{"id":8987,"date":"2020-01-18T06:47:27","date_gmt":"2020-01-18T06:47:27","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=8987"},"modified":"2021-11-13T10:27:16","modified_gmt":"2021-11-13T10:27:16","slug":"aws-interview-questions-and-answer-part-31","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/aws-interview-questions-and-answer-part-31\/","title":{"rendered":"AWS Interview Questions and Answer Part \u2013 31"},"content":{"rendered":"\n<p><strong>What is the definition of a managed policy?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Custom policy controlled by the customer<\/li><li>Deployed by the customer<\/li><li><strong>Created and maintained by AWS (Ans)<\/strong><\/li><li>Policies applied to users and groups<\/li><\/ul>\n\n\n\n<p><strong>What&#8217;s one difference between a network access control lists and a security group?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Security groups can span availability zones.<\/li><li>Security groups control subnet access, and network access control lists control instance access.<\/li><li><strong>Security groups control instance access; network access control lists manage subnet access. (Ans)<\/strong><\/li><li>Security groups are stateless; network access control lists are stateful.<\/li><\/ul>\n\n\n\n<p><strong>How can Windows instances take advantage of paravirtualization services at AWS?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>There is PV support for network and storage drivers. (Ans)<\/strong><\/li><li>Select compute optimized instances when deploying Windows.<\/li><li>Upgrade Windows instances to Windows Server 2016 Datacenter.<\/li><li>Windows instances cannot take advantage of her paravirtualization.<\/li><\/ul>\n\n\n\n<p><strong>How are Amazon EC2 key pairs used for Windows authentication?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Decryption of the user logon credentials<\/li><li><strong>Decryption of the administrator password (Ans)<\/strong><\/li><li>Encryption and decryption of logon information zip file<\/li><li>Decryption of the administrators secret key<\/li><\/ul>\n\n\n\n<p><strong>What is the purpose of the AWS security token service with regard to federated users?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Security credentials are provided when requested by end-users.<\/li><li><strong>Federated users are provided with temporary security credentials. (Ans)<\/strong><\/li><li>Security credentials are provided for access to AWS resources.<\/li><li>To integrate AWS Active Directory services with customers corporate Active Directory services.<\/li><\/ul>\n\n\n\n<p><strong>How can AWS customers confirm that identity and access management security controls are verifiable?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Reviewing the ISO 27001 audit<\/li><li>Reviewing the SOC-2 audit<\/li><li><strong>Reviewing the SOC-3 audit (Ans)<\/strong><\/li><li>Reviewing current IAM settings<\/li><\/ul>\n\n\n\n<p><strong>IAM policy defines what key component?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Compliance and integrity<\/li><li>Integrity and encryption<\/li><li>Authorization and compliance<\/li><li><strong>Authentication and authorization (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>What IAM policy choices control root account authentication?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>IAM group policy<\/li><li>IAM policies in general<\/li><li><strong>Multifactor authentication (Ans)<\/strong><\/li><li>IAM username policy<\/li><\/ul>\n\n\n\n<p><strong>Which of these statements best describes AWS Lambda?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Datastream analysis<\/li><li>Workflow orchestration for multiple tasks<\/li><li><strong>Serverless technology for running functions (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>Which of these tools can assist with designing an environment stop\/start process?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>EC2 instances<\/li><li><strong>Service dependency map (Ans)<\/strong><\/li><li>API credentials<\/li><\/ul>\n\n\n\n<p><strong>Which of these most accurately describes the AWS CLI?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Compiled executables written in C# that enable end users to access the AWS service API endpoints<\/li><li><strong>A unified single command that interfaces between the end user and the various AWS service API endpoints (Ans)<\/strong><\/li><li>Downloadable java libraries that can be run as executables to access the AWS service API endpoints<\/li><\/ul>\n\n\n\n<p><strong>Which of these is a true statement when copying an object into an S3 bucket that is owned by another account?