# Module 4 Knowledge Check
1. In the shared responsibility model, AWS is responsible for providing what? (Select the best answer.)
  - [X] Security of the cloud
  - [ ] Security to the cloud
  - [ ] Security for the cloud
  - [ ] Security in the cloud

2. In the shared responsibility model, which of the following are examples of "security in the cloud"? (Choose two.)
  - [ ] Compliance with compute security standards and regulations
  - [ ] Physical security of the facilities in which the services operate
  - [X] Security group configurations
  - [X] Encryption of data at rest and data in transit
  - [ ] Protecting the global infrastructure

3. Which of the following is the responsibility of AWS under the AWS shared responsibility model? (Select the best answer.)
  - [ ] Configuring third-party applications
  - [X] Maintaining physical hardware
  - [ ] Security application access and data
  - [ ] Managing custom Amazon Machine Images (AMIs)

4. When creating an AWS Identity and Access Management (IAM) policy, what are the two types of access that can be granted to a user? (Choose two.)
  - [ ] Institutional access
  - [ ] Authorized access
  - [X] Programmatic access
  - [X] AWS Management Console access
  - [ ] Administrative root access

5. True or False? AWS Organizations enables you to consolidate multiple AWS accounts so that you centrally manage them.
  - [X] True
  - [ ] False

6. Which of the following are best practices to secure your account using AWS Identity and Access Management (IAM)? (Choose two.)
  - [ ] Provide users with default administrative privileges.
  - [ ] Leave unused and unnecessary users and credentials in place.
  - [X] Manage access to AWS resources.
  - [ ] Avoid using IAM groups to grant the same access permissions to multiple users.
  - [X] Define fine-grained access rights.

7. Which of the following should be done by the AWS account root user? (Select the best answer.)
  - [ ] Secure access for applications
  - [ ] Integrate with other AWS services
  - [ ] Change granular permissions
  - [X] Change the AWS support plan

8. After initial login, what does AWS recommend as the best practice for the AWS account root user? (Select the best answer.)
  - [ ] Delete the AWS account root user
  - [ ] Revoke all permissions on the AWS account root user
  - [ ] Restrict permission on the AWS account root user
  - [X] Delete the access keys of the AWS account root user

9. How would a system administrator add an additional layer of login security to a user's AWS Management Console? (Select the best answer.)
  - [ ] Use Amazon Cloud Directory
  - [ ] Audit AWS Identity and Access Management (IAM) roles
  - [X] Enable multi-factor authentication
  - [ ] Enable AWS CloudTrail

10. True or False? AWS Key Management Service (AWS KMS) enables you to assess, audit, and evaluate the configurations of your AWS resources.
  - [ ] True
  - [X] False