AWS

AWS Interview Questions and Answer Part – 31

January 18, 2020 comments off

What is the definition of a managed policy?

  • Custom policy controlled by the customer
  • Deployed by the customer
  • Created and maintained by AWS (Ans)
  • Policies applied to users and groups

What’s one difference between a network access control lists and a security group?

  • Security groups can span availability zones.
  • Security groups control subnet access, and network access control lists control instance access.
  • Security groups control instance access; network access control lists manage subnet access. (Ans)
  • Security groups are stateless; network access control lists are stateful.

How can Windows instances take advantage of paravirtualization services at AWS?

  • There is PV support for network and storage drivers. (Ans)
  • Select compute optimized instances when deploying Windows.
  • Upgrade Windows instances to Windows Server 2016 Datacenter.
  • Windows instances cannot take advantage of her paravirtualization.

How are Amazon EC2 key pairs used for Windows authentication?

  • Decryption of the user logon credentials
  • Decryption of the administrator password (Ans)
  • Encryption and decryption of logon information zip file
  • Decryption of the administrators secret key

What is the purpose of the AWS security token service with regard to federated users?

  • Security credentials are provided when requested by end-users.
  • Federated users are provided with temporary security credentials. (Ans)
  • Security credentials are provided for access to AWS resources.
  • To integrate AWS Active Directory services with customers corporate Active Directory services.

How can AWS customers confirm that identity and access management security controls are verifiable?

  • Reviewing the ISO 27001 audit
  • Reviewing the SOC-2 audit
  • Reviewing the SOC-3 audit (Ans)
  • Reviewing current IAM settings

IAM policy defines what key component?

  • Compliance and integrity
  • Integrity and encryption
  • Authorization and compliance
  • Authentication and authorization (Ans)

What IAM policy choices control root account authentication?

  • IAM group policy
  • IAM policies in general
  • Multifactor authentication (Ans)
  • IAM username policy

Which of these statements best describes AWS Lambda?

  • Datastream analysis
  • Workflow orchestration for multiple tasks
  • Serverless technology for running functions (Ans)

Which of these tools can assist with designing an environment stop/start process?

  • EC2 instances
  • Service dependency map (Ans)
  • API credentials

Which of these most accurately describes the AWS CLI?

  • Compiled executables written in C# that enable end users to access the AWS service API endpoints
  • A unified single command that interfaces between the end user and the various AWS service API endpoints (Ans)
  • Downloadable java libraries that can be run as executables to access the AWS service API endpoints

Which of these is a true statement when copying an object into an S3 bucket that is owned by another account?

  • Object ownership follows the account performing the copy or upload. (Ans)
  • Object ownership is irrelevant.
  • Object ACLs are more important than object ownership.
  • Object ownership follows the bucket.

Which of these credential locations will be tested first when using the AWS CLI?

  • Instance profile credentials
  • Config file
  • Environment variables (Ans)
  • Credentials file

Which service is used to directly generate instance profile credentials, which are visible via EC2 instance metadata?

  • EC2
  • EBS
  • KMS
  • STS (Ans)

Which command line option helps restrict the amount of output when using the CLI?

  • region
  • dry-run
  • filter (Ans)
  • output

Which of these tasks can be easily performed using the AWS Console?

  • Bulk ACL creation
  • Bucket creation (Ans)
  • Intra-bucket copies

What is the meaning of the statement “The service API is a contract with the customer”?

  • The API can only be changed if all customers agree first.
  • The API can only be added to or extended, not changed or reduced in functionality. (Ans)
  • The API is never changed after initial service release.

What are the steps involved in deleting an AMI?

  • Terminate AMI, delete snapshots
  • Delete AMI
  • Deregister AMI, delete snapshots (Ans)

What is the most appropriate AWS feature for sorting EC2 instances?

  • EC2 instance type
  • Subnet
  • Metadata tags (Ans)
  • Security groups

MFA should be used for:

  • Priviledged users
  • Every IAM user
  • The root account
  • Priviledged users and the root account (Ans)
  • Every IAM group
Rajesh Kumar
Follow me
Latest posts by Rajesh Kumar (see all)