MCQs on Security and Best Practices | DynamoDB MCQ Question & Answer

In this collection of AWS DynamoDB MCQ questions and answers, we focus on security and best practices to help you master DynamoDB’s crucial aspects, including access control with IAM policies, encryption at rest and in transit, fine-grained access control, auditing with CloudTrail, and cost optimization strategies. These questions are designed for both beginners and advanced learners aiming to excel in AWS DynamoDB certifications or interviews.

AWS DynamoDB MCQs

Access Control with IAM Policies

1. What is the primary purpose of IAM (Identity and Access Management) in AWS?
   a) To encrypt data at rest
   b) To manage network traffic
   c) To manage access to AWS resources
   d) To configure security groups
2. IAM policies in DynamoDB are used to:
   a) Limit the amount of storage in a table
   b) Control access to DynamoDB resources
   c) Encrypt data at rest
   d) Back up tables automatically
3. Which of the following is a correct statement about IAM roles?
   a) IAM roles allow users to access AWS resources without permanent credentials.
   b) IAM roles only apply to Amazon EC2 instances.
   c) IAM roles cannot be used with Lambda functions.
   d) IAM roles are used to configure DynamoDB stream operations.
4. What does an IAM policy document consist of?
   a) Only a list of allowed actions
   b) A set of permissions for a specific user
   c) Permissions, actions, and resources
   d) An encryption key for secure connections
5. Which action in IAM policy would allow a user to delete a DynamoDB table?
   a) dynamodb:PutItem
   b) dynamodb:DeleteTable
   c) dynamodb:CreateTable
   d) dynamodb:UpdateTable

Encryption at Rest and in Transit

6. Which AWS service provides encryption at rest for DynamoDB?
   a) Amazon KMS (Key Management Service)
   b) AWS Shield
   c) AWS Secrets Manager
   d) AWS GuardDuty
7. What is the primary benefit of encrypting data at rest in DynamoDB?
   a) To increase read performance
   b) To prevent unauthorized access to stored data
   c) To reduce data storage costs
   d) To enable multi-region replication
8. DynamoDB supports which type of encryption for data in transit?
   a) SSL/TLS encryption
   b) AES encryption
   c) PGP encryption
   d) RSA encryption
9. Which of the following is true about server-side encryption in DynamoDB?
   a) It is optional and must be enabled manually for each table.
   b) It uses encryption keys stored in DynamoDB.
   c) It is enabled by default for all DynamoDB tables.
   d) It only encrypts the data when read operations are performed.
10. When using encryption at rest in DynamoDB, which key management service is used by default?
    a) AWS KMS
    b) Amazon S3 Encryption
    c) AWS CloudHSM
    d) AWS IAM

Managing Fine-Grained Access Control

11. Fine-grained access control in DynamoDB allows:
    a) Users to access specific items or attributes in a table
    b) Users to bypass IAM policies
    c) Automatic scaling of tables
    d) Continuous backups of all data
12. Which of the following can you control using fine-grained access control?
    a) Table-level permissions
    b) Attribute-level permissions
    c) Partition key permissions
    d) Backup frequency
13. Fine-grained access control can be implemented using which service?
    a) AWS Lambda
    b) AWS IAM
    c) AWS CloudWatch
    d) AWS KMS
14. How does DynamoDB allow users to define fine-grained access control?
    a) Through the use of IAM policies for specific attributes
    b) By creating separate tables for each user
    c) By specifying query parameters for each access request
    d) By creating roles for different access levels
15. What is the benefit of fine-grained access control in DynamoDB?
    a) Reduces costs by limiting access to only needed data
    b) Increases read throughput
    c) Simplifies the table structure
    d) Optimizes the backup strategy

Auditing with CloudTrail

16. What is AWS CloudTrail primarily used for?
    a) Encrypting DynamoDB tables
    b) Monitoring and auditing API calls in AWS
    c) Backing up DynamoDB tables
    d) Creating DynamoDB tables
17. How does CloudTrail help with DynamoDB security?
    a) By automatically scaling the DynamoDB capacity
    b) By logging all API calls made to DynamoDB
    c) By creating fine-grained access controls
    d) By encrypting data at rest
18. Which of the following AWS resources can CloudTrail audit?
    a) Amazon EC2
    b) Amazon DynamoDB
    c) AWS Lambda
    d) All of the above
19. When an action is performed on a DynamoDB table, where is the information logged?
    a) AWS Config
    b) AWS CloudTrail
    c) DynamoDB logs
    d) Amazon S3
20. What type of events does CloudTrail capture for DynamoDB?
    a) Only read operations
    b) Only write operations
    c) Both read and write operations
    d) Backup events only

Cost Optimization Strategies

21. What is the purpose of DynamoDB on-demand capacity mode?
    a) To allow manual scaling of read/write capacity
    b) To automatically adjust capacity based on traffic
    c) To limit the number of read/write requests
    d) To reduce storage costs
22. How does DynamoDB’s auto-scaling feature help with cost optimization?
    a) By increasing capacity during high demand and decreasing during low demand
    b) By reducing the number of queries per second
    c) By lowering storage costs for infrequently accessed data
    d) By enabling fixed pricing for all tables
23. What is a recommended cost-saving strategy for using DynamoDB in low-traffic scenarios?
    a) Use on-demand capacity mode
    b) Enable manual scaling of read and write capacity
    c) Use large data types for storage
    d) Store data in Amazon S3
24. Which of the following is true about provisioned capacity mode in DynamoDB?
    a) You pay only for the storage used
    b) You must manually configure read and write capacity units
    c) It automatically adjusts to fluctuating traffic
    d) It is the most cost-effective option for all use cases
25. To optimize costs in DynamoDB, you should:
    a) Use smaller table sizes
    b) Use read and write capacity modes based on the traffic pattern
    c) Disable backups
    d) Limit the number of secondary indexes
26. Which feature helps DynamoDB minimize costs for large-scale workloads?
    a) Global tables
    b) Auto-scaling
    c) Streams
    d) DAX
27. Which factor most influences the cost of DynamoDB?
    a) Table size
    b) Number of items in the table
    c) Read and write capacity or on-demand requests
    d) Number of IAM users
28. DynamoDB charges for which of the following?
    a) Read and write requests
    b) Data storage and backup
    c) Provisioned capacity
    d) All of the above
29. To minimize the cost of storing infrequently accessed data, which option should be used?
    a) Enable on-demand backup
    b) Move the data to Amazon S3
    c) Use DynamoDB Streams
    d) Use a global table
30. What is the effect of enabling DynamoDB auto-scaling?
    a) It reduces storage costs for active tables
    b) It automatically adjusts the read and write capacity based on usage
    c) It fixes the read/write capacity at a constant rate
    d) It increases the time taken for backups

Answers