AWS Security Awareness Training Quiz

1.

Maintaining an inventory of network devices is a best practice for security.

A.

True
B.

False

Correct Answer
A. True

Explanation
Maintaining an inventory of network devices is considered a best practice for security because it allows organizations to have a comprehensive understanding of their network infrastructure. By keeping track of all network devices, including routers, switches, and firewalls, organizations can easily identify any unauthorized or rogue devices that may pose a security risk. Additionally, having an inventory helps with managing software updates, patches, and vulnerabilities, ensuring that all devices are up to date and secure. This practice also aids in incident response and troubleshooting, as organizations can quickly locate and address any issues with specific network devices.

Rate this question:

2.

Amazing Web Services periodically scans for _______ devices on the network.

Correct Answer
rogue

Explanation
"Amazing Web Services periodically scans for rogue devices on the network" means that the web services regularly search for unauthorized or malicious devices that may have connected to the network without permission. These devices are commonly referred to as "rogue" devices because they are not part of the authorized network infrastructure. By scanning for these rogue devices, the web services can identify and address any potential security threats or vulnerabilities.

Rate this question:

4

3.

Amazing Web Services only installs one firewall in one location.

A.

True
B.

False

Correct Answer
B. False

Explanation
The given statement is false because Amazing Web Services installs multiple firewalls in multiple locations. This ensures that their clients' systems are well-protected from potential threats and attacks. By having multiple firewalls in different locations, they can create a layered defense system that enhances security and reduces the risk of unauthorized access or breaches.

Rate this question:

4.

AWS uses ingress and _______ filtering to control data coming into and going out of the network.

Correct Answer
egress

Explanation
AWS uses ingress and egress filtering to control data coming into and going out of the network. Ingress filtering refers to the process of filtering incoming data packets to ensure that they meet certain criteria or security policies before allowing them into the network. On the other hand, egress filtering involves filtering outgoing data packets to prevent unauthorized or malicious traffic from leaving the network. These filtering mechanisms help enhance network security by allowing only authorized and safe traffic to enter or leave the network.

Rate this question:

4

5.

______ are used to monitor web browsing and file transfers for users to limit dangerous or inappropriate network activities.

Correct Answer
Proxy, Proxies

Explanation
Proxies are used to monitor web browsing and file transfers for users to limit dangerous or inappropriate network activities. Proxies act as intermediaries between users and the internet, allowing them to access websites and transfer files while also providing a layer of control and security. By monitoring the traffic passing through the proxy server, administrators can enforce restrictions, filter out malicious content, and prevent unauthorized access to certain websites or files. This helps to ensure a safer and more controlled browsing experience for users within a network.

Rate this question:

4

6.

IDS stands for:

A.

Intrusion Delay System
B.

Incident Discovery System
C.

Information Destruction System
D.

Intrusion detection system

Correct Answer
D. Intrusion detection system

Explanation
IDS stands for Intrusion Detection System. This system is designed to monitor network traffic and detect any unauthorized or suspicious activities that may indicate a security breach or intrusion. It helps in identifying potential threats and taking appropriate actions to prevent them. Therefore, the correct answer is Intrusion Detection System.

Rate this question:

7.

IDS signatures never need to be update.

A.

True
B.

False

Correct Answer
B. False

Explanation
The statement "IDS signatures never need to be updated" is false. IDS (Intrusion Detection System) signatures are used to identify and detect specific patterns or behaviors associated with known attacks or vulnerabilities. As new threats emerge, it is necessary to update the signatures to ensure that the IDS can effectively detect and respond to the latest attacks. Regular updates are essential to keep the IDS up-to-date and capable of detecting new and evolving threats. Therefore, the correct answer is false.

Rate this question:

8.

Telnet may be used on AWS for connecting to remote systems.

A.

True
B.

False

Correct Answer
B. False

Explanation
Telnet is not recommended for use on AWS for connecting to remote systems. AWS recommends using Secure Shell (SSH) for secure remote login and command execution. Telnet is an unencrypted protocol, which means that any data sent over the network can be intercepted and read by attackers. SSH, on the other hand, provides encryption and secure authentication, making it a safer option for remote connections on AWS. Therefore, the correct answer is False.

Rate this question:

9.

Which of the following network protocols should be restricted:

A.

Telnet / rlogin / rsh
B.

Ftp / anonymous ftp / tftp
C.

P2P
D.

