Lesson 6 Quiz

Questions

1) What are the components in the automated prevention, detection and remediation workflow in this lesson?

A. AWS SSM Session Manager, AWS CodeDeploy, cfn_nag, GitLab, and AWS CodeBuild.

B. AWS Step Functions, AWS CodePipeline, AWS CodeCommit, AWS CodeBuild, and AWS SSM Automation.

C. AWS CloudFormation, AWS Config Rules, AWS CodePipeline, AWS CodeCommit, cfn_nag, AWS CodeBuild, and Amazon CloudWatch Event Rules.

D. Terraform, AWS CloudWatch Event Rules, cfn_nag, and AWS SSM Compliance.

2) How is AWS CloudFormation used in the automated prevention, detection and remediation workflow lesson?

A. Provisions Amazon CloudWatch Event Rules, AWS Config, AWS Config Rules, and deployment pipeline resources in a single template that is deployed to AWS as a CloudFormation stack.

B. Config and Config Rules are manually provisioned while the deployment pipeline resources are provisioned in a CloudFormation template.

C. Provisions AWS Config and AWS Config Rules in one template and deployment pipeline resources in a separate template. Config Rules updates are applied on a schedule.

D. Provisions AWS Config and AWS Config Rules in one template and deployment pipeline resources in a separate template. Config Rules updates are applied manually as part of a bootstrapping process.

3) How many Config Recorders can you create in a given AWS Region?

A. 0

B. 1

C. 2

D. 10

4) What are least privilege permissions that Lambda needs to perform its remediation in exercise?

A. s3:*, logs:*, cloudwatch:*, config:*.

B. s3:DeleteBucketPolicy, logs:CreateLogGroup, logs:CreateLogStream, logs:PutLogEvents.

C. logs:*, s3:s3:DeleteBucketPolicy, cloudwatch:PutMetricData.

D. codepipeline:CreatePipeline, codebuild:ListBuilds, lambda:CreateFunction, logs:PutLogEvents.