













Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
ALBERTA CLOUD SECURITY ARCHITECT PRACTICE EXAM QUESTIONS AND CORRECT ANSWER (VERIFIED ANSWERS) PLUS RATIONALE 2026 Q&A|INSTANT DOWNLOAD PDF
Typology: Exams
1 / 21
This page cannot be seen from the preview
Don't miss anything!














1. What is the primary purpose of IAM in cloud environments? A. Data encryption B. Identity and access control C. Network routing D. Load balancing Answer: B Rationale: IAM (Identity and Access Management) controls authentication and authorization of users and services. 2. Which principle ensures users only get permissions necessary for their job? A. Least privilege B. Zero trust C. Defense in depth D. Fail secure Answer: A Rationale: Least privilege minimizes attack surface by restricting unnecessary access. 3. What does MFA primarily improve? A. Data availability B. Authentication strength C. Storage redundancy D. Network speed Answer: B Rationale: Multi-factor authentication adds additional identity verification layers.
4. Which service is commonly used for key management in cloud? A. DNS B. KMS C. CDN D. IAM role Answer: B Rationale: Key Management Service securely manages cryptographic keys. 5. What encryption type protects data in transit? A. AES-256 at rest B. TLS/SSL C. SHA hashing D. Tokenization Answer: B Rationale: TLS/SSL encrypts data while it moves across networks. 6. What is a VPC? A. Virtual Private Cloud B. Verified Public Controller C. Virtual Public Cluster D. Variable Private Container Answer: A Rationale: A VPC is an isolated cloud network environment. 7. What is a security group? A. Physical firewall B. Instance-level virtual firewall C. DNS filter D. Storage encryption tool Answer: B Rationale: Security groups control inbound/outbound traffic at instance level.
12. What is the role of SIEM? A. Encrypt data B. Log aggregation and threat detection C. DNS routing D. Load balancing Answer: B Rationale: SIEM collects and analyzes security logs. 13. Which attack exploits trust between services? A. Phishing B. SSRF C. DDoS D. Spoofing Answer: B Rationale: SSRF abuses server trust relationships. 14. What is container security focused on? A. Disk fragmentation B. Container runtime protection C. CPU overclocking D. DNS caching Answer: B Rationale: It secures container images and runtime environments. 15. What is encryption at rest? A. Encrypting data in motion B. Encrypting stored data C. Encrypting CPU cache D. Encrypting DNS Answer: B Rationale: Protects stored data from unauthorized access.
16. What is IAM role used for? A. Permanent user identity B. Temporary permission delegation C. Network routing D. Database indexing Answer: B Rationale: IAM roles provide temporary access permissions. 17. What is DDoS? A. Data deletion attack B. Distributed denial of service C. Database disruption system D. Direct data operation system Answer: B Rationale: DDoS floods systems to make them unavailable. 18. What is hashing used for? A. Encryption B. Data integrity verification C. Storage expansion D. Load balancing Answer: B Rationale: Hashing ensures data has not been altered. 19. Which cloud model shares responsibility with provider? A. SaaS only B. Shared responsibility model C. On-prem only D. Hybrid exclusion Answer: B Rationale: Security responsibilities are split between customer and provider.
24. What is multi-tenancy risk? A. Faster processing B. Data isolation failure C. Better scaling D. Lower cost Answer: B Rationale: Multiple tenants sharing infrastructure may leak data. 25. What does VPN provide? A. Data encryption in storage B. Secure network tunnel C. DNS routing D. Load balancing Answer: B Rationale: VPN creates encrypted communication tunnels. 26. What is least secure configuration? A. MFA enabled B. Open S3 bucket C. IAM roles D. Firewall enabled Answer: B Rationale: Open storage buckets expose data publicly. 27. What is cloud governance? A. CPU scheduling B. Policy and compliance control C. Network routing D. File storage Answer: B Rationale: Governance ensures compliance and policy enforcement.
28. What is encryption key rotation? A. Deleting keys B. Regularly changing keys C. Sharing keys D. Hardcoding keys Answer: B Rationale: Improves cryptographic security over time. 29. What is container image scanning? A. CPU monitoring B. Detecting vulnerabilities in images C. DNS mapping D. API logging Answer: B Rationale: Scans container images for security issues. 30. What is phishing? A. Network overload B. Social engineering attack C. Data encryption D. API misuse Answer: B Rationale: Tricks users into revealing credentials. 31. What does IDS stand for in cloud security architecture? A. Internet Defense System B. Intrusion Detection System C. Internal Data Scanner D. Integrated Deployment Service Answer: B Rationale: IDS monitors network/system activity and detects suspicious or malicious behavior without actively blocking it. 32. What is the primary function of an IPS?
36. What is a bastion host? A. A public database server B. A secure entry point to private cloud networks C. A storage encryption tool D. A DNS load balancer Answer: B Rationale: A bastion host provides controlled administrative access to private systems. 37. What does SSO provide? A. Separate logins for each service B. Single authentication for multiple systems C. Network encryption D. Data backup automation Answer: B Rationale: Single Sign-On allows users to authenticate once and access multiple applications. 38. What is IAM federation? A. Internal user creation B. Linking external identity providers to cloud systems C. Encrypting IAM policies D. Creating firewall rules Answer: B Rationale: Federation allows external identity systems (like Google or AD) to authenticate users. 39. What is data exfiltration? A. Data compression B. Unauthorized transfer of data out of a system C. Data encryption D. Backup replication Answer: B Rationale: Exfiltration is the unauthorized movement of data outside a secured boundary.
