MCQs on Security in CloudFront | AWS Amazon CloudFront MCQs
Are you looking to enhance your understanding of AWS Amazon CloudFront security? This curated set of MCQ questions and answers focuses on key topics, including SSL/TLS certificates for secure content delivery, restricting access using signed URLs and cookies, integration with AWS Shield and WAF, and origin access control for S3 buckets.
MCQs on SSL/TLS Certificates for Secure Content Delivery
- What is the purpose of using SSL/TLS certificates in Amazon CloudFront?
a) To increase data caching
b) To secure data transmission between users and CloudFront
c) To improve network latency
d) To enable logging of data requests - Which certificate authority does Amazon CloudFront support by default?
a) Let’s Encrypt
b) AWS Certificate Manager (ACM)
c) DigiCert
d) Verisign - Which type of certificate is required for custom domains in CloudFront?
a) Self-signed certificate
b) ACM-issued certificate
c) DNSSEC certificate
d) Hardware-based certificate - What is the primary encryption protocol used by CloudFront?
a) SSLv3
b) TLS
c) SSH
d) HTTPS - How does enabling HTTPS in CloudFront benefit content delivery?
a) Reduces content delivery costs
b) Enhances website ranking and user trust
c) Increases caching capacity
d) Limits geographic distribution
MCQs on Restricting Access with Signed URLs and Cookies
- Which CloudFront feature allows controlled access to private content?
a) Edge locations
b) Signed URLs and cookies
c) Origin forwarding rules
d) Access logs - Signed URLs are typically used for:
a) Static content with indefinite validity
b) Temporary access to specific resources
c) Managing user sessions
d) API Gateway integrations - What is a key advantage of using signed cookies over signed URLs?
a) Supports multiple files under one policy
b) Easier to configure in the CloudFront console
c) Enables cross-origin requests
d) Automatically generates URL tokens - Which component generates signed URLs in CloudFront?
a) IAM Roles
b) CloudFront Key Pair
c) AWS Shield
d) Security Groups - What happens when a signed URL expires?
a) The content is cached locally
b) Access is denied
c) The signed URL regenerates automatically
d) Access defaults to public
MCQs on Integrating AWS Shield, WAF, and IAM Policies
- AWS Shield provides protection against:
a) SQL injection attacks
b) Distributed Denial of Service (DDoS) attacks
c) Unauthorized data access
d) Data transfer throttling - AWS WAF rules are primarily used to:
a) Encrypt content delivery
b) Block malicious web traffic
c) Optimize content caching
d) Enable multi-region support - Which of the following is a managed rule group for AWS WAF?
a) SQL Injection Protection
b) Static Content Optimizer
c) Dynamic IP Tracker
d) Lambda Edge Functions - IAM policies in CloudFront are used to:
a) Configure logging and monitoring
b) Grant permissions for managing distributions
c) Assign edge location policies
d) Create signed cookies - What is AWS Shield Advanced’s key feature?
a) Automatic data encryption
b) Cost protection from DDoS-related traffic spikes
c) On-demand network scaling
d) Real-time query analysis
MCQs on Origin Access Control for S3 Buckets
- What is the primary purpose of origin access control in CloudFront?
a) Enable automatic scaling
b) Restrict direct access to S3 buckets
c) Improve data caching efficiency
d) Enable multi-region content replication - Origin access identities (OAI) are used to:
a) Provide secure access to backend servers
b) Allow CloudFront to securely access private S3 content
c) Generate signed URLs and cookies
d) Manage CloudFront edge locations - Which of the following is required to enable OAI for an S3 bucket?
a) Attach a bucket policy allowing OAI access
b) Enable logging on the bucket
c) Use an encrypted HTTPS endpoint
d) Configure multi-factor authentication - What is the benefit of enabling OAI in CloudFront?
a) Reduces data transfer costs
b) Prevents unauthorized access to S3 content
c) Improves caching at edge locations
d) Optimizes data retrieval times - How does CloudFront handle access to private S3 objects with OAI?
a) By using pre-signed URLs
b) By attaching IAM roles to edge servers
c) By authenticating through OAI permissions
d) By creating encrypted copies of the data
Answers
| QNo | Answer (Option with Text) |
|---|---|
| 1 | b) To secure data transmission between users and CloudFront |
| 2 | b) AWS Certificate Manager (ACM) |
| 3 | b) ACM-issued certificate |
| 4 | b) TLS |
| 5 | b) Enhances website ranking and user trust |
| 6 | b) Signed URLs and cookies |
| 7 | b) Temporary access to specific resources |
| 8 | a) Supports multiple files under one policy |
| 9 | b) CloudFront Key Pair |
| 10 | b) Access is denied |
| 11 | b) Distributed Denial of Service (DDoS) attacks |
| 12 | b) Block malicious web traffic |
| 13 | a) SQL Injection Protection |
| 14 | b) Grant permissions for managing distributions |
| 15 | b) Cost protection from DDoS-related traffic spikes |
| 16 | b) Restrict direct access to S3 buckets |
| 17 | b) Allow CloudFront to securely access private S3 content |
| 18 | a) Attach a bucket policy allowing OAI access |
| 19 | b) Prevents unauthorized access to S3 content |
| 20 | c) By authenticating through OAI permissions |