Section 1: AWS Shared Responsibility Model

1. In AWS, who is responsible for securing the physical data centers?
A) Customer
B) Third-party vendor
C) AWS
D) DevOps team
Answer: C

2. Who is responsible for configuring IAM users and permissions?
A) AWS
B) Customer
C) Cloud provider partner
D) Security auditor
Answer: B

3. The Shared Responsibility Model means:
A) AWS handles everything
B) Customer handles everything
C) Security is shared between AWS and the customer
D) Only DevOps handles security
Answer: C

Section 2: IAM (Identity and Access Management)

4. What does IAM stand for?
A) Internet Access Manager
B) Identity and Access Management
C) Internal AWS Module
D) Infrastructure Access Mode
Answer: B

5. What is the principle of least privilege?
A) Give full access to admins
B) Provide minimum permissions required
C) Allow public access
D) Share credentials
Answer: B

6. Which feature adds extra login security?
A) MFA
B) EC2
C) S3
D) Lambda
Answer: A

7. IAM roles are primarily used for:
A) Billing
B) Temporary access permissions
C) Storage
D) Backups
Answer: B

8. Which policy type grants permissions?
A) JSON policy
B) HTML policy
C) CSV policy
D) XML policy
Answer: A

9. Root user credentials should be:
A) Shared with team
B) Used daily
C) Protected and rarely used
D) Public
Answer: C

10. What is IAM best practice?
A) Share passwords
B) Enable MFA
C) Disable logging
D) Use root for everything
Answer: B

Section 3: Amazon S3 Security

11. By default, Amazon S3 buckets are:
A) Public
B) Private
C) Shared
D) Encrypted
Answer: B

12. What feature blocks public access to S3?
A) IAM
B) Block Public Access
C) EC2
D) Lambda
Answer: B

13. Which encryption type is managed by AWS?
A) SSE-S3
B) Client-side only
C) Manual encryption
D) Plain text
Answer: A

14. What is used to control S3 access?
A) Bucket policies
B) Security groups
C) NACLs
D) Route tables
Answer: A

Section 4: VPC & Network Security

15. What does VPC stand for?
A) Virtual Private Cloud
B) Verified Public Cloud
C) Virtual Public Cluster
D) Variable Private Connection
Answer: A

16. Security Groups are:
A) Stateless
B) Stateful
C) Public
D) Billing tools
Answer: B

17. Network ACLs are:
A) Stateful
B) Stateless
C) Storage services
D) IAM policies
Answer: B

18. Which service protects against DDoS attacks?
A) AWS Shield
B) S3
C) IAM
D) Route 53
Answer: A

19. A private subnet has:
A) Direct internet access
B) No internet gateway
C) Public IP by default
D) Root access
Answer: B

Section 5: Monitoring & Logging

20. Which service records AWS API activity?
A) CloudTrail
B) CloudWatch
C) S3
D) IAM
Answer: A

21. CloudWatch is used for:
A) Monitoring and alerts
B) IAM management
C) Encryption
D) Billing
Answer: A

22. GuardDuty provides:
A) Storage
B) Threat detection
C) IAM access
D) Backups
Answer: B

23. AWS Config helps with:
A) Compliance monitoring
B) File storage
C) DNS
D) CDN
Answer: A

Section 6: Encryption & Key Management

24. What does KMS stand for?
A) Key Management Service
B) Kernel Monitoring Service
C) Key Mode Security
D) Knowledge Management System
Answer: A

25. Encryption at rest protects:
A) Stored data
B) Data in transit
C) Login credentials
D) DNS traffic
Answer: A

26. TLS is used for:
A) Storage
B) Data in transit encryption
C) IAM roles
D) VPC setup
Answer: B

Section 7: Compute Security

27. EC2 instances should use:
A) Key pairs
B) Shared passwords
C) Public SSH
D) Root login
Answer: A

28. What should you disable on Linux EC2 for better security?
A) Firewall
B) Root login
C) Monitoring
D) Updates
Answer: B