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Object ownership follows the account performing the copy or upload. (Ans)<\/strong><\/li><li>Object ownership is irrelevant.<\/li><li>Object ACLs are more important than object ownership.<\/li><li>Object ownership follows the bucket.<\/li><\/ul>\n\n\n\n<p><strong>Which of these credential locations will be tested first when using the AWS CLI?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Instance profile credentials<\/li><li>Config file<\/li><li><strong>Environment variables (Ans)<\/strong><\/li><li>Credentials file<\/li><\/ul>\n\n\n\n<p><strong>Which service is used to directly generate instance profile credentials, which are visible via EC2 instance metadata?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>EC2<\/li><li>EBS<\/li><li>KMS<\/li><li><strong>STS (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>Which command line option helps restrict the amount of output when using the CLI?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>region<\/li><li>dry-run<\/li><li><strong>filter (Ans)<\/strong><\/li><li>output<\/li><\/ul>\n\n\n\n<p><strong>Which of these tasks can be easily performed using the AWS Console?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Bulk ACL creation<\/li><li><strong>Bucket creation (Ans)<\/strong><\/li><li>Intra-bucket copies<\/li><\/ul>\n\n\n\n<p><strong>What is the meaning of the statement &#8220;The service API is a contract with the customer&#8221;?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>The API can only be changed if all customers agree first.<\/li><li><strong>The API can only be added to or extended, not changed or reduced in functionality. (Ans)<\/strong><\/li><li>The API is never changed after initial service release.<\/li><\/ul>\n\n\n\n<p><strong>What are the steps involved in deleting an AMI?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Terminate AMI, delete snapshots<\/li><li>Delete AMI<\/li><li><strong>Deregister AMI, delete snapshots (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>What is the most appropriate AWS feature for sorting EC2 instances?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>EC2 instance type<\/li><li>Subnet<\/li><li><strong>Metadata tags (Ans)<\/strong><\/li><li>Security groups<\/li><\/ul>\n\n\n\n<p><strong>MFA should be used for:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Priviledged users<\/li><li>Every IAM user<\/li><li>The root account<\/li><li><strong>Priviledged users and the root account (Ans)<\/strong><\/li><li>Every IAM group<\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li><\/li><\/ul>\n\n\n<div class=\"epyt-gallery\" data-currpage=\"1\" id=\"epyt_gallery_72494\"><figure class=\"wp-block-embed wp-block-embed-youtube is-type-video is-provider-youtube epyt-figure\"><div class=\"wp-block-embed__wrapper\"><iframe loading=\"lazy\"  id=\"_ytid_22640\"  width=\"760\" height=\"427\"  data-origwidth=\"760\" data-origheight=\"427\" src=\"https:\/\/www.youtube.com\/embed\/?enablejsapi=1&#038;autoplay=0&#038;cc_load_policy=0&#038;cc_lang_pref=&#038;iv_load_policy=1&#038;loop=0&#038;rel=1&#038;fs=1&#038;playsinline=0&#038;autohide=2&#038;theme=dark&#038;color=red&#038;controls=1&#038;disablekb=0&#038;\" class=\"__youtube_prefs__  no-lazyload\" title=\"YouTube player\"  data-epytgalleryid=\"epyt_gallery_72494\"  allow=\"fullscreen; accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen data-no-lazy=\"1\" data-skipgform_ajax_framebjll=\"\"><\/iframe><\/div><\/figure><div class=\"epyt-gallery-list\"><div>Sorry, there was a YouTube error.<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>What is the definition of a managed policy? Custom policy controlled by the customer Deployed by the customer Created and maintained by AWS (Ans) Policies applied to&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[5633],"tags":[],"class_list":["post-8987","post","type-post","status-publish","format-standard","hentry","category-aws"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/8987","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=8987"}],"version-history":[{"count":3,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/8987\/revisions"}],"predecessor-version":[{"id":25080,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/8987\/revisions\/25080"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=8987"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=8987"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=8987"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}