D315 ITEC 2112
Network & Security - Foundations
Latest Final Assessment Review
(With Solutions)
2026
1
,Multiple Choice Questions (MCQs)
In an AWS VPC, which component is responsible for managing inbound
and outbound traffic at the subnet level?
A) Network ACL
B) Security Group
C) Internet Gateway
D) NAT Gateway
Answer: A) Network ACL
Rationale: Network ACLs act as stateless firewalls at the subnet level
controlling inbound and outbound traffic. Security groups operate at the
instance level.
Which AWS service provides automatic DDoS protection at the edge
without any additional configuration?
A) AWS Shield Standard
B) AWS WAF
C) Amazon GuardDuty
D) AWS Firewall Manager
Answer: A) AWS Shield Standard
Rationale: Shield Standard is automatically enabled free of charge
protecting against common network and transport layer DDoS attacks.
In VPC Endpoint types, which endpoint type provides private connections
only for AWS services over the AWS network without traversing the
internet?
A) Gateway Endpoint
B) Interface Endpoint
C) NAT Gateway
D) VPN Gateway
Answer: B) Interface Endpoint
Rationale: Interface Endpoints use AWS PrivateLink to provide private
connectivity to AWS services.
2
, Which encryption method does AWS S3 use for server-side encryption
with customer-provided keys (SSE-C)?
A) AWS manages the keys
B) Customer manages the keys and AWS encrypts data on the server side
C) Client-side encryption before upload
D) AWS KMS handles the keys and encryption
Answer: B) Customer manages the keys and AWS encrypts data on the
server side
Rationale: SSE-C requests require customers to provide their own
encryption keys which AWS uses only to encrypt data on the server.
Which AWS IAM policy element specifies the AWS resources to which the
policy applies?
A) Effect
B) Action
C) Resource
D) Condition
Answer: C) Resource
Rationale: The Resource element specifies the ARN of AWS resources the
policy targets.
True/False Questions
Security groups are stateful, meaning return traffic is automatically
allowed regardless of inbound or outbound rules.
Answer: True
Rationale: Security groups track connection state, allowing responses to
outbound connections without explicit inbound rules.
Enabling VPC Flow Logs can help you detect malicious network activity
inside your VPC.
Answer: True
Rationale: Flow Logs capture network traffic data and can be analyzed for
anomalies.
3
Network & Security - Foundations
Latest Final Assessment Review
(With Solutions)
2026
1
,Multiple Choice Questions (MCQs)
In an AWS VPC, which component is responsible for managing inbound
and outbound traffic at the subnet level?
A) Network ACL
B) Security Group
C) Internet Gateway
D) NAT Gateway
Answer: A) Network ACL
Rationale: Network ACLs act as stateless firewalls at the subnet level
controlling inbound and outbound traffic. Security groups operate at the
instance level.
Which AWS service provides automatic DDoS protection at the edge
without any additional configuration?
A) AWS Shield Standard
B) AWS WAF
C) Amazon GuardDuty
D) AWS Firewall Manager
Answer: A) AWS Shield Standard
Rationale: Shield Standard is automatically enabled free of charge
protecting against common network and transport layer DDoS attacks.
In VPC Endpoint types, which endpoint type provides private connections
only for AWS services over the AWS network without traversing the
internet?
A) Gateway Endpoint
B) Interface Endpoint
C) NAT Gateway
D) VPN Gateway
Answer: B) Interface Endpoint
Rationale: Interface Endpoints use AWS PrivateLink to provide private
connectivity to AWS services.
2
, Which encryption method does AWS S3 use for server-side encryption
with customer-provided keys (SSE-C)?
A) AWS manages the keys
B) Customer manages the keys and AWS encrypts data on the server side
C) Client-side encryption before upload
D) AWS KMS handles the keys and encryption
Answer: B) Customer manages the keys and AWS encrypts data on the
server side
Rationale: SSE-C requests require customers to provide their own
encryption keys which AWS uses only to encrypt data on the server.
Which AWS IAM policy element specifies the AWS resources to which the
policy applies?
A) Effect
B) Action
C) Resource
D) Condition
Answer: C) Resource
Rationale: The Resource element specifies the ARN of AWS resources the
policy targets.
True/False Questions
Security groups are stateful, meaning return traffic is automatically
allowed regardless of inbound or outbound rules.
Answer: True
Rationale: Security groups track connection state, allowing responses to
outbound connections without explicit inbound rules.
Enabling VPC Flow Logs can help you detect malicious network activity
inside your VPC.
Answer: True
Rationale: Flow Logs capture network traffic data and can be analyzed for
anomalies.
3