29. Amazon Inspector helps with:
A) Vulnerability scanning
B) Storage
C) DNS
D) CDN
Answer: A

Section 8: Advanced Security Basics

30. What is AWS WAF used for?
A) Web application firewall
B) Storage
C) Email
D) Compute
Answer: A

31. AWS Shield Standard is:
A) Paid only
B) Free DDoS protection
C) Storage tool
D) IAM tool
Answer: B

32. Best practice for access keys is:
A) Hardcode in app
B) Rotate regularly
C) Share publicly
D) Email them
Answer: B

33. Secrets should be stored in:
A) Code
B) GitHub
C) AWS Secrets Manager
D) Plain text file
Answer: C

34. Multi-account strategy improves:
A) Cost
B) Security isolation
C) Speed
D) DNS
Answer: B

35. What enables centralized governance across accounts?
A) AWS Organizations
B) S3
C) EC2
D) IAM group
Answer: A

Final 15 Mixed Questions

36. Default S3 encryption is:
A) Optional but recommended
B) Disabled permanently
C) Not possible
D) Public
Answer: A

37. Security Hub provides:
A) Central security findings dashboard
B) Storage
C) DNS
D) Compute
Answer: A

38. Best way to access EC2 securely?
A) Open port 22 to world
B) Use Bastion host
C) Share password
D) Disable firewall
Answer: B

39. CloudTrail logs can be stored in:
A) S3
B) EC2
C) IAM
D) VPC
Answer: A

40. Which service manages SSL certificates?
A) AWS Certificate Manager
B) IAM
C) Route 53
D) S3
Answer: A

41. What is Zero Trust?
A) Trust everyone
B) Never verify
C) Always verify before access
D) Public access
Answer: C

42. Which service scans containers?
A) ECR scanning
B) S3
C) IAM
D) Route 53
Answer: A

43. Data in transit is protected using:
A) HTTPS
B) HTTP
C) FTP
D) Telnet
Answer: A

44. MFA adds:
A) Extra authentication layer
B) Storage
C) Speed
D) Billing
Answer: A

45. AWS Config rules evaluate:
A) Resource compliance
B) Storage size
C) CPU
D) DNS
Answer: A

46. Best IAM practice for apps running on EC2:
A) Hardcoded credentials
B) IAM Role
C) Shared user
D) Root access
Answer: B

47. DDoS protection is enhanced by:
A) AWS Shield Advanced
B) IAM
C) S3
D) KMS
Answer: A

48. Encryption keys can be customer-managed in:
A) KMS
B) EC2
C) S3 only
D) IAM
Answer: A

49. CloudWatch alarms trigger based on:
A) Metrics
B) Storage
C) DNS
D) Policies
Answer: A

50. The most important AWS security best practice is:
A) Use root user daily
B) Enable MFA and least privilege
C) Share keys
D) Disable logging
Answer: B

Conclusion.

Understanding the fundamentals of AWS security is essential for anyone working with cloud infrastructure. Through this basic quiz, we reviewed key security concepts such as identity and access management, data protection, network security, and monitoring tools within the Amazon Web Services ecosystem.

Services like AWS Identity and Access Management help control who can access resources, while Amazon CloudWatch and AWS CloudTrail enable monitoring and auditing of activities. Additionally, tools such as AWS Shield and AWS Key Management Service strengthen protection against attacks and secure sensitive data.

By testing your knowledge with quizzes like this, you reinforce important security principles and gain confidence in managing AWS environments safely. Cloud security is a shared responsibility, and continuous learning is key to staying ahead of evolving threats.

In summary, mastering AWS security basics not only helps protect cloud resources but also builds a strong foundation for advanced cloud security practices and certifications. Keep practicing, exploring AWS services, and staying updated with the latest security best practices.

• If you want to explore AWS, start your training here.