Aws Certification Flashcards
A new employee has just started work, and it is your job to give her administrator access to the AWS console. You have given her a user name, an access key ID, a secret access key, and you have generated a password for her. She is now able to log in to the AWS console, but she is unable to interact with any AWS services. What should you do next?
Grant her Administrator access by adding her to the Administrators' group.
What is the default level of access a newly created IAM User is granted?
No access to any AWS services.
You are a solutions architect working for a large engineering company who are moving from a legacy infrastructure to AWS. You have configured the company's first AWS account and you have set up IAM. Your company is based in Andorra, but there will be a small subsidiary operating out of South Korea, so that office will need its own AWS environment. Which of the following statements is true?
You will need to configure Users and Policy Documents only once, as these are applied globally.
Which statement best describes IAM?
IAM allows you to manage users, groups, roles, and their corresponding level of access to the AWS Platform.
You have created a new AWS account for your company, and you have also configured multi-factor authentication on the root account. You are about to create your new users. What strategy should you consider in order to ensure that there is good security on this account.
Enact a strong password policy: user passwords must be changed every 45 days, with each password containing a combination of capital letters, lower case letters, numbers, and special symbols.
Which of the following is not a component of IAM?
Organizational Units
What is an additional way to secure the AWS accounts of both the root account and new users alike?
Implement Multi-Factor Authentication for all accounts.
You have a client who is considering a move to AWS. In establishing a new account, what is the first thing the company should do?
Set up an account using their company email address.
What level of access does the "root" account have?
Administrator Access
When you create a new user, that user ________.
Will be able to interact with AWS using their access key ID and secret access key using the API, CLI, or the AWS SDKs.
Which of the following is not a feature of IAM?
IAM allows you to setup biometric authentication, so that no passwords are required.
You are a security administrator working for a hotel chain. You have a new member of staff who has started as a systems administrator, and she will need full access to the AWS console. You have created the user account and generated the access key id and the secret access key. You have moved this user into the group where the other administrators are, and you have provided the new user with their secret access key and their access key id. However, when she tries to log in to the AWS console, she cannot. Why might that be?
You cannot log in to the AWS console using the Access Key ID / Secret Access Key pair. Instead, you must generate a password for the user, and supply the user with this password and your organization's unique AWS console login URL.
Power User Access allows ________.
Access to all AWS services except the management of groups and users within IAM.
You are a developer at a fast growing start up. Until now, you have used the root account to log in to the AWS console. However, as you have taken on more staff, you will now need to stop sharing the root account to prevent accidental damage to your AWS infrastructure. What should you do so that everyone can access the AWS resources they need to do their jobs? (Select 2)
Create individual user accounts with minimum necessary rights and tell the staff to log in to the console using the credentials provided. Create a customized sign in link such as "yourcompany.signin.aws.amazon.com/console" for your new users to use to sign in with.
What is an AWS region?
A region is a geographical area divided into Availability Zones. Each region contains at least two Availability Zones.
What is a VPC?
Virtual Private Cloud
You need to add new users to your AWS account and set password rotation policies for these new users. Which AWS service should you use to do so?
Identity Access Management (IAM)
What does an AWS Region consist of?
A distinct location within a geographic area designed to provide high availability to a specific geography.
Which of the following services connects an on-premise software appliance (or virtual machine) with cloud based storage?
Storage Gateway
Which AWS compute service is specifically designed to assist you in processing large data sets?
Elastic Map Reduce
Which AWS service is specifically designed to automatically provision the resources required to host the code a developer uploads during the Development process?
Elastic Beanstalk
Your digital media agency needs to convert its media files to formats that can be viewed on a variety of devices. Which AWS service should you use to meet this need?
Elastic Transcoder
Which AWS service is used for collating large amounts of data streamed from multiple sources?
Kinesis
Which statement best describes Availability Zones?
Distinct locations from within an AWS region that are engineered to be isolated from failures.
Which AWS service offers the following database engines: SQL, MySQL, MariaDB, PostgreSQL, Aurora, and Oracle?
Relational Database Service (RDS)
An AWS VPC is a component of which group of AWS services?
Networking Services
What is the fundamental difference between Elastic Beanstalk & CloudFormation?
Elastic Beanstalk automatically handles the deployment of your code -- from capacity provisioning, load balancing, auto-scaling to application health monitoring -- based on the code you upload to it, whereas CloudFormation is an automated provisioning engine designed to deploy entire cloud environments via a JSON script.
S3 has what consistency model for PUTS of new objects
Read After Write Consistency
What is AWS Storage Gateway?
It's an on-premise virtual appliance that can be used to cache S3 locally at a customers site.
You have been asked by your company to create an S3 bucket with the name "acloudguru1234" in the EU West region. What would be the URL for this bucket?
https://s3-eu-west-1.amazonaws.com/acloudguru1234
You run a popular photo sharing website that depends on S3 to store content. Paid advertising is your primary source of revenue. However, you have discovered that other websites are linking directly to the images in your buckets, not to the HTML pages that serve the content. This means that people are not seeing the paid advertising, and you are paying AWS unnecessarily to serve content directly from S3. How might you resolve this issue?
