Cloud Trail delivers logs to which of the following?
- S3 buckets and RedShift instances
- S3 buckets and EC2 instances
- S3 buckets and CloudWatch Logs groups (Ans)
- S3 buckets and RDS instances
In a policy, a resource is:
- A role
- An AWS object (Ans)
- a network object
- An IAM object
Policies are written in:
- JSON (Ans)
- SOAPjr
- HTML
- XML
Rolling back a policy to a previous version is accomplished by which of the following methods?
- Setting the default version of the policy (Ans)
- Deleting the later version of a policy to get to the desired version
- Selecting the rollback action under policies
The best tool to identify excess permissions and inactive accounts is:
- Amazon Inspector
- Credential Report
- Cloud Trail
- Access Advisor (Ans)
- Trusted Advisor
Roles can be used with federated users from all of the following except:
- Active Directory
- Salesforce.com (Ans)
Roles can be delegated to IAM users only if:
- A trust has been established betwen the role creator and the user creator
- A trust has been established to another AWS account (Ans)
- They are federated with Active Directory users
Auditing answers all of the following questions except which one?
- Who
- How (Ans)
- What
- Where
- When
Customer Managed policies are best for which of the following situations?
- Those who need granularity and control over specific privileges (Ans)
- Those wanting a simple policy experience
- Those who are new to AWS policies
Which of the following policy types is deleted when the associated object is deleted?
- AWS Managed Policies
- Customer Managed Policies
- System Managed Policies
- Inline Policies (Ans)
When multiple statements exist in a single policy or multiple policies are applied to a single object, the policies are:
- ORed (Ans)
- Ignored as only one statement per policy or policy per object is allowed
- ANDed
- XORed
To revert to a previous version if a policy, you select which option?
- Revert to policy
- Set as active policy
- Set as default (Ans)
IAM Roles can be assumed by:
- Applications
- IAM Users (Ans)
- IAM Groups
IAM roles can be assumed by users in other accounts.
- False
- True (Ans)
The least expensive way to store cloud trail data for long periods of time is:
- Archiving all data to Glacier
- S3 Reduced Redundancy Storage
- S3 Lifecycle policies in conjunction with Glacier (Ans)
- S3 Infrequent Access
Which type of policies are used with roles to provide access to AWS resources?
- Trust and Permission (Ans)
- Account and Permission
- Account and Access
- Trust and Access
The best tool to identify potential compliance violations is:
- Trusted Advisor
- Cloud Trail
- Credential Report
- Access Advisor
- Amazon Inspector (Ans)
Auditing can be used to look for cost savings.
- False
- True (Ans)
IAM Policies contant all of the following components except:
- Resource
- Effect
- Action
- Condition
- Result (Ans)
If versioning of policies and the ability to revert to a previous version are required, select the _ policy type.
- Inline
- Customer Managed (Ans)
- Version-enabled
- AWS Managed
Cloud Trail is enabled on a _ basis.
- Object
- Region (Ans)
- Availability Zone
When policies are evaluated, the precedence in permissions is:
- Least Restricitive
- Explicit Deny, Explicit Allow, Implicit Deny (Ans)
- Explicit Allow, Explicit Deny, Implicit Deny
- Most Restricitive
Cloud Trail data can be encrypted.
- False
- True (Ans)
IAM roles can be assigned to EC2 servers to provide access to AWS resources for applications running on that server.
- False
- True (Ans)
Cloud Trail audits which of these?
- API Access
- Neither of these
- Both of these (Ans)
- Console Access
Manged policies exist as stand-alone objects that can be associated with multiple IAM objects.
- False
- True (Ans)
The AWS security best practice for applications requiring access to AWS resources is to:
- Embed Access Keys and Secret keys within those applications
- Prompt the user for an IAM user name and password when access is needed
- Assign roles to applications
- Assign roles to EC2 servers running those applications (Ans)
- DevOps Certified Professionals (DCP)
- Site Reliability Engineering Certified Professionals (SRECP)
- Master in DevOps Engineering (MDE)
- DevSecOps Certified Professionals (DSOCP)
URL - https://www.devopsschool.com/certification/
My Linkedin - https://www.linkedin.com/in/rajeshkumarin
- Apache Lucene Query Example - April 8, 2024
- Google Cloud: Step by Step Tutorials for setting up Multi-cluster Ingress (MCI) - April 7, 2024
- What is Multi-cluster Ingress (MCI) - April 7, 2024
