Quiz: Module 13: Security in Depth

Which AWS service creates and manages the cryptographic keys used to encrypt data across AWS services such as S3, EBS, and RDS?

A company stores customer financial records in S3 and must comply with a regulation that requires the company to control its own encryption keys, rotate them annually, and audit all key usage. Which KMS key type should the company use, and why?

Which AWS service continuously monitors your AWS account for malicious activity by analyzing CloudTrail events, VPC Flow Logs, and DNS logs using machine learning and threat intelligence?

A security team discovers that an S3 bucket containing sensitive data was made publicly accessible three days ago. They need to determine who changed the bucket policy and when. Which TWO AWS services should they use to investigate? (Select TWO.)Select multiple

An architect is designing a web application that will be exposed to the internet through an Application Load Balancer. The application handles user login forms and must be protected against SQL injection and cross-site scripting attacks. Which AWS service should the architect use to inspect and filter HTTP requests at the application layer?

A company runs a multi-account AWS environment. The security team wants a single dashboard that aggregates findings from GuardDuty, Inspector, and Config across all accounts, normalizes them into a standard format, and runs automated compliance checks against industry standards. Which service provides this capability?

A startup has a limited security budget but wants to protect its web application against common DDoS attacks. The application runs behind an Application Load Balancer. The team does not need 24/7 DDoS response support or cost protection credits. Which Shield tier should the team use, and what additional service should they consider for application-layer protection?