MCQs on Security and Compliance in EBS | AWS Amazon EBS MCQs
Enhance your knowledge of AWS Amazon EBS (Elastic Block Store) with these 20 comprehensive MCQs. Covering important topics such as data encryption, key management, and audit best practices, this set will help you understand how to secure and manage your data effectively in AWS. Perfect for certification preparation, these questions are designed to boost your confidence in EBS security and compliance.
Multiple-Choice Questions
1. Data Encryption and Key Management
- What is the primary function of Amazon EBS encryption?
a) To optimize storage performance
b) To secure data at rest
c) To reduce storage costs
d) To manage access control - Which AWS service is used to manage encryption keys for EBS volumes?
a) Amazon RDS
b) AWS Key Management Service (KMS)
c) AWS CloudTrail
d) AWS Secrets Manager - When an EBS volume is encrypted, which of the following is also encrypted?
a) Only the volume itself
b) Volume snapshots
c) Only data at rest
d) Volume access permissions - What is the default encryption option for EBS volumes created in a VPC?
a) AES-128
b) AES-256
c) RSA-2048
d) Encryption is not enabled by default - Which of the following is true when creating an encrypted EBS volume?
a) You must manually enable encryption
b) Encryption is automatically enabled if using an AWS-managed KMS key
c) Encryption must be configured after the volume is created
d) The volume must be in a public subnet - What is required to encrypt data on an existing unencrypted EBS volume?
a) Create an encrypted snapshot and restore from it
b) Enable encryption in the volume settings
c) Use a third-party encryption tool
d) Create a new VPC for the volume - EBS encryption supports which of the following data types?
a) Data in transit
b) Data at rest
c) Both data in transit and at rest
d) Only metadata - How does AWS Key Management Service (KMS) work with EBS encryption?
a) It automatically stores and encrypts EBS data
b) It handles the encryption keys for the EBS volumes
c) It compresses the data before encryption
d) It is only used for API authentication - When using customer-managed keys in KMS for EBS encryption, who controls the key management?
a) AWS automatically rotates the keys
b) The customer manages the key lifecycle
c) Amazon S3 manages the keys
d) Only IAM roles can manage the keys - What is the maximum size of an encrypted EBS snapshot?
a) 1 TB
b) 5 TB
c) 16 TB
d) 50 TB
2. Audit and Compliance Best Practices
- Which AWS service can be used to monitor EBS API calls for security auditing?
a) AWS CloudTrail
b) Amazon CloudWatch
c) AWS Config
d) AWS Shield - What is the main benefit of using AWS Config for auditing EBS resources?
a) Automatically encrypts EBS volumes
b) Tracks resource configurations and changes
c) Automatically backs up EBS data
d) Optimizes the performance of EBS volumes - Which of the following actions is essential for securing EBS volumes in a compliant manner?
a) Use default security groups
b) Enable volume-level encryption
c) Disable EBS snapshots
d) Avoid using IAM roles - Which AWS service can help automate the compliance of EBS volumes with security policies?
a) AWS Inspector
b) AWS Systems Manager
c) AWS Config Rules
d) Amazon Macie - When performing an audit of EBS resources, what should be the focus regarding encryption?
a) Ensuring all EBS volumes are attached to EC2 instances
b) Ensuring that encryption keys are managed by the customer
c) Confirming that EBS volumes have encryption enabled by default
d) Monitoring network traffic between volumes - How can you enforce compliance by controlling access to EBS volumes?
a) Use network ACLs to restrict volume access
b) Use IAM policies to control access
c) Encrypt volumes only for compliance
d) Restrict access by region - To comply with data retention policies, what can be configured for EBS snapshots?
a) Snapshot lifecycle policies
b) Automated volume backups
c) Snapshot compression
d) Snapshots with extended expiration - What is the best practice for audit logging of all EBS volume changes?
a) Use CloudTrail to log EBS API calls
b) Configure EC2 instances to log EBS changes
c) Use IAM to log changes to EBS volumes
d) Manually record changes to volumes - What is an effective strategy to ensure EBS snapshots are compliant with encryption policies?
a) Perform manual encryption checks for each snapshot
b) Automatically encrypt all EBS snapshots using KMS
c) Allow all snapshots to be unencrypted for easier access
d) Disable snapshots to ensure compliance - Which AWS service allows you to view the history of EBS volume configurations for audit purposes?
a) AWS Config
b) AWS CloudFormation
c) AWS CloudTrail
d) AWS Elastic Beanstalk
Answers Table
| Qno | Answer |
|---|---|
| 1 | b) To secure data at rest |
| 2 | b) AWS Key Management Service (KMS) |
| 3 | b) Volume snapshots |
| 4 | d) Encryption is not enabled by default |
| 5 | b) Encryption is automatically enabled if using an AWS-managed KMS key |
| 6 | a) Create an encrypted snapshot and restore from it |
| 7 | b) Data at rest |
| 8 | b) It handles the encryption keys for the EBS volumes |
| 9 | b) The customer manages the key lifecycle |
| 10 | c) 16 TB |
| 11 | a) AWS CloudTrail |
| 12 | b) Tracks resource configurations and changes |
| 13 | b) Enable volume-level encryption |
| 14 | c) AWS Config Rules |
| 15 | c) Confirming that EBS volumes have encryption enabled by default |
| 16 | b) Use IAM policies to control access |
| 17 | a) Snapshot lifecycle policies |
| 18 | a) Use CloudTrail to log EBS API calls |
| 19 | b) Automatically encrypt all EBS snapshots using KMS |
| 20 | a) AWS Config |