MCQs on AWS Fargate Networking and Security | AWS Fargate MCQ Questions

Enhance your knowledge of AWS Fargate with these AWS Fargate MCQ questions and answers focusing on critical topics like networking basics and VPC integration, IAM roles and policies, and security best practices. These questions are designed for professionals and learners to solidify their understanding of container-based deployments using AWS Fargate.

Chapter 3: AWS Fargate Networking and Security

1–10: Networking Basics and VPC Integration

1. Which networking mode does AWS Fargate use for ECS tasks?
   a) Bridge mode
   b) Host mode
   c) awsvpc mode
   d) None of the above
2. What is required to enable internet access for Fargate tasks in a VPC?
   a) Security Group
   b) Elastic Load Balancer
   c) NAT Gateway or Internet Gateway
   d) S3 Bucket
3. In Fargate, what is the role of a VPC?
   a) Encrypting data at rest
   b) Providing a virtual network for task communication
   c) Managing logs and metrics
   d) Scaling containers automatically
4. Which IP addressing type is supported by Fargate?
   a) IPv4 only
   b) IPv6 only
   c) Both IPv4 and IPv6
   d) None of the above
5. How are Fargate tasks connected to a specific subnet in a VPC?
   a) Through a service-linked role
   b) By specifying the subnet in the task definition
   c) By assigning a public IP automatically
   d) Using a dedicated VPC Peering connection
6. Which AWS service can be used to create a VPC for Fargate tasks?
   a) Amazon RDS
   b) AWS CloudFormation
   c) Amazon S3
   d) AWS Glue
7. What is the role of a Security Group in AWS Fargate?
   a) Encrypting EBS volumes
   b) Restricting and allowing traffic to tasks
   c) Deploying services across regions
   d) Monitoring resource usage
8. Which of the following is true about Fargate networking?
   a) It does not support private IP addresses
   b) Tasks can only communicate through public IPs
   c) Tasks within the same VPC can communicate privately
   d) Fargate requires a VPN connection
9. How does Fargate ensure high availability for networking?
   a) By automatically replicating tasks across multiple VPCs
   b) By using multiple Availability Zones within a VPC
   c) By assigning a unique public IP to each task
   d) By integrating with CloudFront
10. What type of endpoints can be used to connect Fargate tasks securely to AWS services?
    a) NAT Gateways
    b) VPC Endpoints
    c) Lambda Functions
    d) Elastic IPs

11–18: IAM Roles and Policies for Fargate

11. What is the purpose of IAM roles in AWS Fargate?
    a) Managing VPC connections
    b) Granting permissions to tasks for accessing AWS resources
    c) Encrypting task definitions
    d) Scaling tasks automatically
12. Which policy is needed for a Fargate task to write logs to CloudWatch?
    a) AmazonS3FullAccess
    b) AWSLambdaExecute
    c) CloudWatchLogsFullAccess
    d) AWSGlueServiceRole
13. How is an IAM role assigned to an AWS Fargate task?
    a) Directly through the IAM console
    b) By attaching it to the ECS cluster
    c) Specifying it in the task definition
    d) Using an EC2 instance metadata
14. What type of credentials does Fargate use for IAM role authentication?
    a) API keys
    b) Long-term credentials
    c) Temporary credentials
    d) Access tokens
15. Which AWS feature ensures that tasks only get the permissions they need?
    a) Resource-based policies
    b) IAM conditions
    c) Principle of Least Privilege
    d) Key Management Service
16. What is required to allow Fargate tasks to retrieve secrets from AWS Secrets Manager?
    a) Attach the SecretsManagerReadWrite policy to the IAM role
    b) Assign the tasks to a public subnet
    c) Use an S3 bucket for secret storage
    d) Enable CloudWatch monitoring
17. What IAM policy is required for Fargate tasks to access DynamoDB?
    a) AmazonEC2FullAccess
    b) AmazonDynamoDBReadOnlyAccess
    c) AmazonS3FullAccess
    d) AWSCodeCommitPowerUser
18. What happens if a Fargate task does not have an associated IAM role?
    a) The task will fail to launch
    b) The task can only access public AWS resources
    c) The task will automatically inherit cluster permissions
    d) The task will use the default EC2 IAM role

19–25: Security Best Practices

19. Which AWS service helps monitor Fargate tasks for unauthorized activity?
    a) AWS Config
    b) Amazon Inspector
    c) AWS Trusted Advisor
    d) CloudTrail
20. How can Fargate tasks be protected against DDoS attacks?
    a) Use AWS Shield
    b) Enable IAM policies
    c) Configure Secrets Manager
    d) Use CloudFormation templates
21. What is a recommended best practice for storing sensitive data used by Fargate tasks?
    a) Store it in the task definition
    b) Use environment variables
    c) Store it in AWS Secrets Manager or Parameter Store
    d) Save it in plain text on S3
22. How does AWS Fargate provide task isolation?
    a) By running each task on a dedicated EC2 instance
    b) By using Kubernetes pods
    c) By using microVM technology
    d) By encrypting the container image
23. What is the recommended way to monitor security incidents in Fargate?
    a) Use AWS CloudTrail and Amazon GuardDuty
    b) Enable EC2 instance logs
    c) Configure CloudFormation templates
    d) Use AWS Glue jobs
24. Which of the following ensures encrypted communication for Fargate tasks?
    a) Using HTTPS endpoints
    b) Disabling public IPs
    c) Configuring task definitions with security groups
    d) Enabling Amazon S3 versioning
25. What is the purpose of a runtime security agent in Fargate?
    a) Monitoring logs for anomalies
    b) Securing IAM role policies
    c) Protecting tasks from malicious activity
    d) Managing deployment pipelines

Answer Key