MCQs on Security and Compliance | AWS Elastic Beanstalk Multiple Choice Questions
Master AWS Elastic Beanstalk with Key MCQs
Discover the essentials of AWS Elastic Beanstalk through these 25 expertly crafted MCQs. Focused on security and compliance, these questions explore best practices, IAM roles and permissions, and data protection and encryption. Ideal for enhancing your understanding, these AWS Elastic Beanstalk MCQ questions and answers prepare you for real-world applications and certifications.
Multiple-Choice Questions
1. Best Practices for Security
- What is the first step to secure an AWS Elastic Beanstalk environment?
a) Using public key encryption
b) Restricting access to the environment
c) Setting up CloudFront distributions
d) Enabling automated scaling - Which AWS service is most commonly used to monitor security issues in Elastic Beanstalk?
a) AWS CloudTrail
b) AWS CodePipeline
c) Amazon SNS
d) Amazon RDS - What is a best practice for handling sensitive application secrets in Elastic Beanstalk?
a) Storing them in environment variables
b) Hardcoding them in the source code
c) Encrypting them with AWS KMS and storing in Secrets Manager
d) Using an EBS volume - How can Elastic Beanstalk applications securely connect to databases?
a) Using unencrypted connections
b) By embedding credentials in code
c) By using IAM roles for database authentication
d) By disabling multi-factor authentication - What is a common method to restrict access to an Elastic Beanstalk application?
a) Using IP whitelisting in the security group
b) Removing IAM roles
c) Disabling HTTPS
d) Using CloudWatch logs - Which Elastic Beanstalk feature can help enforce HTTPS for applications?
a) Security groups
b) Elastic Load Balancers with an SSL certificate
c) Amazon S3 encryption
d) Route 53 latency routing - What is a critical security consideration when deploying applications in Elastic Beanstalk?
a) Enabling autoscaling
b) Monitoring disk usage
c) Limiting inbound traffic with security groups
d) Disabling IAM permissions
2. IAM Roles and Permissions
- What is the purpose of an instance profile in Elastic Beanstalk?
a) To manage application deployment settings
b) To grant permissions to instances to access other AWS services
c) To monitor application performance
d) To enable version control - Which IAM policy should be used to limit access to an Elastic Beanstalk application?
a) AdministratorAccess
b) ReadOnlyAccess
c) ElasticBeanstalkManagedUpdates
d) Custom least-privilege policy - How do IAM roles enhance the security of an Elastic Beanstalk application?
a) By enabling data replication
b) By automating load balancing
c) By managing access to AWS resources without embedding credentials
d) By increasing deployment speed - What is a recommended approach to assign permissions to developers for Elastic Beanstalk?
a) Use the root user
b) Assign AdministratorAccess to all developers
c) Create IAM groups with least-privilege policies
d) Enable full access through CLI - How can an Elastic Beanstalk application access Amazon S3 securely?
a) By embedding access keys in the application code
b) By using an IAM role with the necessary permissions
c) By creating a CloudFront distribution
d) By enabling EBS encryption - What is the default IAM role required for Elastic Beanstalk to manage AWS resources?
a) ElasticBeanstalkServiceRole
b) AdministratorAccess
c) ReadOnlyAccess
d) CloudFormationExecutionRole - Which action ensures that IAM roles for Elastic Beanstalk are compliant with best practices?
a) Granting full access to all resources
b) Using the AWS Management Console exclusively
c) Reviewing and rotating access keys regularly
d) Assigning least-privilege policies to roles
3. Data Protection and Encryption
- What is a common way to encrypt data at rest for Elastic Beanstalk applications?
a) Using IAM policies
b) Encrypting EBS volumes with AWS KMS
c) Configuring Route 53 DNS settings
d) Using CloudTrail for logging - How can Elastic Beanstalk encrypt data in transit?
a) By enabling auto-scaling
b) By using HTTPS with an SSL/TLS certificate
c) By implementing CloudWatch alarms
d) By enabling read replicas - What AWS service can be used to manage encryption keys for Elastic Beanstalk?
a) Amazon S3
b) AWS KMS (Key Management Service)
c) AWS Config
d) AWS Glue - How does Elastic Beanstalk ensure compliance with data protection regulations?
a) By automating application scaling
b) By enforcing encryption for sensitive data
c) By enabling global routing
d) By automating IAM role creation - What is the purpose of enabling AWS Shield in an Elastic Beanstalk environment?
a) To optimize application performance
b) To protect against DDoS attacks
c) To manage IAM users
d) To improve deployment speed - What is a critical factor in securing backups for an Elastic Beanstalk application?
a) Using public S3 buckets
b) Encrypting backup data using AWS KMS
c) Disabling multi-factor authentication
d) Enabling NAT gateways - Which feature helps monitor data access in Elastic Beanstalk environments?
a) CloudWatch Logs
b) AWS CloudTrail
c) Route 53 latency-based routing
d) Amazon RDS snapshots - How can sensitive data, like database passwords, be securely passed to an Elastic Beanstalk environment?
a) Hardcoding them in the application code
b) Storing them in environment variables with encryption enabled
c) Using unencrypted API calls
d) Embedding them in instance profiles - What encryption mechanism does Elastic Beanstalk use to secure logs?
a) AES-256 encryption
b) Base64 encoding
c) Public key encryption
d) SHA-256 hashing - Which AWS service works alongside Elastic Beanstalk to provide audit trails for compliance?
a) AWS CloudTrail
b) Amazon SNS
c) AWS Glue
d) AWS Auto Scaling - How can you restrict Elastic Beanstalk applications to specific IP ranges?
a) By configuring security group rules
b) By disabling public access to S3 buckets
c) By scaling down instances
d) By enabling HTTPS
Answers Table
| Qno | Answer |
|---|---|
| 1 | b) Restricting access to the environment |
| 2 | a) AWS CloudTrail |
| 3 | c) Encrypting them with AWS KMS and storing in Secrets Manager |
| 4 | c) By using IAM roles for database authentication |
| 5 | a) Using IP whitelisting in the security group |
| 6 | b) Elastic Load Balancers with an SSL certificate |
| 7 | c) Limiting inbound traffic with security groups |
| 8 | b) To grant permissions to instances to access other AWS services |
| 9 | d) Custom least-privilege policy |
| 10 | c) By managing access to AWS resources without embedding credentials |
| 11 | c) Create IAM groups with least-privilege policies |
| 12 | b) By using an IAM role with the necessary permissions |
| 13 | a) ElasticBeanstalkServiceRole |
| 14 | d) Assigning least-privilege policies to roles |
| 15 | b) Encrypting EBS volumes with AWS KMS |
| 16 | b) By using HTTPS with an SSL/TLS certificate |
| 17 | b) AWS KMS (Key Management Service) |
| 18 | b) By enforcing encryption for sensitive data |
| 19 | b) To protect against DDoS attacks |
| 20 | b) Encrypting backup data using AWS KMS |
| 21 | b) AWS CloudTrail |
| 22 | b) Storing them in environment variables with encryption enabled |
| 23 | a) AES-256 encryption |
| 24 | a) AWS CloudTrail |
| 25 | a) By configuring security group rules |