What is the definition of a managed policy?
- Custom policy controlled by the customer
- Deployed by the customer
- Created and maintained by AWS (Ans)
- Policies applied to users and groups
What’s one difference between a network access control lists and a security group?
- Security groups can span availability zones.
- Security groups control subnet access, and network access control lists control instance access.
- Security groups control instance access; network access control lists manage subnet access. (Ans)
- Security groups are stateless; network access control lists are stateful.
How can Windows instances take advantage of paravirtualization services at AWS?
- There is PV support for network and storage drivers. (Ans)
- Select compute optimized instances when deploying Windows.
- Upgrade Windows instances to Windows Server 2016 Datacenter.
- Windows instances cannot take advantage of her paravirtualization.
How are Amazon EC2 key pairs used for Windows authentication?
- Decryption of the user logon credentials
- Decryption of the administrator password (Ans)
- Encryption and decryption of logon information zip file
- Decryption of the administrators secret key
What is the purpose of the AWS security token service with regard to federated users?
- Security credentials are provided when requested by end-users.
- Federated users are provided with temporary security credentials. (Ans)
- Security credentials are provided for access to AWS resources.
- To integrate AWS Active Directory services with customers corporate Active Directory services.
How can AWS customers confirm that identity and access management security controls are verifiable?
- Reviewing the ISO 27001 audit
- Reviewing the SOC-2 audit
- Reviewing the SOC-3 audit (Ans)
- Reviewing current IAM settings
IAM policy defines what key component?
- Compliance and integrity
- Integrity and encryption
- Authorization and compliance
- Authentication and authorization (Ans)
What IAM policy choices control root account authentication?
- IAM group policy
- IAM policies in general
- Multifactor authentication (Ans)
- IAM username policy
Which of these statements best describes AWS Lambda?
- Datastream analysis
- Workflow orchestration for multiple tasks
- Serverless technology for running functions (Ans)
Which of these tools can assist with designing an environment stop/start process?
- EC2 instances
- Service dependency map (Ans)
- API credentials
Which of these most accurately describes the AWS CLI?
- Compiled executables written in C# that enable end users to access the AWS service API endpoints
- A unified single command that interfaces between the end user and the various AWS service API endpoints (Ans)
- Downloadable java libraries that can be run as executables to access the AWS service API endpoints
Which of these is a true statement when copying an object into an S3 bucket that is owned by another account?
- Object ownership follows the account performing the copy or upload. (Ans)
- Object ownership is irrelevant.
- Object ACLs are more important than object ownership.
- Object ownership follows the bucket.
Which of these credential locations will be tested first when using the AWS CLI?
- Instance profile credentials
- Config file
- Environment variables (Ans)
- Credentials file
Which service is used to directly generate instance profile credentials, which are visible via EC2 instance metadata?
- STS (Ans)
Which command line option helps restrict the amount of output when using the CLI?
- filter (Ans)
Which of these tasks can be easily performed using the AWS Console?
- Bulk ACL creation
- Bucket creation (Ans)
- Intra-bucket copies
What is the meaning of the statement “The service API is a contract with the customer”?
- The API can only be changed if all customers agree first.
- The API can only be added to or extended, not changed or reduced in functionality. (Ans)
- The API is never changed after initial service release.
What are the steps involved in deleting an AMI?
- Terminate AMI, delete snapshots
- Delete AMI
- Deregister AMI, delete snapshots (Ans)
What is the most appropriate AWS feature for sorting EC2 instances?
- EC2 instance type
- Metadata tags (Ans)
- Security groups
MFA should be used for:
- Priviledged users
- Every IAM user
- The root account
- Priviledged users and the root account (Ans)
- Every IAM group