MCQs on Security in Amazon RDS | AWS RDS Multiple Choice Questions
Mastering Amazon RDS security is crucial for maintaining a secure and efficient database environment. This set of 30 AWS RDS MCQ questions and answers will test your knowledge of VPC, subnets, IAM, encryption, and best practices in Amazon RDS. Prepare yourself for interviews, certifications, or real-world applications by exploring these questions.
VPC, Subnets, and Network Security for RDS (10 MCQs)
- Amazon RDS instances are deployed within:
a) Availability Zones
b) Virtual Private Clouds (VPCs)
c) Edge Locations
d) Auto Scaling Groups - What type of subnet is recommended for Amazon RDS instances requiring internet access?
a) Public subnet
b) Private subnet
c) Reserved subnet
d) Protected subnet - Which RDS feature allows direct access without public internet exposure?
a) Security Groups
b) Elastic Load Balancer
c) VPC Peering
d) Amazon Route 53 - Security Groups in RDS are used to:
a) Encrypt database data
b) Define inbound and outbound traffic rules
c) Monitor database queries
d) Configure database backups - What is a key consideration when designing RDS in a multi-AZ deployment?
a) Security Groups must be disabled
b) Subnets must span different Availability Zones
c) Only public subnets are allowed
d) IAM roles are required - How does AWS recommend securing RDS databases in VPCs?
a) Use private subnets and security groups
b) Configure access via internet-facing endpoints
c) Disable all inbound traffic rules
d) Encrypt data only during backups - Which AWS service provides centralized network security for RDS databases?
a) AWS Network Firewall
b) AWS WAF
c) Amazon GuardDuty
d) AWS Shield - What type of IP address is assigned to RDS instances in private subnets?
a) Elastic IP
b) Public IP
c) Private IP
d) Loopback IP - How does VPC peering benefit RDS configurations?
a) Enables encrypted storage
b) Facilitates cross-VPC access to RDS
c) Adds automatic backups
d) Provides multi-AZ deployments - Can an RDS instance have multiple subnets attached?
a) Yes, for redundancy
b) No, only one subnet per RDS instance
c) Yes, but only in the same AZ
d) No, subnets are not used in RDS
Managing Access with IAM and Database Authentication (10 MCQs)
- What role does IAM play in RDS security?
a) Encrypts data in transit
b) Manages database user credentials
c) Provides access control for AWS resources
d) Hosts RDS instances - Which database engine supports IAM-based database authentication?
a) PostgreSQL
b) Oracle
c) SQL Server
d) Amazon Aurora - IAM roles for Amazon RDS allow:
a) Automated snapshots
b) Management of user access to AWS resources
c) Database migration between regions
d) Stopping database instances - What is required to enable IAM database authentication in RDS?
a) An IAM policy and database configuration
b) Encryption keys from KMS
c) Security group rules
d) Cross-region replication - Which service is required to use IAM authentication for database users?
a) Amazon CloudWatch
b) AWS Secrets Manager
c) Amazon Cognito
d) AWS STS - How are IAM-based database credentials generated?
a) By manually configuring IAM roles
b) Dynamically using the AWS SDK or CLI
c) Using CloudFormation templates
d) From predefined database passwords - What is a benefit of using IAM authentication for Amazon RDS?
a) Elimination of password management
b) Faster database queries
c) Free tier access for databases
d) Redundancy in database connections - How does IAM enhance RDS security for teams?
a) By limiting database instance types
b) By granting fine-grained permissions to team members
c) By enabling continuous monitoring of traffic
d) By reducing the need for encryption - Which component is unnecessary for IAM database authentication?
a) IAM policy
b) SSL certificates
c) Security groups
d) Multi-AZ deployment - Can IAM policies control access to specific RDS databases?
a) Yes, with resource-level permissions
b) No, IAM only works at the instance level
c) Yes, but only for private subnets
d) No, IAM is not used in RDS
Encryption (In-Transit and At-Rest) (5 MCQs)
- What service provides encryption for RDS databases at rest?
a) AWS KMS
b) AWS CloudHSM
c) AWS WAF
d) AWS Shield - Which encryption protocol is used for securing data in transit to Amazon RDS?
a) SSL/TLS
b) HTTPS
c) AES-256
d) SHA-256 - When enabling encryption at rest for RDS, what happens to existing unencrypted snapshots?
a) They are encrypted automatically
b) They must be copied and encrypted
c) They are deleted
d) They remain unencrypted - Can an existing unencrypted RDS instance be encrypted?
a) No, only new instances can be encrypted
b) Yes, by enabling encryption in the console
c) Yes, by creating an encrypted copy
d) No, encryption is automatic - Which encryption type is managed automatically by AWS in RDS?
a) Client-side encryption
b) Server-side encryption
c) End-to-end encryption
d) Proxy-based encryption
Security Best Practices (5 MCQs)
- What is a key security best practice for Amazon RDS?
a) Enable Multi-AZ deployments
b) Allow open access on port 3306
c) Disable database backups
d) Use default database usernames - Why should you rotate database credentials regularly?
a) To improve query performance
b) To comply with security policies
c) To disable encryption keys
d) To optimize data storage - Which AWS service can automate database credentials rotation?
a) AWS Secrets Manager
b) AWS Config
c) Amazon S3
d) AWS CloudFormation - What is the benefit of using dedicated instances for RDS?
a) Better network security isolation
b) Lower cost
c) Faster storage provisioning
d) Access to internet-facing subnets - Which tool can detect potential security risks in Amazon RDS?
a) Amazon Inspector
b) AWS Trusted Advisor
c) Amazon Macie
d) AWS X-Ray
Answers
| Qno | Answer |
|---|---|
| 1 | b) Virtual Private Clouds (VPCs) |
| 2 | a) Public subnet |
| 3 | c) VPC Peering |
| 4 | b) Define inbound and outbound traffic rules |
| 5 | b) Subnets must span different Availability Zones |
| 6 | a) Use private subnets and security groups |
| 7 | a) AWS Network Firewall |
| 8 | c) Private IP |
| 9 | b) Facilitates cross-VPC access to RDS |
| 10 | a) Yes, for redundancy |
| 11 | c) Provides access control for AWS resources |
| 12 | d) Amazon Aurora |
| 13 | b) Management of user access to AWS resources |
| 14 | a) An IAM policy and database configuration |
| 15 | d) AWS STS |
| 16 | b) Dynamically using the AWS SDK or CLI |
| 17 | a) Elimination of password management |
| 18 | b) By granting fine-grained permissions to team members |
| 19 | d) Multi-AZ deployment |
| 20 | a) Yes, with resource-level permissions |
| 21 | a) AWS KMS |
| 22 | a) SSL/TLS |
| 23 | b) They must be copied and encrypted |
| 24 | c) Yes, by creating an encrypted copy |
| 25 | b) Server-side encryption |
| 26 | a) Enable Multi-AZ deployments |
| 27 | b) To comply with security policies |
| 28 | a) AWS Secrets Manager |
| 29 | a) Better network security isolation |
| 30 | b) AWS Trusted Advisor |