40. What is cloud drift? A. Hardware failure in cloud B. Configuration changes over time away from baseline C. Network packet loss D. User authentication failure Answer: B Rationale: Drift occurs when system configurations deviate from approved security baselines. 41. What is patch management? A. Monitoring user behavior B. Applying updates to fix vulnerabilities C. Encrypting backups D. Managing IAM roles Answer: B Rationale: Patch management ensures systems are updated against known vulnerabilities. 42. Which is a symmetric encryption algorithm? A. RSA B. ECC C. AES D. SHA- 1 Answer: C Rationale: AES uses the same key for encryption and decryption, making it symmetric. 43. What is SHA-256 used for? A. Encrypting files B. Generating hashes for integrity verification C. Managing users D. Compressing images Answer: B Rationale: SHA-256 produces a fixed-length hash to verify data integrity.
48. What is a security baseline? A. Maximum system performance level B. Minimum required security configuration standards C. Backup strategy D. Network topology Answer: B Rationale: A baseline defines mandatory security settings for systems. 49. What is IAM credential leakage risk? A. Improved performance B. Unauthorized access to cloud resources C. Faster authentication D. Better logging Answer: B Rationale: Exposed credentials can allow attackers to access systems illegitimately. 50. What is a metadata service attack? A. CPU overload attack B. Exploiting cloud instance metadata to steal credentials C. DNS poisoning D. Network segmentation Answer: B Rationale: Attackers target cloud metadata services to retrieve sensitive instance credentials. 51. What is ransomware? A. Data compression tool B. Malware that encrypts data for ransom C. Firewall system D. Backup system Answer: B Rationale: Ransomware locks data until payment is made.
52. What is the purpose of backups? A. Improve CPU usage B. Restore data after loss or attack C. Encrypt network traffic D. Manage users Answer: B Rationale: Backups ensure data recovery in case of failure or attack. 53. What is high availability? A. Single server deployment B. System design ensuring minimal downtime C. Offline processing D. Manual scaling Answer: B Rationale: High availability systems remain operational despite failures. 54. What is fault tolerance? A. System failure prevention only B. System continues functioning during failures C. User authentication D. Data encryption Answer: B Rationale: Fault-tolerant systems continue operating even when components fail. 55. What is encryption boundary? A. Physical server location B. Scope where encryption is applied C. Network speed limit D. API endpoint Answer: B Rationale: Defines where data is encrypted and decrypted in a system.
60. What is GDPR? A. Cloud storage protocol B. European data privacy regulation C. Encryption method D. Firewall system Answer: B Rationale: GDPR regulates personal data protection in the EU. 61. What is key escrow? A. Deleting encryption keys B. Secure storage of cryptographic keys for recovery C. Network routing method D. Backup system Answer: B Rationale: Allows recovery of encryption keys under controlled conditions. 62. What is cloud monitoring? A. Encrypting logs B. Tracking system performance and security events C. User authentication D. DNS management Answer: B Rationale: Monitoring detects performance and security anomalies. 63. What is API authentication? A. Encrypting databases B. Verifying identity of API callers C. Compressing traffic D. Firewall configuration Answer: B Rationale: Ensures only authorized users access APIs.
64. What is mutual TLS? A. One-way encryption B. Both client and server authenticate each other C. Database encryption D. File compression Answer: B Rationale: Ensures bidirectional authentication for secure communication. 65. What is Secure SDLC? A. Development without testing B. Software development lifecycle with integrated security C. Network routing system D. Backup process Answer: B Rationale: Security is embedded throughout software development stages. 66. What is workload isolation? A. Sharing CPU across tenants B. Separating applications to prevent interference C. DNS caching D. File compression Answer: B Rationale: Prevents cross-application compromise. 67. What is cloud-native security? A. On-premise security only B. Security designed for cloud environments C. Manual security updates D. Hardware encryption only Answer: B Rationale: Built specifically for distributed cloud systems.
72. What is secrets management? A. User authentication logs B. Secure storage of credentials and keys C. Network routing D. Data compression Answer: B Rationale: Prevents exposure of sensitive credentials. 73. What is encryption overhead? A. Storage cost B. Performance impact of encryption operations C. Network speed D. Backup size Answer: B Rationale: Encryption requires computational resources. 74. What is segmentation benefit? A. Increased attack surface B. Reduced lateral movement of attackers C. Faster DNS D. More storage Answer: B Rationale: Limits spread of attacks across systems. 75. What is data sovereignty? A. Data ownership by cloud provider B. Data governed by laws of its physical location C. Data compression method D. Network protocol Answer: B Rationale: Legal jurisdiction determines data handling rules.
76. What is endpoint security? A. Cloud storage encryption B. Protection of user devices like laptops and phones C. Database management D. DNS routing Answer: B Rationale: Secures devices accessing cloud systems. 77. What is threat intelligence? A. System backup B. Collection and analysis of attack data C. File storage D. Load balancing Answer: B Rationale: Helps predict and prevent attacks. 78. What is anomaly detection? A. Data encryption B. Identifying unusual system behavior C. User authentication D. DNS configuration Answer: B Rationale: Detects potential security breaches. 79. What is API abuse? A. Proper API usage B. Unauthorized or malicious use of APIs C. Data encryption D. Backup restoration Answer: B Rationale: Misuse of APIs can lead to data exposure or system compromise.