If resources at AWS have been created by a no other account, what feature can be enabled to share access to resources?
- Cross Account Access (Ans)
- Creating additional accounts for access to the required resources
- Enabling consolidated billing
- IAM role policies
- Administrative IAM policies linked to required resources
Where can details be reviewed regarding user passwords?
- Review CloudWatch alerts
- Viewing the Credential Report (Ans)
- Through the properties of the users account
- Analysis of CloudTrail reports
What types of subnets can be chosen within your VPC?
- Public and hybrid subnets
- Private subnets
- Both public and private subnets can be created. (Ans)
- Hybrid subnets
In front of what does the Web Application Firewall sit?
- ALB and S3
- S3 and ALB
- EC2 and S3
- ALB and CF (Ans)
What is the benefit of deploying an in-line policy?
- If the principles deleted, the policy is still deployed.
- Maintain a strict one to one relationship between the policy and selected principal. (Ans)
- In-line policies are created for the customer by AWS.
- In-line policies can be deployed to multiple identities at the same time.
To access resources or users outside of AWS what must be attached to your subnet?
- Defined network access control lists
- Security groups
- Elastic IP addresses
- A gateway device (Ans)
What is the purpose of elastic load-balancing?
- Balancing the storage load on the elastic file system
- Balancing performance of Web servers
- Distribution of incoming traffic across multiple instances (Ans)
- Scaling instances up or down based on demand
What type of network must a dedicated instance be deployed on?
- In a VPC (Ans)
- Private only
- Public only
- In a Classic EC2 network
What is the secret access key used for at AWS?
- Authentication to the AWS console
- Access to resources through automation (Ans)
- Authentication using the CLI
- Developing using the SDK
When an EBS snapshot is shared, who can alter the original snapshot?
- Shared snapshots cannot be altered. (Ans)
- Only the root user of the account
- IAM policy defines access rules for snapshots.
- Any administrator account
What security tool should be used to create a second access key?
- Use the create-access-key command
- Run the Access Advisor
- Using CloudTrail reports
- The IAM Console (Ans)
Where is Route 53 located in the AWS ecosystem?
- Availability zone
- Edge location (Ans)
- Hybrid location
What types of permissions does and IAM policy control?
- Explicit disallow
- Implicit access
- Implicit disallow
- Explicit access
- Allow or deny (Ans)
What common LDAP service is used in federating corporate users to AWS?
- AWS directory services (Ans)
- Google authenticator
- Open ID
- SAML 2.0
What is AWS Shield?
- EC2 firewall
- Edge firewall
- A DDos protection service (Ans)
- Network layer protection
What happens if you find your instant size is inadequate for your needs?
- Use commandline tools to scale instance size up or down.
- Restore from backup to new instance type.
- Shut down the instance, change instance type, and restart the instance. (Ans)
- Instances must be rebuilt from scratch to change size.
What happens when storage and memory resources are discarded?
- Open a ticket with AWS support to clean discarded resources.
- Storage is automatically reset and memory is automatically scrubbed. (Ans)
- Storage is scrubbed, and memory is reset automatically.
- Both storage and memory resources are cleaned upon request only.
When authenticating against an EC2 Instance what IAM policies are required?
- Role-based policy
- Logging onto an EC2 instance is not controlled by IAM policy (Ans)
- Access-based policy
- Group-based policy
Name the four common elements in an IAM policy.
- Username, resources, principal, and actions
- Security principles, assigned actions, effect, and resources
- Resources, core effects, mandated actions, and principles
- Resources, actions, effect, and principal (Ans)