Remove the ability for images to be served publicly to the site and then use signed URLs with expiry dates.
What is Amazon Glacier?
An AWS service designed for long term data archival.
What does S3 stand for?
Simple Storage Service
One of your users is trying to upload a 7.5GB file to S3. However, they keep getting the following error message: "Your proposed upload exceeds the maximum allowed object size.". What solution to this problem does AWS recommend?
Design your application to use the Multipart Upload API for all objects.
S3 has eventual consistency for which HTTP Methods?
overwrite PUTS and DELETES
What does RRS stand for when talking about S3?
Reduced Redundancy Storage
You are a solutions architect who works with a large digital media company. The company has decided that they want to operate within the Japanese region and they need a bucket called "testbucket" set up immediately to test their web application on. You log in to the AWS console and try to create this bucket in the Japanese region however you are told that the bucket name is already taken. What should you do to resolve this?
Bucketnames are global, not regional. This is a popular bucket name and is already taken. You should choose another bucket name.
Which AWS CLI command should I use to create a snapshot of an EBS volume?
aws ec2 create-snapshot
Can an Amazon EBS root volume persist independently from the life of the EC2 instance to which it is attached? For example, if I terminated an EC2 instance, would that EBS root volume persist?
Only if I specify (using either the AWS Console or the CLI) that it should do so.
You have developed a new web application in the US-West-2 Region that requires six Amazon Elastic Compute Cloud (EC2) instances to be running at all times. US-West-2 comprises three Availability Zones (us-west-2a, us-west-2b, and us-west-2c). You need 100 percent fault tolerance: should any single Availability Zone in us-west-2 become unavailable, the application must continue to run. How would you make sure 6 servers are ALWAYS available? NOTE: each answer has 2 possible deployment configurations. Select the answer that gives TWO satisfactory solutions to this scenario.
Solution 1: us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances. Solution 2: us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances.
EBS Snapshots are backed up to S3 in what manner?
Incrementally
The use of a placement group is ideal _______
Your fleet of EC2 instances requires high network throughput and low latency within a single availability zone.
Route53 is named so because________.
The DNS Port is on Port 53 and Route53 is a DNS Service.
True or False: There is a limit to the number of domain names that you can manage using Route 53.
True and False. With Route 53, there is a default limit of 50 domain names. However, this limit can be increased by contacting AWS support.
Amazon's Elasticache uses which two engines?
Redis & Memcached
What data transfer charge is incurred when replicating data from your primary RDS instance to your secondary RDS instance?
There is no charge associated with this action.
What happens to the I/O operations of an RDS instance during a database snapshot or backup?
I/O operations to the database are suspended for the duration of the snapshot if it is a single AZ RDS instance.
VPC stands for
Virtual Private Cloud
What is the difference between SNS and SQS?
SNS is a push notification service, whereas SQS is message system that requires worker nodes to poll a queue.
In SWF, what does a "domain" refer to?
A collection of related workflows
What happens when you create a topic on Amazon SNS?
An Amazon Resource Name is created.
What application service allows you to decouple your infrastructure using messaged based queues?
SQS
What does Amazon SES stand for?
Simple Email Service
What does Amazon SWF stand for?
Simple Work Flow
Amazon Corporate Segregation
Logically, the AWS Production network is segregated from the Amazon Corporate network by means of a complex set of network security / segregation devices.
IP Spoofing
The AWS-controlled, host-based firewall infrastructure will not permit an instance to send traffic with a source IP or MAC address other than its own. These scans must be limited to your own instances and must not violate the AWS Acceptable Use Policy. You must request a vulnerability scan in advanced.
Trusted Advisor
Inspects your AWS environment and makes recommendations when opportunities may exist to save money, improve system performance, or close security gaps.
Instance Isolation
Different instances running on the same physical machine are isolated from each other via the Xen hypervisor.
Guest Operating System
Virtual instances are completely controlled by you, the customer. You have full root access or administrative control over accounts, services, and applications. AWS does not have any access rights to your instances or guest OS.
Firewall
Amazon EC2 provides a complete firewall solution; this mandatory inbound firewall is configured in a default deny-all mode and Amazon EC2 customers must explicitly open the ports needed to allow inbound traffic.
Guest Operating System
AWS provides the ability to encrypt EBS volumes and their snapshots with AES-256. The encryption occurs on the servers that host the EC2 instances, providing encryption of data as it moves between EC2 instances and EBS storage.
Elastic Load Balancing
SSL Termination on the load balance is supported. This allows you to identify the originating IP address of a client connecting to your servers, whether you're using HTTPS or TCP load balancing.
Direct Connect
Bypass internet service providers in your network path. You can procure rack space within the facility housing the AWS Direct Connect location and deploy your equipment nearby. Once deployed, you can connect this equipment to AWS Direct Connect using a cross-connect.
Risk
AWS management re-evaluates the strategic business plan at least biannually. AWS Security regularly scans all internet facing service endpoint IP addresses for vulnerabilities. In addition, external vulnerability threat assessments are performed regularly by independent security firms.