Question 1

Which AWS service is primarily used for scalable object storage?

Accepted Answer

Amazon S3

Answer

Amazon RDS

Answer

Amazon EC2

Answer

Amazon EBS

Question 2

What AWS service can be used to deploy and manage applications in a serverless environment?

Accepted Answer

AWS Lambda

Answer

AWS Elastic Beanstalk

Answer

Amazon Lightsail

Answer

Amazon EC2

Question 3

Which AWS service is primarily used for monitoring and logging AWS resources and applications?

Accepted Answer

Amazon CloudWatch

Answer

AWS CloudTrail

Answer

Amazon Inspector

Answer

AWS Config

Question 4

Which Amazon service is best suited for setting up a data warehouse solution?

Accepted Answer

Amazon Redshift

Answer

AWS Glue

Answer

Amazon Aurora

Answer

Amazon DynamoDB

Question 5

Which AWS service allows you to create a virtual private cloud (VPC)?

Accepted Answer

Amazon VPC

Answer

AWS Direct Connect

Answer

AWS Elastic Load Balancing

Answer

Amazon Route 53

Question 6

Which AWS service provides a fully managed NoSQL database service?

Accepted Answer

Amazon DynamoDB

Answer

Amazon Aurora

Answer

AWS Lambda

Answer

Amazon RDS

Question 7

Which service should you use to automate the deployment of applications on Amazon EC2?

Accepted Answer

AWS Elastic Beanstalk

Answer

Amazon CloudFront

Answer

AWS CodeCommit

Answer

Amazon CloudFormation

Question 8

Which AWS service can be used to securely store and manage secrets, such as API keys and database credentials?

Accepted Answer

AWS Secrets Manager

Answer

AWS Identity and Access Management (IAM)

Answer

Amazon S3

Answer

AWS CloudTrail

Question 9

Which AWS service provides a workflow for automating the creation, deployment, and management of cloud infrastructure?

Accepted Answer

AWS CloudFormation

Answer

AWS OpsWorks

Answer

AWS Config

Answer

Amazon EC2

Question 10

Which AWS service can you use to route user traffic to multiple resources for better availability and scalability?

Accepted Answer

AWS Elastic Load Balancing

Answer

Amazon CloudFront

Answer

AWS Auto Scaling

Answer

Amazon Route 53

Question 11

In AWS, which service is used to manage IAM users, groups, and roles?

Accepted Answer

AWS Identity and Access Management (IAM)

Answer

AWS Management Console

Answer

Amazon EC2

Answer

AWS CloudFormation

Question 12

What is the maximum number of IAM users you can create in an AWS account?

Accepted Answer

5000

Answer

2000

Answer

1000

Answer

7500

Question 13

Which feature of AWS IAM allows you to temporarily assume permissions in another AWS account?

Accepted Answer

Cross-account roles

Answer

Federated identities

Answer

Service roles

Answer

IAM User groups

Question 14

In AWS IAM, what is the primary benefit of using multi-factor authentication (MFA)?

Accepted Answer

Increases security by requiring two forms of verification

Answer

Reduces the number of IAM users needed

Answer

Simplifies password management

Answer

Allows users to access resources without credentials

Question 15

What is a best practice for managing IAM user access in AWS?

Accepted Answer

Use groups to assign permissions to users

Answer

Use the root account for daily tasks

Answer

Create multiple accounts for each user

Answer

Assign permissions directly to each IAM user

Question 16

Which AWS service is primarily used for identity federation and managing users across multiple AWS accounts?

Accepted Answer

AWS Single Sign-On (SSO)

Answer

AWS Directory Service

Answer

Amazon Cognito

Answer

AWS Identity and Access Management (IAM)

Question 17

What is a key benefit of using SAML 2.0 for identity federation in AWS?

Accepted Answer

It allows users to authenticate once and gain access to multiple applications.

Answer

It manages AWS resources directly.

Answer

It encrypts all user data at rest.

Answer

It provides automatic failover for applications.

Question 18

Which AWS service can be integrated with Active Directory for seamless user authentication?

Accepted Answer

AWS Directory Service

Answer

AWS Lambda

Answer

Amazon S3

Answer

AWS CloudFormation

Question 19

What is the purpose of AWS Identity and Access Management (IAM) roles in the context of federation?

Accepted Answer

IAM roles allow temporary access for users or services from external identities.

Answer

IAM roles are used to create user passwords.

Answer

IAM roles permanently assign permissions to an account.

Answer

IAM roles restrict access only to AWS services.

Question 20

Which of the following is a prerequisite for configuring identity federation in AWS using an external identity provider?

Accepted Answer

Establish a trust relationship between AWS and the identity provider.

Answer

Use only AWS accounts for access management.

Answer

Create IAM users for every external user.

Answer

Disable all IAM roles in your account.

Question 21

What is the primary use case of AWS Cognito in identity federation?

Accepted Answer

To provide user authentication and synchronization for mobile and web applications.

Answer

To manage serverless compute resources.

Answer

To store large amounts of unstructured data.

Answer

To create and deploy machine learning models.

