power supply are typically the responsibility of the cloud provider, not the customer.
Why is it important to enable logging and monitoring for cloud-based resources?
Explanation: Logging and monitoring help quickly identify suspicious activity and respond to potential threats. These actions do not impact billing, screen brightness, or automatically update systems. Instead, they provide essential visibility into system behavior.
What is a recommended practice for managing access keys used by applications?
Explanation: Regularly rotating access keys and deleting unused ones reduces the risk if a key is exposed. Sharing keys by email is insecure, storing them in code can lead to accidental exposure, and using the same key for all applications increases potential damage from a single compromised key.
Which security setting is most important when storing sensitive files in a cloud storage bucket?
Explanation: Blocking public access ensures only authorized users can view or modify sensitive files. Enabling public permissions exposes data to unauthorized users, setting low quotas does not prevent data breaches, and naming files generically does not protect against unauthorized access.