{"id":9001,"date":"2020-01-18T07:21:47","date_gmt":"2020-01-18T07:21:47","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=9001"},"modified":"2021-11-13T10:25:51","modified_gmt":"2021-11-13T10:25:51","slug":"aws-interview-questions-and-answer-part-35","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/aws-interview-questions-and-answer-part-35\/","title":{"rendered":"AWS Interview Questions and Answer Part \u2013 35"},"content":{"rendered":"\n<p><strong>Cloud Trail delivers logs to which of the following?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>S3 buckets and RedShift instances<\/li><li>S3 buckets and EC2 instances<\/li><li><strong>S3 buckets and CloudWatch Logs groups (Ans)<\/strong><\/li><li>S3 buckets and RDS instances<\/li><\/ul>\n\n\n\n<p><strong>In a policy, a resource is:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>A role<\/li><li><strong>An AWS object (Ans)<\/strong><\/li><li>a network object<\/li><li>An IAM object<\/li><\/ul>\n\n\n\n<p><strong>Policies are written in:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>JSON (Ans)<\/strong><\/li><li>SOAPjr<\/li><li>HTML<\/li><li>XML<\/li><\/ul>\n\n\n\n<p><strong>Rolling back a policy to a previous version is accomplished by which of the following methods?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Setting the default version of the policy (Ans)<\/strong><\/li><li>Deleting the later version of a policy to get to the desired version<\/li><li>Selecting the rollback action under policies<\/li><\/ul>\n\n\n\n<p><strong>The best tool to identify excess permissions and inactive accounts is:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Amazon Inspector<\/li><li>Credential Report<\/li><li>Cloud Trail<\/li><li><strong>Access Advisor (Ans)<\/strong><\/li><li>Trusted Advisor<\/li><\/ul>\n\n\n\n<p><strong>Roles can be used with federated users from all of the following except:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Google<\/li><li>Active Directory<\/li><li><strong>Salesforce.com (Ans)<\/strong><\/li><li>Facebook<\/li><\/ul>\n\n\n\n<p><strong>Roles can be delegated to IAM users only if:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>A trust has been established betwen the role creator and the user creator<\/li><li><strong>A trust has been established to another AWS account (Ans)<\/strong><\/li><li>They are federated with Active Directory users<\/li><\/ul>\n\n\n\n<p><strong>Auditing answers all of the following questions except which one?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Who<\/li><li><strong>How (Ans)<\/strong><\/li><li>What<\/li><li>Where<\/li><li>When<\/li><\/ul>\n\n\n\n<p><strong>Customer Managed policies are best for which of the following situations?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Those who need granularity and control over specific privileges (Ans)<\/strong><\/li><li>Those wanting a simple policy experience<\/li><li>Those who are new to AWS policies<\/li><\/ul>\n\n\n\n<p><strong>Which of the following policy types is deleted when the associated object is deleted?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>AWS Managed Policies<\/li><li>Customer Managed Policies<\/li><li>System Managed Policies<\/li><li><strong>Inline Policies (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>When multiple statements exist in a single policy or multiple policies are applied to a single object, the policies are:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>ORed (Ans)<\/strong><\/li><li>Ignored as only one statement per policy or policy per object is allowed<\/li><li>ANDed<\/li><li>XORed<\/li><\/ul>\n\n\n\n<p><strong>To revert to a previous version if a policy, you select which option?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Revert to policy<\/li><li>Set as active policy<\/li><li><strong>Set as default (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>IAM Roles can be assumed by:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Applications<\/li><li><strong>IAM Users (Ans)<\/strong><\/li><li>IAM Groups<\/li><\/ul>\n\n\n\n<p><strong>IAM roles can be assumed by users in other accounts.<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>False<\/li><li><strong>True (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>The least expensive way to store cloud trail data for long periods of time is:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Archiving all data to Glacier<\/li><li>S3 Reduced Redundancy Storage<\/li><li><strong>S3 Lifecycle policies in conjunction with Glacier (Ans)<\/strong><\/li><li>S3 Infrequent Access<\/li><\/ul>\n\n\n\n<p><strong>Which type of policies are used with roles to provide access to AWS resources?