AWS Interview Questions and Answer Part – 34

Which of the following are you responsible for?

  • Networking
  • Data security (Ans)
  • Storage
  • Compute

The root account can be restricted by permissions.

  • False (Ans)
  • True

When a user is moved from one group to another group, what happens to their permissions?

  • They get the permissions from both groups if the groups are nested; if groups are not nested, they get permissions from the group into which they are moved.
  • They recieve the permissions for the new group and lose the permissions of the original group. (Ans)
  • Users can’t be moved between groups.
  • Users can’t belong to groups.

To troubleshoot policy problems, use __.

  • Policy Simulator (Ans)
  • Policy Verifier
  • Policy Tester

Roles can be used by IAM users in different AWS accounts.

  • True (Ans)
  • False

To access the full set of Trusted Advisor capabilities, you must have:

  • Basic support or higher
  • Business support or higher (Ans)
  • Enterprise support or higher
  • Developer support or higher

Which of the following AWS Directory Service offerings supports LDAPS?

  • Enterprise AD (Ans)
  • Simple AD
  • LDAP
  • AD Connector
  • AD Redirector

Which of the following requires an agent in an EC2 instance to gather the data it reports on?

  • Amazon Inspector (Ans)
  • Cloud Trail
  • Access Advisor
  • Credential Report
  • Trusted Advisor

Which of the following is NOT an available AWS Directory Service offering?

  • LDAP (Ans)
  • AD Connector
  • Simple AD

You have two applications in development by your internal software developers team. Some developers are assigned to App A and some to App B and a few to both. You also have some general permissions that you want to apply to all software developers.What is the simplest way to manage security while meeting the needs of each developer and the company?

  • Create three groups. Nest the App A and App B groups in the software group.
    Assign the developers’ IAM users to the appropriate App group based on the project they are working on. Assign permissions as required.
  • Create three groups. Place all the developers’ IAM users in the developer group and add them to their individual groups as needed. Assign permissions to each group as required. (Ans)
  • Groups are not used with IAM users. Assign the permissions required for each developer’s IAM user account directly.
  • Create two groups because users can only belong to one group at a time.
    Assign the developers’ IAM users to the appropriate groups and assign all the software developer permissions to both groups and then assign
    the individual app permissions to the two groups as required.

When an application needs access to another resoiurce in AWS, such as a DynamoDB Table or a S3 Bucket, the best way to provide the needed credentials is to:

  • Enter the credentials directly in the application for an IAM user.
  • Enter the credentials directly in the application for an IAM role.
  • Make the resource publicly available so the application can access it.
  • Assign the EC2 instance a role that has the necessary permissions. (Ans)
  • Nothing, this is automatic in AWS.

Which policy type(s) can be associated with IAM users and IAM roles?

  • Inline
  • None of these – policies can’t be assigned to roles.
  • AWS Managed (Ans)
  • All of these
  • Customer Managed

Which of the following policy types can be versioned and rolled back if necessary?

  • System Managed Policy

-Inline Policy

  • AWS Managed Policy
  • Customer Managed Policy (Ans)

Which of the following services is used to associate a role with a federated user?

  • Security Role Association Service (SRAS)
  • Federated Role Service (FRS)
  • Amazon Federation Service (AFS)
  • Security Token Service (STS) (Ans)

Which of the following is NOT part of a policy statement?

  • Conditions
  • What (Ans)
  • Where
  • Who
  • Effect

Access keys should NOT be…

  • assigned to roles.
  • hard coded in applications. (Ans)
  • rotated regularly.
  • assigned to users.

IAM users should be created for:

  • Groups of users based on role or project they are working on
  • Each user in the company
  • Each user that needs access to AWS resources (Ans)

To receive notifications of Cloud Trail auditing data updates, use it in conjunction with which of these?

  • SNS (Ans)
  • SES
  • SQS
  • S3

Roles can be required to have users authenticated with MFA to be usable.

  • True (Ans)
  • False

An inline policy can be associated with multiple objects.

  • False (Ans)
  • True
Rajesh Kumar
Follow me
Latest posts by Rajesh Kumar (see all)