Back to AWS Certified Cloud Practitioner (CCP)

Security, Identity, and Compliance

AWS services for security, identity management, and compliance.

AWS security, identity, and compliance services for protecting AWS resources, managing user identities and access, and achieving compliance. Key services include AWS Identity and Access Management (IAM), Amazon Cognito, AWS Organizations, AWS Key Management Service (KMS), AWS Shield for DDoS protection, AWS WAF for application protection, and Amazon Inspector for automated security assessments.
5 minutes 5 Questions

AWS Security, Identity, and Compliance services help customers meet security and compliance requirements while managing their cloud resources. These services protect data, accounts, workloads, and infrastructure through integrated tools.\n\nKey services include:\n\nIAM (Identity and Access Manageme…

Concepts covered: AWS Artifact, AWS Identity and Access Management (IAM), AWS Certificate Manager (ACM), AWS Key Management Service (AWS KMS), AWS IAM Identity Center (AWS SSO), Amazon Inspector, Amazon Detective, AWS Security Hub, AWS Firewall Manager, AWS CloudHSM, AWS Network Firewall, Amazon GuardDuty, Amazon Cognito, AWS Secrets Manager, AWS Audit Manager, AWS Directory Service, Amazon Macie, AWS Resource Access Manager (AWS RAM), AWS Shield, AWS WAF

Test mode:
Start practice test
CCP - Security, Identity, and Compliance Example Questions

Test your knowledge of Security, Identity, and Compliance

Question 1

Which of the following is a feature of Amazon Cognito that enhances user security?

Correct Answer: Multi-factor authentication (MFA) support for added security

Multi-factor authentication (MFA) is a security feature that requires users to provide additional verification beyond just a username and password. By enabling MFA, Amazon Cognito adds an extra layer of protection to user accounts, making it more difficult for unauthorized individuals to gain access. The other options, while useful features of Amazon Cognito, do not directly enhance security in the same way that MFA does. User sign-in with social media accounts, integration with Amazon S3, and automatic data synchronization across devices are more focused on convenience and functionality rather than security.

Question 2

What type of data can Amazon Macie automatically discover and protect in AWS accounts?

Correct Answer: Sensitive data such as personally identifiable information (PII) and financial data

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect sensitive data in AWS. Macie automatically discovers sensitive data such as personally identifiable information (PII) like names, addresses, and credit card numbers, as well as financial data stored in Amazon S3. It does not discover publicly accessible data managed by IAM policies, encrypted data stored in EBS volumes, or data stored in on-premises databases connected via Direct Connect. Macie is specifically designed to identify and protect sensitive data within AWS accounts.

Question 3

Which of the following is an example of a document that can be accessed through AWS Artifact?

Correct Answer: Service Organization Control (SOC) reports

AWS Artifact provides on-demand access to AWS security and compliance reports and select online agreements. Service Organization Control (SOC) reports, which are independent third-party examination reports that demonstrate how AWS achieves key compliance controls and objectives, are one of the main types of documents available through AWS Artifact. The other options listed, such as detailed architectural diagrams of data centers, confidential pricing information, and penetration testing results, are not typically made available to customers through AWS Artifact due to security and confidentiality reasons.

More Security, Identity, and Compliance questions
233 questions (total)
Start 100 question test