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Trust and Permission (Ans)<\/strong><\/li><li>Account and Permission<\/li><li>Account and Access<\/li><li>Trust and Access<\/li><\/ul>\n\n\n\n<p><strong>The best tool to identify potential compliance violations is:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Trusted Advisor<\/li><li>Cloud Trail<\/li><li>Credential Report<\/li><li>Access Advisor<\/li><li><strong>Amazon Inspector (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>Auditing can be used to look for cost savings.<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>False<\/li><li><strong>True (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>IAM Policies contant all of the following components except:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Resource<\/li><li>Effect<\/li><li>Action<\/li><li>Condition<\/li><li><strong>Result (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>If versioning of policies and the ability to revert to a previous version are required, select the <em>_<\/em> policy type.<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Inline<\/li><li><strong>Customer Managed (Ans)<\/strong><\/li><li>Version-enabled<\/li><li>AWS Managed<\/li><\/ul>\n\n\n\n<p><strong>Cloud Trail is enabled on a <em>_<\/em> basis.<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Object<\/li><li><strong>Region (Ans)<\/strong><\/li><li>Availability Zone<\/li><\/ul>\n\n\n\n<p><strong>When policies are evaluated, the precedence in permissions is:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Least Restricitive<\/li><li><strong>Explicit Deny, Explicit Allow, Implicit Deny (Ans)<\/strong><\/li><li>Explicit Allow, Explicit Deny, Implicit Deny<\/li><li>Most Restricitive<\/li><\/ul>\n\n\n\n<p><strong>Cloud Trail data can be encrypted.<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>False<\/li><li><strong>True (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>IAM roles can be assigned to EC2 servers to provide access to AWS resources for applications running on that server.<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>False<\/li><li><strong>True (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>Cloud Trail audits which of these?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>API Access<\/li><li>Neither of these<\/li><li><strong>Both of these (Ans)<\/strong><\/li><li>Console Access<\/li><\/ul>\n\n\n\n<p><strong>Manged policies exist as stand-alone objects that can be associated with multiple IAM objects.<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>False<\/li><li><strong>True (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>The AWS security best practice for applications requiring access to AWS resources is to:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Embed Access Keys and Secret keys within those applications<\/li><li>Prompt the user for an IAM user name and password when access is needed<\/li><li>Assign roles to applications<\/li><li><strong>Assign roles to EC2 servers running those applications (Ans)<\/strong><\/li><\/ul>\n\n\n<div class=\"epyt-gallery\" data-currpage=\"1\" id=\"epyt_gallery_84970\"><iframe loading=\"lazy\"  id=\"_ytid_60342\"  width=\"760\" height=\"427\"  data-origwidth=\"760\" data-origheight=\"427\" src=\"https:\/\/www.youtube.com\/embed\/?enablejsapi=1&#038;autoplay=0&#038;cc_load_policy=0&#038;cc_lang_pref=&#038;iv_load_policy=1&#038;loop=0&#038;rel=1&#038;fs=1&#038;playsinline=0&#038;autohide=2&#038;theme=dark&#038;color=red&#038;controls=1&#038;disablekb=0&#038;\" class=\"__youtube_prefs__  no-lazyload\" title=\"YouTube player\"  data-epytgalleryid=\"epyt_gallery_84970\"  allow=\"fullscreen; accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen data-no-lazy=\"1\" data-skipgform_ajax_framebjll=\"\"><\/iframe><div class=\"epyt-gallery-list\"><div>Sorry, there was a YouTube error.<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Cloud Trail delivers logs to which of the following? S3 buckets and RedShift instances S3 buckets and EC2 instances S3 buckets and CloudWatch Logs groups (Ans) S3 buckets and RDS&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[5633],"tags":[],"class_list":["post-9001","post","type-post","status-publish","format-standard","hentry","category-aws"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/9001","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=9001"}],"version-history":[{"count":3,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/9001\/revisions"}],"predecessor-version":[{"id":25076,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/9001\/revisions\/25076"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=9001"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=9001"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=9001"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}