IRC and instant messaging
E.

All of the above

Correct Answer
E. All of the above

Explanation
All of the above network protocols should be restricted because they pose security risks. Telnet, rlogin, and rsh are insecure protocols that transmit data in clear text, making it easy for attackers to intercept sensitive information. FTP and anonymous FTP allow unauthorized access to files and can be exploited by attackers. TFTP is also insecure and lacks authentication mechanisms. P2P (peer-to-peer) networks can facilitate the unauthorized sharing of copyrighted material and can expose users to malware. IRC and instant messaging can be used for malicious activities and can also expose users to phishing attempts and malware.

Rate this question:

10.

Only WPA2 is acceptable for encrypting wireless connections.

A.

True
B.

False

Correct Answer
A. True

Explanation
WPA2 is the most secure and widely used encryption protocol for wireless connections. It provides strong encryption and authentication, making it difficult for hackers to intercept or crack the wireless traffic. Other encryption protocols like WEP and WPA have been proven to be vulnerable to various attacks. Therefore, it is recommended to use WPA2 to ensure the confidentiality and integrity of wireless communications.

Rate this question:

11.

Periodic _____ scans for wireless devices will be conducted by the security group.

Correct Answer
spectrum

Explanation
The security group will conduct periodic scans for wireless devices in the spectrum. This means that they will be checking for any wireless devices operating within a specific range of frequencies. By conducting these scans, the security group can identify any unauthorized or potentially malicious wireless devices that may pose a threat to the network.

Rate this question:

4

12.

Remote access connections to AWS must be ________ and secured.

Correct Answer
approved, approve

Explanation
Remote access connections to AWS must be approved and secured. This means that before any remote access connection is established, it must go through an approval process to ensure that it meets the necessary requirements and is authorized. Additionally, these connections must be secured to protect sensitive data and prevent unauthorized access. Security measures such as encryption, authentication, and access controls should be implemented to ensure the confidentiality, integrity, and availability of the remote access connections.

Rate this question:

4

13.

Which of the following are reasons to NOT notify law enforcement in the event of a data breach:

A.

Control of the information, information systems, facilities, and flow of information
B.

Publicity
C.

Risk of continued hacking or malware activities
D.

Risk of equipment seizure and/or interruption to business during an investigation
E.

Legal protections that apply to alleged perpetrator regarding unreasonable search (e.g., if a Company employee should become “an agent acting on behalf of law enforcement”).
F.

All of the above

Correct Answer
F. All of the above

Explanation
All of the reasons listed in the options are valid reasons to NOT notify law enforcement in the event of a data breach. Control of the information, information systems, facilities, and flow of information is a concern because involving law enforcement may result in loss of control over the investigation and potential dissemination of sensitive information. Publicity is a concern because notifying law enforcement may attract unwanted attention and damage the reputation of the company. The risk of continued hacking or malware activities is a valid concern as involving law enforcement may alert the perpetrators and lead to further attacks. The risk of equipment seizure and interruption to business during an investigation is a valid concern as it may disrupt normal operations. Legal protections that apply to the alleged perpetrator regarding unreasonable search is also a valid concern as it may lead to legal complications.

Rate this question:

14.

Which of the following must be included in the network diagram for AWS network assets:

A.

Major network zones and primary services
B.

Workstations
C.

Wireless network connection points
D.

Remote network connection points
E.

A, C, and D
F.

B, C, and D
G.

A, B, and C

Correct Answer
E. A, C, and D

Explanation
The network diagram for AWS network assets must include major network zones and primary services, wireless network connection points, and remote network connection points. This is because these elements are essential for understanding the overall network architecture and connectivity within the AWS environment. Workstations, on the other hand, are not typically included in network diagrams as they are end-user devices and do not directly affect the network infrastructure.

Rate this question:

15.

Which domain did this training cover:

A.

Workstations and Users
B.

Remote Access
C.

Networks: LAN, LAN-to-WAN, and WAN
D.

Systems/Applications

Correct Answer
C. Networks: LAN, LAN-to-WAN, and WAN

Explanation
The training covered the domain of networks, specifically LAN, LAN-to-WAN, and WAN. This means that the training focused on teaching about the different types of networks and how they are connected, including local area networks (LAN), LAN-to-wide area network (WAN) connections, and wide area networks (WAN). The training likely included topics such as network protocols, network architecture, network security, and troubleshooting network issues.

Rate this question: