What security feature ensures no compromise of session keys during operation?
- Perfect forward secrecy (Ans)
- Sticky sessions
- Server order preference
- SSL offload
When EBS volumes are created, who has access?
- All power users
- The AWS account that created the volume (Ans)
- All tenant administrators
- By default any IAM user
What is the benefit of nesting IAM groups at AWS?
- Nested groups override any default group listings.
- Nested group members have easier access to more resources.
- IAM groups can’t be nested. (Ans)
- Allowing users to belong to multiple groups.
To control access to storage what type of policy should be deployed?
- Tag based
- Resource-based (Ans)
- Managed policy
What network component cannot be changed on an instance?
- The default network interface (eth0) (Ans)
- The Mac address
- The public IPv4 address
- The primary IPv4 address
What is the key feature of an elastic network interface?
- Elastic network interfaces increase bandwidth and decrease latency.
- Elastic network interfaces provide automatic failover.
- Elastic network interfaces provide a static public IP address.
- When an elastic network interface moves to a new instance, network traffic is redirected automatically. (Ans)
How can you effectively monitor your load balancer operation?
- Deploying AWS Config
- Creating health checks via Route 53
- Reviewing CloudTrail reports
- Using CloudWatch metrics (Ans)
When designing IAM goals for AWS deployments access to resources should be granted based on what criteria?
- Access granted based on least privilege (Ans)
- Access granted based on administrative requirements
- Access granted based on application types
- Access granted based on corporate privileges currently deployed on site
What key component is required to access the AWS management console?
- A valid password (Ans)
- Install the AWS management console add-in
- An identity and access management policy
- An access key
When is IAM policy checked?
- Every time access as requested (Ans)
- Every 12 hours
- On a need for access basis
- Every 15 minutes
What two types of hosts are supported by the application load balancer?
- Layer 7 Applications
- Both instances and containers (Ans)
- IAM groups and target groups
- Both Linux and Windows instances
What is the definition of a VPC at AWS?
- Isolated network within the AWS cloud (Ans)
- Flat virtual network shared by all AWS customers
- Software defined network with predefined address ranges
- Software defined network hosted by a single availability zone
What key cloud feature does Route 53 integrate with at AWS?
- Elastic load balancer’s
- Health checks (Ans)
By default how do subnets handle routing requests within a VPC?
- Subnets within the VPC can route to each other. (Ans)
- Custom route tables must be created from private and public roads.
- Custom route tables must be created for all private routes.
- Route tables are automatically created based on IP address range selected.
How do federated users gain access to AWS resources?
- Long-term security credentials assigned to the user secret access key.
- Permissions are attached to the IAM user or group associated with the corporate user.
- Permissions are defined for federated users using IAM roles. (Ans)
- Short-term security credentials assigned to the user secret access key.
What network levels can the classic ELB function up to?
- Level 4 (Ans)
- All network levels
- Level 7
- Only the application level
What is the key feature of an elastic IP address?
- The assigned static IP address can be moved from one location to another. (Ans)
- Elastic network addresses can be both public or private addresses.
- The static IP address is linked to your account.
- Can be assigned to multiple network locations at the same time.
How do you disable your root account at AWS?
- You can’t disable your account. (Ans)
- Set up detailed billing policies.
- SMS Multifactor authentication
- IAM policies
What type of networks can the classic ELB operate on?
- On site to site VPNs only
- Both public and private networks up to Layer 4 (Ans)
- Only public networks up to Layer 4
- Only private networks up to Layer 4
What is the distinctive difference between dedicated instances and dedicated hosts?
- Single tenancy
- Full access to the CPU cores (Ans)
- Full access to the hardware resource
- Physical hardware isolation