Question 22

In AWS, what does the term 'Identity Provider' (IdP) refer to in the context of federation?

Accepted Answer

A system that provides user authentication and identity information.

Answer

A system for managing AWS resources.

Answer

A type of IAM policy.

Answer

A service for deploying applications.

Question 23

Which protocol does AWS use to support identity federation with third-party providers?

Accepted Answer

Security Assertion Markup Language (SAML)

Answer

OAuth 2.0

Answer

WS-Federation

Answer

OpenID Connect

Question 24

What feature does AWS IAM provide to enhance security for federated identities?

Accepted Answer

Multi-Factor Authentication (MFA)

Answer

Identity provisioning workflows

Answer

Static IP whitelisting

Answer

Data encryption at rest

Question 25

Which AWS service allows developers to easily integrate social identity providers like Facebook and Google for user sign-up and sign-in?

Accepted Answer

Amazon Cognito

Answer

AWS Single Sign-On

Answer

AWS Directory Service

Answer

AWS IAM

Question 26

What AWS API call is used to obtain temporary security credentials when federating without SAML using a custom identity provider?

Accepted Answer

GetFederationToken

Answer

GetCallerIdentity

Answer

GetSessionToken

Answer

AssumeRole

Question 27

Which credential type does the GetFederationToken API call provide for AWS SDK clients when federating with a custom IdP?

Accepted Answer

Temporary security credentials

Answer

Root account credentials

Answer

Permanent access keys

Answer

IAM user credentials

Question 28

When using GetFederationToken, what is one key part of the response that clients need to include in their requests to AWS services?

Accepted Answer

Session token

Answer

Canonical user ID

Answer

MFA code

Answer

User ID

Question 29

What is a primary benefit of using GetFederationToken with a custom identity provider in AWS?

Accepted Answer

Centralized authentication without managing AWS credentials

Answer

Simplified billing processes

Answer

Increased data storage capacity

Answer

Faster API response times

Question 30

Which of the following is a requirement for the custom identity provider when using GetFederationToken in AWS?

Accepted Answer

Must support API calls to AWS

Answer

Must be located in the same region as AWS

Answer

Must be an AWS service

Answer

Must use SAML authentication

Question 31

What is the maximum duration for which the temporary credentials issued by GetFederationToken can be valid?

Accepted Answer

36 hours

Answer

12 hours

Answer

48 hours

Answer

24 hours

Question 32

What AWS service can be used in conjunction with GetFederationToken to provide multi-factor authentication for users of a custom identity provider?

Accepted Answer

AWS Security Token Service (STS)

Answer

AWS Organizations

Answer

Amazon Cognito

Answer

AWS Identity and Access Management (IAM)

Question 33

What IAM policy element is used to specify permissions for resources when using temporary credentials obtained through GetFederationToken?

Accepted Answer

Policy Document

Answer

Trust Relationship

Answer

Role Session Name

Answer

Session Policy

Question 34

In the context of GetFederationToken, what is the significance of the 'ProviderArn' parameter?

Accepted Answer

It specifies the Amazon Resource Name of the custom identity provider

Answer

It indicates the user group

Answer

It sets the session duration

Answer

It determines the permissions granted

Question 35

What is one of the limitations of using GetFederationToken with a custom identity provider?

Accepted Answer

Cannot use multi-factor authentication directly

Answer

Limited to AWS Services only

Answer

Can only issue credentials for 1 hour

Answer

Requires a direct SAML integration

Question 36

What solution best meets the requirements for a multinational organization using on-premises Microsoft Active Directory that needs to enable AWS access via corporate credentials?

Accepted Answer

Use AWS IAM Identity Center with an external SAML 2.0 identity provider

Answer

Use AWS Cognito User Pools with AD synchronization

Answer

Create IAM users in each account and enable MFA

Answer

Use AWS STS AssumeRole with IAM users

Question 37

Enterprise AD Federation (High Confidence Exam Topic)

Scenario:

A multinational organization uses an on-premises Microsoft Active Directory. Employees must access multiple AWS accounts using their corporate credentials. The security team requires:

No long-term IAM access keys

Centralized user lifecycle management

Session duration limited to 1 hour

Ability to enforce MFA from the corporate identity provider

Which solution best meets these requirements?

Accepted Answer

B. Use AWS IAM Identity Center with an external SAML 2.0 identity provider

Answer

A. Create IAM users in each account and enable MFA

Answer

C. Use AWS STS AssumeRole with IAM users

Answer

D. Use AWS Cognito User Pools with AD synchronization

Question 38

Scenario:

A security team needs emergency administrative access to all AWS accounts during incident response. Access must:

Be time-bound

Require approval

Leave an audit trail

Avoid creating permanent IAM users

What is the MOST secure solution?

Accepted Answer

C. Use IAM roles with STS AssumeRole and AWS CloudTrail logging

Answer

D. Enable cross-account trust using long-lived access keys

Answer

A. Store root credentials in AWS Secrets Manager

Answer

B. Create a shared IAM admin user and rotate keys

Related quizzes

Related quizzes