AWS Interview Questions and Answer Part – 29

What security feature ensures no compromise of session keys during operation?

  • Perfect forward secrecy (Ans)
  • Sticky sessions
  • Server order preference
  • SSL offload

When EBS volumes are created, who has access?

  • All power users
  • The AWS account that created the volume (Ans)
  • All tenant administrators
  • By default any IAM user

What is the benefit of nesting IAM groups at AWS?

  • Nested groups override any default group listings.
  • Nested group members have easier access to more resources.
  • IAM groups can’t be nested. (Ans)
  • Allowing users to belong to multiple groups.

To control access to storage what type of policy should be deployed?

  • In-line
  • Tag based
  • Resource-based (Ans)
  • Managed policy

What network component cannot be changed on an instance?

  • The default network interface (eth0) (Ans)
  • The Mac address
  • The public IPv4 address
  • The primary IPv4 address

What is the key feature of an elastic network interface?

  • Elastic network interfaces increase bandwidth and decrease latency.
  • Elastic network interfaces provide automatic failover.
  • Elastic network interfaces provide a static public IP address.
  • When an elastic network interface moves to a new instance, network traffic is redirected automatically. (Ans)

How can you effectively monitor your load balancer operation?

  • Deploying AWS Config
  • Creating health checks via Route 53
  • Reviewing CloudTrail reports
  • Using CloudWatch metrics (Ans)

When designing IAM goals for AWS deployments access to resources should be granted based on what criteria?

  • Access granted based on least privilege (Ans)
  • Access granted based on administrative requirements
  • Access granted based on application types
  • Access granted based on corporate privileges currently deployed on site

What key component is required to access the AWS management console?

  • A valid password (Ans)
  • Install the AWS management console add-in
  • An identity and access management policy
  • An access key

When is IAM policy checked?

  • Every time access as requested (Ans)
  • Every 12 hours
  • On a need for access basis
  • Every 15 minutes

What two types of hosts are supported by the application load balancer?

  • Layer 7 Applications
  • Both instances and containers (Ans)
  • IAM groups and target groups
  • Both Linux and Windows instances

What is the definition of a VPC at AWS?

  • Isolated network within the AWS cloud (Ans)
  • Flat virtual network shared by all AWS customers
  • Software defined network with predefined address ranges
  • Software defined network hosted by a single availability zone

What key cloud feature does Route 53 integrate with at AWS?

  • Elastic load balancer’s
  • CloudWatch
  • Health checks (Ans)
  • CloudTrail

By default how do subnets handle routing requests within a VPC?

  • Subnets within the VPC can route to each other. (Ans)
  • Custom route tables must be created from private and public roads.
  • Custom route tables must be created for all private routes.
  • Route tables are automatically created based on IP address range selected.

How do federated users gain access to AWS resources?

  • Long-term security credentials assigned to the user secret access key.
  • Permissions are attached to the IAM user or group associated with the corporate user.
  • Permissions are defined for federated users using IAM roles. (Ans)
  • Short-term security credentials assigned to the user secret access key.

What network levels can the classic ELB function up to?

  • Level 4 (Ans)
  • All network levels
  • Level 7
  • Only the application level

What is the key feature of an elastic IP address?

  • The assigned static IP address can be moved from one location to another. (Ans)
  • Elastic network addresses can be both public or private addresses.
  • The static IP address is linked to your account.
  • Can be assigned to multiple network locations at the same time.

How do you disable your root account at AWS?

  • You can’t disable your account. (Ans)
  • Set up detailed billing policies.
  • SMS Multifactor authentication
  • IAM policies

What type of networks can the classic ELB operate on?

  • On site to site VPNs only
  • Both public and private networks up to Layer 4 (Ans)
  • Only public networks up to Layer 4
  • Only private networks up to Layer 4

What is the distinctive difference between dedicated instances and dedicated hosts?

  • Single tenancy
  • Full access to the CPU cores (Ans)
  • Full access to the hardware resource
  • Physical hardware isolation
Rajesh Kumar
Follow me