AWS Interview Questions and Answer Part – 35

Cloud Trail delivers logs to which of the following?

  • S3 buckets and RedShift instances
  • S3 buckets and EC2 instances
  • S3 buckets and CloudWatch Logs groups (Ans)
  • S3 buckets and RDS instances

In a policy, a resource is:

  • A role
  • An AWS object (Ans)
  • a network object
  • An IAM object

Policies are written in:

  • JSON (Ans)
  • SOAPjr
  • HTML
  • XML

Rolling back a policy to a previous version is accomplished by which of the following methods?

  • Setting the default version of the policy (Ans)
  • Deleting the later version of a policy to get to the desired version
  • Selecting the rollback action under policies

The best tool to identify excess permissions and inactive accounts is:

  • Amazon Inspector
  • Credential Report
  • Cloud Trail
  • Access Advisor (Ans)
  • Trusted Advisor

Roles can be used with federated users from all of the following except:

  • Google
  • Active Directory
  • (Ans)
  • Facebook

Roles can be delegated to IAM users only if:

  • A trust has been established betwen the role creator and the user creator
  • A trust has been established to another AWS account (Ans)
  • They are federated with Active Directory users

Auditing answers all of the following questions except which one?

  • Who
  • How (Ans)
  • What
  • Where
  • When

Customer Managed policies are best for which of the following situations?

  • Those who need granularity and control over specific privileges (Ans)
  • Those wanting a simple policy experience
  • Those who are new to AWS policies

Which of the following policy types is deleted when the associated object is deleted?

  • AWS Managed Policies
  • Customer Managed Policies
  • System Managed Policies
  • Inline Policies (Ans)

When multiple statements exist in a single policy or multiple policies are applied to a single object, the policies are:

  • ORed (Ans)
  • Ignored as only one statement per policy or policy per object is allowed
  • ANDed
  • XORed

To revert to a previous version if a policy, you select which option?

  • Revert to policy
  • Set as active policy
  • Set as default (Ans)

IAM Roles can be assumed by:

  • Applications
  • IAM Users (Ans)
  • IAM Groups

IAM roles can be assumed by users in other accounts.

  • False
  • True (Ans)

The least expensive way to store cloud trail data for long periods of time is:

  • Archiving all data to Glacier
  • S3 Reduced Redundancy Storage
  • S3 Lifecycle policies in conjunction with Glacier (Ans)
  • S3 Infrequent Access

Which type of policies are used with roles to provide access to AWS resources?

  • Trust and Permission (Ans)
  • Account and Permission
  • Account and Access
  • Trust and Access

The best tool to identify potential compliance violations is:

  • Trusted Advisor
  • Cloud Trail
  • Credential Report
  • Access Advisor
  • Amazon Inspector (Ans)

Auditing can be used to look for cost savings.

  • False
  • True (Ans)

IAM Policies contant all of the following components except:

  • Resource
  • Effect
  • Action
  • Condition
  • Result (Ans)

If versioning of policies and the ability to revert to a previous version are required, select the _ policy type.

  • Inline
  • Customer Managed (Ans)
  • Version-enabled
  • AWS Managed

Cloud Trail is enabled on a _ basis.

  • Object
  • Region (Ans)
  • Availability Zone

When policies are evaluated, the precedence in permissions is:

  • Least Restricitive
  • Explicit Deny, Explicit Allow, Implicit Deny (Ans)
  • Explicit Allow, Explicit Deny, Implicit Deny
  • Most Restricitive

Cloud Trail data can be encrypted.

  • False
  • True (Ans)

IAM roles can be assigned to EC2 servers to provide access to AWS resources for applications running on that server.

  • False
  • True (Ans)

Cloud Trail audits which of these?

  • API Access
  • Neither of these
  • Both of these (Ans)
  • Console Access

Manged policies exist as stand-alone objects that can be associated with multiple IAM objects.

  • False
  • True (Ans)

The AWS security best practice for applications requiring access to AWS resources is to:

  • Embed Access Keys and Secret keys within those applications
  • Prompt the user for an IAM user name and password when access is needed
  • Assign roles to applications
  • Assign roles to EC2 servers running those applications (Ans)
Rajesh Kumar
Follow me
Latest posts by Rajesh Kumar (see all)