AWS Interview Questions and Answer Part – 32

The best tool to identify excess access keys and passwords that have NOT been rotated recently is:

• Cloud Trail
• Trusted Advisor
• Amazon Inspector
• Access Advisor
• Credential Report (Ans)

Which of the following AWS Directory Service offerings does not support transferring FSMO roles:

• AD Redirector
• AD Connector
• LDAP
• Simple AD (Ans)
• Enterprise AD

Which of the following is NOT part of Amazon’s responsibility?

• Availability Zones
• Edge locations
• Regions
• Network Security (Ans)

Which of the following is NOT an MFA option for IAM users?

• Google Authenticator
• Biometric (Ans)
• Hardware token (FOB)
• SMS (text)
• Windows Authenticator

Which of the following CANNOT have a role assigned to it?

• Federated User
• EC2 instance
• Web Service
• IAM Group (Ans)
• IAM User

Which of the following is NOT a type of policy?

• Inline Policy
• AWS Managed Policy
• Customer Managed Policy
• System Managed Policy (Ans)

The common parameters passed to AWS to grant federated access regardless of which API include all of the following except:

• Role name
• Duration for which the credentials are valid
• SAML Token (Ans)

Which of the following is NOT a reason to use multiple AWS accounts?

• Control access to different workloads by different administrators
• Reduce the potential damage after a security breach
• Control network security (Ans)
• Store auditing and backup data for safe keeping and restricted access

Which of the following is much more difficult when multiple accounts are used?

• Visibility of what money is spent on across accounts
• Maximum volume discounts (they are determined per account)
• Security consistency across accounts (Ans)

CloudTrail can save auditing information to:

• An S3 bucket per account
• An S3 bucket per region
• An S3 bucket for all accounts owned (Ans)

Which of the following identity sources is NOT supported with AWS?

• Twitter (Ans)
• Google
• Amazon
• Facebook

Which of the following uses a Rules Package to determine what gets reported?

• Amazon Inspector
• Access Advisor
• Cloud Trail
• Trusted Advisor
• Credential Report (Ans)

IAM Groups should be used to group:

• IAM Users (Ans)
• IAM Roles
• IAM Policies

IAM roles can be used for which of the following?

• Both of these (Ans)
• Neither of these
• Providing applications on EC2 servers access to AWS resources
• Identity Federation

Which of the following is NOT a VPC prerequisite when using AWS Directory Services?

• Two subnets in two availability zones
• Default hardware tenancy
• Two subnets in two regions (Ans)

When an object is deleted, which of the following policy type(s) is/are also deleted with it?

• Customer Managed
• AWS Managed
• None of these – policies must always be deleted separately from objects using them.
• Inline (Ans)
• All of these – all policies are automatically deleted.

The root user account looks like which of the following?

• A user name
• An account number
• A domain user name
• An email address (Ans)

You can require Multi Factor Authentication (MFA) be used with roles.

• Yes (Ans)
• No

To configure access across accounts for users, which of the following actions should be used?

• Create a duplicate user account in each AWS account for the administrator to use.
• Federate users and authenticate to a third party or on-premises directory.
• Create a role in each other AWS account, assign the correct permissions for that account, and allow the appropriate IAM users access to it. (Ans)
• Put IAM users from each of the accounts in the IAM group(s) in the accounts to which they need access.

The root account should be used for which of the following?

• Day-to-day administration
• Creating IAM users
• Initial setup and billing (Ans)

IAM users, groups, and roles cost how much per month?

• Pennies per thousand objects
• Nothingthey are free. (Ans)
• Pennies per hundred objects
• Pennies per ten thousand objects

«

Prev

1

/

1

Next

»

AWS Solution Architect Certification Tutorials EC2 (Session-1) — By DevOpsSchool

AWS Solution Architect Certification Tutorials EC2 (Session-2) — By DevOpsSchool

AWS Solution Architect Certification Tutorials EC2 (Session-3) — By DevOpsSchool

AWS Solution Architect Certification Tutorials EC2 (Session-4) — By DevOpsSchool

AWS Solution Architect Certification Tutorials EC2 (Session-5) — By DevOpsSchool

AWS Solution Architect Certification Tutorials EC2 (Session-6) — by DevOpsSchool

AWS Solution Architect Certification Tutorials EC2 (Session-7) — by DevOpsSchool

«

Prev

1

/

1

Next

»

• Author
• Recent Posts

Follow me

Rajesh Kumar

Mentor for DevOps - DevSecOps - SRE - Cloud - Container & Micorservices at Software AG

Join my following certification courses...
- DevOps Certified Professionals (DCP)
- Site Reliability Engineering Certified Professionals (SRECP)
- Master in DevOps Engineering (MDE)
- DevSecOps Certified Professionals (DSOCP)
URL - https://www.devopsschool.com/certification/

My Linkedin - https://www.linkedin.com/in/rajeshkumarin

Follow me

Latest posts by Rajesh Kumar (see all)

• Apache Lucene Query Example - April 8, 2024
• Google Cloud: Step by Step Tutorials for setting up Multi-cluster Ingress (MCI) - April 7, 2024
• What is Multi-cluster Ingress (MCI) - April 7, 2024