D329 ITEC 2112 Network & Security Applications
Final Assessment Review (Qns & Ans)
2025
Multiple Choice Questions
Which of the following AWS services is specifically designed to
protect web applications from common web exploits?
A) AWS Shield
B) AWS WAF
C) AWS Firewall Manager
D) Amazon Inspector ANS: B) AWS WAF Rationale: AWS
WAF is a web application firewall that helps protect applications
from common web exploits by allowing users to create rules that
control the traffic to their web applications.
©2025
,What is the primary purpose of AWS Direct Connect?
A) To connect AWS services to on-premises data centers
B) To provide a public IP address for EC2 instances
C) To enhance the performance of S3 storage
D) To route network traffic via the public internet ANS: A) To
connect AWS services to on-premises data centers Rationale:
AWS Direct Connect allows for a dedicated network connection
between on-premises data centers and AWS, enhancing
bandwidth and reducing latency.
Which AWS service enables the management of multiple
accounts from a central location?
A) AWS Organizations
B) AWS CloudTrail
C) Amazon GuardDuty
D) AWS Config ANS: A) AWS Organizations Rationale: AWS
Organizations allows you to manage multiple AWS accounts
centrally, applying policies and consolidating billing.
Fill-in-the-Blank Questions
Amazon __________ is a fully managed service that automates
the setup, configuration, and management of real-time data
streams.
ANS: Kinesis
©2025
,Rationale: Amazon Kinesis provides capabilities for real-time
data streaming and analytics.
The principle of __________ is a security measure that restricts
the access rights for users to the bare minimum permissions they
need to perform their duties.
ANS: least privilege
Rationale: The principle of least privilege is fundamental in
cybersecurity to minimize the potential attack surface by
restricting user permissions.
AWS specialized service that provides an integrated view of the
security state of AWS accounts is called __________.
ANS: AWS Security Hub
Rationale: AWS Security Hub aggregates, organizes, and
prioritizes security alerts from multiple AWS accounts.
True/False Questions
True or False: AWS Security Groups operate at the instance level
while Network ACLs operate at the subnet level.
ANS: True
Rationale: Security Groups control inbound and outbound traffic
for EC2 instances, while Network ACLs apply to subnets and
control traffic at a broader level.
©2025
, True or False: Amazon VPC Peering allows interconnection
between VPCs in different AWS regions.
ANS: False
Rationale: VPC Peering is limited to VPCs within the same AWS
region.
True or False: AWS Key Management Service (KMS) is used
only for encrypting data at rest.
ANS: False
Rationale: AWS KMS can be used for both encrypting data at rest
and in transit.
Multiple Response Questions
Which of the following AWS services can help in monitoring and
securing AWS resources? (Select all that apply)
A) Amazon CloudWatch
B) AWS Config
C) Amazon S3
D) AWS CloudTrail ANS: A) Amazon CloudWatch, B) AWS
Config, D) AWS CloudTrail Rationale: CloudWatch monitors
©2025
Final Assessment Review (Qns & Ans)
2025
Multiple Choice Questions
Which of the following AWS services is specifically designed to
protect web applications from common web exploits?
A) AWS Shield
B) AWS WAF
C) AWS Firewall Manager
D) Amazon Inspector ANS: B) AWS WAF Rationale: AWS
WAF is a web application firewall that helps protect applications
from common web exploits by allowing users to create rules that
control the traffic to their web applications.
©2025
,What is the primary purpose of AWS Direct Connect?
A) To connect AWS services to on-premises data centers
B) To provide a public IP address for EC2 instances
C) To enhance the performance of S3 storage
D) To route network traffic via the public internet ANS: A) To
connect AWS services to on-premises data centers Rationale:
AWS Direct Connect allows for a dedicated network connection
between on-premises data centers and AWS, enhancing
bandwidth and reducing latency.
Which AWS service enables the management of multiple
accounts from a central location?
A) AWS Organizations
B) AWS CloudTrail
C) Amazon GuardDuty
D) AWS Config ANS: A) AWS Organizations Rationale: AWS
Organizations allows you to manage multiple AWS accounts
centrally, applying policies and consolidating billing.
Fill-in-the-Blank Questions
Amazon __________ is a fully managed service that automates
the setup, configuration, and management of real-time data
streams.
ANS: Kinesis
©2025
,Rationale: Amazon Kinesis provides capabilities for real-time
data streaming and analytics.
The principle of __________ is a security measure that restricts
the access rights for users to the bare minimum permissions they
need to perform their duties.
ANS: least privilege
Rationale: The principle of least privilege is fundamental in
cybersecurity to minimize the potential attack surface by
restricting user permissions.
AWS specialized service that provides an integrated view of the
security state of AWS accounts is called __________.
ANS: AWS Security Hub
Rationale: AWS Security Hub aggregates, organizes, and
prioritizes security alerts from multiple AWS accounts.
True/False Questions
True or False: AWS Security Groups operate at the instance level
while Network ACLs operate at the subnet level.
ANS: True
Rationale: Security Groups control inbound and outbound traffic
for EC2 instances, while Network ACLs apply to subnets and
control traffic at a broader level.
©2025
, True or False: Amazon VPC Peering allows interconnection
between VPCs in different AWS regions.
ANS: False
Rationale: VPC Peering is limited to VPCs within the same AWS
region.
True or False: AWS Key Management Service (KMS) is used
only for encrypting data at rest.
ANS: False
Rationale: AWS KMS can be used for both encrypting data at rest
and in transit.
Multiple Response Questions
Which of the following AWS services can help in monitoring and
securing AWS resources? (Select all that apply)
A) Amazon CloudWatch
B) AWS Config
C) Amazon S3
D) AWS CloudTrail ANS: A) Amazon CloudWatch, B) AWS
Config, D) AWS CloudTrail Rationale: CloudWatch monitors
©2025
