{"id":8996,"date":"2020-01-18T07:14:17","date_gmt":"2020-01-18T07:14:17","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=8996"},"modified":"2021-11-13T10:26:33","modified_gmt":"2021-11-13T10:26:33","slug":"aws-interview-questions-and-answer-part-33","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/aws-interview-questions-and-answer-part-33\/","title":{"rendered":"AWS Interview Questions and Answer Part \u2013 33"},"content":{"rendered":"\n<p><strong>To take advantage of the greatest number of features available in Active Directory while having Amazon responsible for the management of the operating system and underlying hardware, you should choose:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>LDAP<\/li><li>AD Redirector<\/li><li>Simple AD<\/li><li><strong>Enterprise AD (Ans)<\/strong><\/li><li>AD Connector<\/li><\/ul>\n\n\n\n<p><strong>Which AWS Directory Services Offering does not store data in AWS but rather redirects all access to an on-premises Active Directory implementation?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Enterprise AD<\/li><li>AD Redirector<\/li><li><strong>AD Connector (Ans)<\/strong><\/li><li>LDAP<\/li><li>Simple AD<\/li><\/ul>\n\n\n\n<p><strong>Which of the following is NOT an available effect?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Allow<\/li><li>Deny<\/li><li><strong>Permit (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>The root user credentials should be shared with all top-level administrators.<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>False (Ans)<\/strong><\/li><li>True<\/li><\/ul>\n\n\n\n<p><strong>The best way for administrators in one AWS account to backup administrators in another account (such as for vacation or sickness) is:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Create IAM users in each account for the administrators in the other account.<\/li><li>Share account names and passwords as needed.<\/li><li><strong>Create roles in each account that can be assumed by administrators in the other account. (Ans)<\/strong><\/li><li>Create a generic admin account for administrators in the other account to use.<\/li><\/ul>\n\n\n\n<p><strong>Trusted advisor is designed to do which of the following:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Find unused IAM Groups<\/li><li><strong>Reduce cost (Ans)<\/strong><\/li><li>Report on compliance<\/li><li>Find IAM Users with excess permissions<\/li><\/ul>\n\n\n\n<p><strong>To maximize the safety of data that has been backed up, you should:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Backup to two different S3 buckets in different regions.<\/li><li>Set permissions on the backup destination to forbid deleting content.<\/li><li>Use Lifecycle policies to manage backups and expire outdated ones.<\/li><li><strong>Backup to a different account. (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>Consolidated billing is used to:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Pay for all the charges in multiple AWS accounts. (Ans)<\/strong><\/li><li>Report on the spending within an account.<\/li><li>Report on the spending across accounts.<\/li><\/ul>\n\n\n\n<p><strong>Consolidated Billing can be used to secure volume discounts:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Within an account<\/li><li><strong>Across multiple accounts (Ans)<\/strong><\/li><li>Within a region<\/li><\/ul>\n\n\n\n<p><strong>IAM roles are used when federating with users authenticated outside of AWS, such as Active Directory and Google.<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>True (Ans)<\/strong><\/li><li>False<\/li><\/ul>\n\n\n\n<p><strong>The Principle of Least Priviledge should be used to:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Create as few policies as possible<\/li><li><strong>Grant users just enough permissions to do their jobs (Ans)<\/strong><\/li><li>Grant as few policies as possible to users<\/li><\/ul>\n\n\n\n<p><strong>If trusts are required between Active Directory domains hosted via AWS Directory Services, you must select:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>AD Redirector<\/li><li><strong>Enterprise AD (Ans)<\/strong><\/li><li>ADConnector<\/li><li>Simple AD<\/li><li>LDAP<\/li><\/ul>\n\n\n\n<p><strong>To utilize AWS Directory Services\u2019 Enterprise AD offering, which VPC range must be excluded from those you can use:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>198.19.0.0\/16 (Ans)<\/strong><\/li><li>10.255.0.0\/16<\/li><li>192.168.0.0\/16<\/li><li>172.16.0.0\/16<\/li><\/ul>\n\n\n\n<p><strong>Which of the following can occur if the root account is compromised?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>None of these<\/li><li>Resources can be deleted<\/li><li><strong>All of these (Ans)<\/strong><\/li><li>Resorces can be created<\/li><li>Data can be stolen<\/li><\/ul>\n\n\n\n<p><strong>An IAM user may have _ access keys maximum.<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>5<\/li><li><strong>2 (Ans)<\/strong><\/li><li>1<\/li><li>unlimited<\/li><li>3<\/li><\/ul>\n\n\n\n<p><strong>IAM accounts can be used to enforce the principle of least privilege.<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>False<\/li><li><strong>True (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>Which of the following cannot be used to create an IAM policy?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Policy Creator (Ans)<\/strong><\/li><li>Copying an AWS managed policy<\/li><li>Creating a policy in JSON<\/li><li>Policy Generator<\/li><\/ul>\n\n\n\n<p><strong>Credential Report contains the following information:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Regions used by this IAM user<\/li><li>Access Key last used object<\/li><li>IAM user last used region<\/li><li><strong>Access Key last used region (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>Simple AD uses:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Samba (Ans)<\/strong><\/li><li>Windows Active Directory<\/li><li>Novell eDirectory<\/li><\/ul>\n\n\n\n<p><strong>Which of the following can have passwords assigned to them?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>IAM Users (Ans)<\/strong><\/li><li>IAM Groups<\/li><li>IAM Roles<\/li><\/ul>\n\n\n\n<p><strong>Password policies can be set for which of the following?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>All IAM users (all get the same policy applied) (Ans)<\/strong><\/li><li>Each IAM user (individual settings for each user)<\/li><li>All IAM Groups (all get the same policy applied)<\/li><li>IAM Roles<\/li><li>Each IAM group (individual settings for each group)<\/li><\/ul>\n\n\n<div class=\"epyt-gallery\" data-currpage=\"1\" id=\"epyt_gallery_61845\"><iframe loading=\"lazy\"  id=\"_ytid_82385\"  width=\"760\" height=\"427\"  data-origwidth=\"760\" data-origheight=\"427\" src=\"https:\/\/www.youtube.com\/embed\/?enablejsapi=1&#038;autoplay=0&#038;cc_load_policy=0&#038;cc_lang_pref=&#038;iv_load_policy=1&#038;loop=0&#038;rel=1&#038;fs=1&#038;playsinline=0&#038;autohide=2&#038;theme=dark&#038;color=red&#038;controls=1&#038;disablekb=0&#038;\" class=\"__youtube_prefs__  no-lazyload\" title=\"YouTube player\"  data-epytgalleryid=\"epyt_gallery_61845\"  allow=\"fullscreen; accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen data-no-lazy=\"1\" data-skipgform_ajax_framebjll=\"\"><\/iframe><div class=\"epyt-gallery-list\"><div>Sorry, there was a YouTube error.<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>To take advantage of the greatest number of features available in Active Directory while having Amazon responsible for the management of the operating system and underlying hardware, you should choose:&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[5633],"tags":[],"class_list":["post-8996","post","type-post","status-publish","format-standard","hentry","category-aws"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/8996","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=8996"}],"version-history":[{"count":2,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/8996\/revisions"}],"predecessor-version":[{"id":25078,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/8996\/revisions\/25078"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=8996"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=8996"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=8996"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}