{"id":8983,"date":"2020-01-18T06:41:40","date_gmt":"2020-01-18T06:41:40","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=8983"},"modified":"2021-11-13T10:27:37","modified_gmt":"2021-11-13T10:27:37","slug":"aws-interview-questions-and-answer-part-30","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/aws-interview-questions-and-answer-part-30\/","title":{"rendered":"AWS Interview Questions and Answer Part \u2013 30"},"content":{"rendered":"\n<p><strong>If resources at AWS have been created by a no other account, what feature can be enabled to share access to resources?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Cross Account Access (Ans)<\/strong><\/li><li>Creating additional accounts for access to the required resources<\/li><li>Enabling consolidated billing<\/li><li>IAM role policies<\/li><li>Administrative IAM policies linked to required resources<\/li><\/ul>\n\n\n\n<p><strong>Where can details be reviewed regarding user passwords?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Review CloudWatch alerts<\/li><li><strong>Viewing the Credential Report (Ans)<\/strong><\/li><li>Through the properties of the users account<\/li><li>Analysis of CloudTrail reports<\/li><\/ul>\n\n\n\n<p><strong>What types of subnets can be chosen within your VPC?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Public and hybrid subnets<\/li><li>Private subnets<\/li><li><strong>Both public and private subnets can be created. (Ans)<\/strong><\/li><li>Hybrid subnets<\/li><\/ul>\n\n\n\n<p><strong>In front of what does the Web Application Firewall sit?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>ALB and S3<\/li><li>S3 and ALB<\/li><li>EC2 and S3<\/li><li><strong>ALB and CF (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>What is the benefit of deploying an in-line policy?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>If the principles deleted, the policy is still deployed.<\/li><li><strong>Maintain a strict one to one relationship between the policy and selected principal. (Ans)<\/strong><\/li><li>In-line policies are created for the customer by AWS.<\/li><li>In-line policies can be deployed to multiple identities at the same time.<\/li><\/ul>\n\n\n\n<p><strong>To access resources or users outside of AWS what must be attached to your subnet?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Defined network access control lists<\/li><li>Security groups<\/li><li>Elastic IP addresses<\/li><li><strong>A gateway device (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>What is the purpose of elastic load-balancing?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Balancing the storage load on the elastic file system<\/li><li>Balancing performance of Web servers<\/li><li><strong>Distribution of incoming traffic across multiple instances (Ans)<\/strong><\/li><li>Scaling instances up or down based on demand<\/li><\/ul>\n\n\n\n<p><strong>What type of network must a dedicated instance be deployed on?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>In a VPC (Ans)<\/strong><\/li><li>Private only<\/li><li>Public only<\/li><li>In a Classic EC2 network<\/li><\/ul>\n\n\n\n<p><strong>What is the secret access key used for at AWS?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Authentication to the AWS console<\/li><li><strong>Access to resources through automation (Ans)<\/strong><\/li><li>Authentication using the CLI<\/li><li>Developing using the SDK<\/li><\/ul>\n\n\n\n<p><strong>When an EBS snapshot is shared, who can alter the original snapshot?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Shared snapshots cannot be altered. (Ans)<\/strong><\/li><li>Only the root user of the account<\/li><li>IAM policy defines access rules for snapshots.<\/li><li>Any administrator account<\/li><\/ul>\n\n\n\n<p><strong>What security tool should be used to create a second access key?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Use the create-access-key command<\/li><li>Run the Access Advisor<\/li><li>Using CloudTrail reports<\/li><li><strong>The IAM Console (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>Where is Route 53 located in the AWS ecosystem?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Region<\/li><li>Availability zone<\/li><li><strong>Edge location (Ans)<\/strong><\/li><li>Hybrid location<\/li><\/ul>\n\n\n\n<p><strong>What types of permissions does and IAM policy control?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Explicit disallow<\/li><li>Implicit access<\/li><li>Implicit disallow<\/li><li>Explicit access<\/li><li><strong>Allow or deny (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>What common LDAP service is used in federating corporate users to AWS?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>AWS directory services (Ans)<\/strong><\/li><li>Google authenticator<\/li><li>Open ID<\/li><li>SAML 2.0<\/li><\/ul>\n\n\n\n<p><strong>What is AWS Shield?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>EC2 firewall<\/li><li>Edge firewall<\/li><li><strong>A DDos protection service (Ans)<\/strong><\/li><li>Network layer protection<\/li><\/ul>\n\n\n\n<p><strong>What happens if you find your instant size is inadequate for your needs?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Use commandline tools to scale instance size up or down.<\/li><li>Restore from backup to new instance type.<\/li><li><strong>Shut down the instance, change instance type, and restart the instance. (Ans)<\/strong><\/li><li>Instances must be rebuilt from scratch to change size.<\/li><\/ul>\n\n\n\n<p><strong>What happens when storage and memory resources are discarded?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Open a ticket with AWS support to clean discarded resources.<\/li><li><strong>Storage is automatically reset and memory is automatically scrubbed. (Ans)<\/strong><\/li><li>Storage is scrubbed, and memory is reset automatically.<\/li><li>Both storage and memory resources are cleaned upon request only.<\/li><\/ul>\n\n\n\n<p><strong>When authenticating against an EC2 Instance what IAM policies are required?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Role-based policy<\/li><li><strong>Logging onto an EC2 instance is not controlled by IAM policy (Ans)<\/strong><\/li><li>Access-based policy<\/li><li>Group-based policy<\/li><\/ul>\n\n\n\n<p><strong>Name the four common elements in an IAM policy.<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Username, resources, principal, and actions<\/li><li>Security principles, assigned actions, effect, and resources<\/li><li>Resources, core effects, mandated actions, and principles<\/li><li><strong>Resources, actions, effect, and principal (Ans)<\/strong><\/li><\/ul>\n\n\n<div class=\"epyt-gallery\" data-currpage=\"1\" id=\"epyt_gallery_53342\"><figure class=\"wp-block-embed wp-block-embed-youtube is-type-video is-provider-youtube epyt-figure\"><div class=\"wp-block-embed__wrapper\"><iframe loading=\"lazy\"  id=\"_ytid_20522\"  width=\"760\" height=\"427\"  data-origwidth=\"760\" data-origheight=\"427\" src=\"https:\/\/www.youtube.com\/embed\/?enablejsapi=1&#038;autoplay=0&#038;cc_load_policy=0&#038;cc_lang_pref=&#038;iv_load_policy=1&#038;loop=0&#038;rel=1&#038;fs=1&#038;playsinline=0&#038;autohide=2&#038;theme=dark&#038;color=red&#038;controls=1&#038;disablekb=0&#038;\" class=\"__youtube_prefs__  no-lazyload\" title=\"YouTube player\"  data-epytgalleryid=\"epyt_gallery_53342\"  allow=\"fullscreen; accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen data-no-lazy=\"1\" data-skipgform_ajax_framebjll=\"\"><\/iframe><\/div><\/figure><div class=\"epyt-gallery-list\"><div>Sorry, there was a YouTube error.<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>If resources at AWS have been created by a no other account, what feature can be enabled to share access to resources? Cross Account Access (Ans) Creating&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[5633],"tags":[],"class_list":["post-8983","post","type-post","status-publish","format-standard","hentry","category-aws"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/8983","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=8983"}],"version-history":[{"count":3,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/8983\/revisions"}],"predecessor-version":[{"id":25081,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/8983\/revisions\/25081"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=8983"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=8983"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=8983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}