{"id":8989,"date":"2020-01-18T07:11:22","date_gmt":"2020-01-18T07:11:22","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=8989"},"modified":"2021-11-13T10:26:53","modified_gmt":"2021-11-13T10:26:53","slug":"aws-interview-questions-and-answer-part-32","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/aws-interview-questions-and-answer-part-32\/","title":{"rendered":"AWS Interview Questions and Answer Part \u2013 32"},"content":{"rendered":"\n<p><strong>The best tool to identify excess access keys and passwords that have NOT been rotated recently is:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Cloud Trail<\/li><li>Trusted Advisor<\/li><li>Amazon Inspector<\/li><li>Access Advisor<\/li><li><strong>Credential Report (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>Which of the following AWS Directory Service offerings does not support transferring FSMO roles:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>AD Redirector<\/li><li>AD Connector<\/li><li>LDAP<\/li><li><strong>Simple AD (Ans)<\/strong><\/li><li>Enterprise AD<\/li><\/ul>\n\n\n\n<p><strong>Which of the following is NOT part of Amazon&#8217;s responsibility?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Availability Zones<\/li><li>Edge locations<\/li><li>Regions<\/li><li><strong>Network Security (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>Which of the following is NOT an MFA option for IAM users?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Google Authenticator<\/li><li><strong>Biometric (Ans)<\/strong><\/li><li>Hardware token (FOB)<\/li><li>SMS (text)<\/li><li>Windows Authenticator<\/li><\/ul>\n\n\n\n<p><strong>Which of the following CANNOT have a role assigned to it?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Federated User<\/li><li>EC2 instance<\/li><li>Web Service<\/li><li><strong>IAM Group (Ans)<\/strong><\/li><li>IAM User<\/li><\/ul>\n\n\n\n<p><strong>Which of the following is NOT a type of policy?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Inline Policy<\/li><li>AWS Managed Policy<\/li><li>Customer Managed Policy<\/li><li><strong>System Managed Policy (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>The common parameters passed to AWS to grant federated access regardless of which API include all of the following except:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Role name<\/li><li>Duration for which the credentials are valid<\/li><li><strong>SAML Token (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>Which of the following is NOT a reason to use multiple AWS accounts?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Control access to different workloads by different administrators<\/li><li>Reduce the potential damage after a security breach<\/li><li><strong>Control network security (Ans)<\/strong><\/li><li>Store auditing and backup data for safe keeping and restricted access<\/li><\/ul>\n\n\n\n<p><strong>Which of the following is much more difficult when multiple accounts are used?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Visibility of what money is spent on across accounts<\/li><li>Maximum volume discounts (they are determined per account)<\/li><li><strong>Security consistency across accounts (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>CloudTrail can save auditing information to:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>An S3 bucket per account<\/li><li>An S3 bucket per region<\/li><li><strong>An S3 bucket for all accounts owned (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>Which of the following identity sources is NOT supported with AWS?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Twitter (Ans)<\/strong><\/li><li>Google<\/li><li>Amazon<\/li><li>Facebook<\/li><\/ul>\n\n\n\n<p><strong>Which of the following uses a Rules Package to determine what gets reported?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Amazon Inspector<\/li><li>Access Advisor<\/li><li>Cloud Trail<\/li><li>Trusted Advisor<\/li><li><strong>Credential Report (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>IAM Groups should be used to group:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>IAM Users (Ans)<\/strong><\/li><li>IAM Roles<\/li><li>IAM Policies<\/li><\/ul>\n\n\n\n<p><strong>IAM roles can be used for which of the following?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Both of these (Ans)<\/strong><\/li><li>Neither of these<\/li><li>Providing applications on EC2 servers access to AWS resources<\/li><li>Identity Federation<\/li><\/ul>\n\n\n\n<p><strong>Which of the following is NOT a VPC prerequisite when using AWS Directory Services?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Two subnets in two availability zones<\/li><li>Default hardware tenancy<\/li><li><strong>Two subnets in two regions (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>When an object is deleted, which of the following policy type(s) is\/are also deleted with it?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Customer Managed<\/li><li>AWS Managed<\/li><li>None of these \u2013 policies must always be deleted separately from objects using them.<\/li><li><strong>Inline (Ans)<\/strong><\/li><li>All of these \u2013 all policies are automatically deleted.<\/li><\/ul>\n\n\n\n<p><strong>The root user account looks like which of the following?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>A user name<\/li><li>An account number<\/li><li>A domain user name<\/li><li><strong>An email address (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>You can require Multi Factor Authentication (MFA) be used with roles.<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Yes (Ans)<\/strong><\/li><li>No<\/li><\/ul>\n\n\n\n<p><strong>To configure access across accounts for users, which of the following actions should be used?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Create a duplicate user account in each AWS account for the administrator to use.<\/li><li>Federate users and authenticate to a third party or on-premises directory.<\/li><li><strong>Create a role in each other AWS account, assign the correct permissions for that account, and allow the appropriate IAM users access to it. (Ans)<\/strong><\/li><li>Put IAM users from each of the accounts in the IAM group(s) in the accounts to which they need access.<\/li><\/ul>\n\n\n\n<p><strong>The root account should be used for which of the following?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Day-to-day administration<\/li><li>Creating IAM users<\/li><li><strong>Initial setup and billing (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>IAM users, groups, and roles cost how much per month?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Pennies per thousand objects<\/li><li><strong>Nothingthey are free. (Ans)<\/strong><\/li><li>Pennies per hundred objects<\/li><li>Pennies per ten thousand objects<\/li><\/ul>\n\n\n<div class=\"epyt-gallery\" data-currpage=\"1\" id=\"epyt_gallery_57823\"><iframe loading=\"lazy\"  id=\"_ytid_21889\"  width=\"760\" height=\"427\"  data-origwidth=\"760\" data-origheight=\"427\" src=\"https:\/\/www.youtube.com\/embed\/?enablejsapi=1&#038;autoplay=0&#038;cc_load_policy=0&#038;cc_lang_pref=&#038;iv_load_policy=1&#038;loop=0&#038;rel=1&#038;fs=1&#038;playsinline=0&#038;autohide=2&#038;theme=dark&#038;color=red&#038;controls=1&#038;disablekb=0&#038;\" class=\"__youtube_prefs__  no-lazyload\" title=\"YouTube player\"  data-epytgalleryid=\"epyt_gallery_57823\"  allow=\"fullscreen; accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen data-no-lazy=\"1\" data-skipgform_ajax_framebjll=\"\"><\/iframe><div class=\"epyt-gallery-list\"><div>Sorry, there was a YouTube error.<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>The best tool to identify excess access keys and passwords that have NOT been rotated recently is: Cloud Trail Trusted Advisor Amazon Inspector Access Advisor Credential Report (Ans) Which of&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[5633],"tags":[],"class_list":["post-8989","post","type-post","status-publish","format-standard","hentry","category-aws"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/8989","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=8989"}],"version-history":[{"count":3,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/8989\/revisions"}],"predecessor-version":[{"id":25079,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/8989\/revisions\/25079"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=8989"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=8989"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=8989"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}