ADVANCED IDENTITIES & FEDERATION

Question 1

What uses an identity from another provider to access AWS resources?

Answer 1

Identity Federation

Question 2

What is the only way to access AWS resources?

Answer 2

AWS Credentials

Question 3

What does SAML Mean?

Answer 3

Security Assertion Markup Language

Question 4

When you use an Enterprise Identity Provider, they have to be?

Answer 4

SAML 2.0 Compatible

Question 5

Use SAML if you have an existing what?

Answer 5

Identity Management Team

Question 6

Use SAML if you have more than how many users?

Answer 6

5,000 users

Question 7

SAML uses what type of roles and credentials?

Answer 7

IAM Roles and AWS Temp Credentials

Question 8

How long does the SAML AWS Temporary Credentials last?

Answer 8

12 hours

Question 9

AWS SSO manages SSO for?

Answer 9

AWS Accounts and External Applications

Question 10

AWS SSO has a what?

Answer 10

Flexible Identity Store

Question 11

AWS SSO has a built in what?

Answer 11

Identity Store

Question 12

What AD is compatible with AWS SSO?

Answer 12

AWS Managed Microsoft AD

Question 13

AWS SSO On Premises Microsoft AD uses what 2 things?`

Answer 13

Two trust or AD Connector

Question 14

AWS SSO is preferred by AWS for any what?

Answer 14

Workforce identity federation

Question 15

If an exam scenario is talking about customer identities such as web application using twitter, google, Facebook or any other web identity, what should you use?

Answer 15

AWS Cognito

Question 16

If exam asking about enterprise or workplace identities what do you use?

Answer 16

AWS Single Sign on

Question 17

What provides Authentication, Authorization, and user management for web/mobile apps?

Answer 17

AWS Cognito

Question 18

means to login to verify credentials in Cognito

Answer 18

Authentication

Question 19

means to manage access to services in Cognito

Answer 19

Authorization

Question 20

means to allow the creation and management of a serverless user database in Cognito

Answer 20

User Management

Question 21

What 2 parts are in Cognito

Answer 21

User Pools and Identity Pools

Question 22

What part signs in and gets a JSON Web Token (JWT) in Cognito

Answer 22

User Pools

Question 23

Most AWS Services cant use JSON Web Token (JWT) what do you need?

Answer 23

You need actual AWS Credentials

Question 24

This part allows you to offer access to Temporary AWS Credentials in Cognito

Answer 24

Identity Pools

Question 25

Unauthenticated Identities inside of Cognito Identity Pools are used for what?

Answer 25

Guest Users

Question 26

What Swaps- Google Facebook, Twitter, SAML 2.0 & User Pool for short term AWS Credentials to access AWS Resources in Cognito

Answer 26

Federation Identities

Question 27

are for joined signup and sign in experiences with user directory and profile management services in Cognito

Answer 27

User Pools

Question 28

are for swapping either an unauthenticated or authenticated identity for AWS credentials ex. User Pool Identity in Cognito

Answer 28

Identity Pools

Question 29

Is an Desktop as a Service (DaaS) for home working or office

Answer 29

Amazon Workspaces

Question 30

Amazon Workspaces is similar to what?

Answer 30

Citrix and Remote Desktop hosted by AWS

Question 31

Amazon Workspaces is an consistent Desktop from Anywhere. Apps and State are maintained

True or False

Answer 31

True

Question 32

Workspaces has various sizes and has access to what 2 Operating Systems?

Answer 32

Windows and Linux

Question 33

Workspaces has what 2 pricing models?

Answer 33

Monthly and Hourly

Question 34

The hourly billing model of workspaces is also charged what?

Answer 34

Base infrastructure Cost

Question 35

What does the Hourly Billing Model of Workspaces allow you to do?

Answer 35

Suspend when not in use for cost saving

Question 36

Workspaces uses which Directory Services?

Answer 36

Simple AD, AD Connector, and MS AD

Question 37

What is Simple AD used for in Workspaces?

Answer 37

Proof of concept and isolated workspace deployment

Question 38

What integrates with existing on premise AD with any directory infrastructure in AWS?

Answer 38

AD Connector

Question 39

What do you use if you need to use a native Microsoft AD and want to integrate with Workspaces?

Answer 39

AWS Managed MS AD

Question 40

What uses an ENI in a VPC and uses VPC networking

Answer 40

Workspaces

Question 41

What can access FSx and EC2 Windows resources

Answer 41

Workspaces

Question 42

What has an at rest encryption (EBS+KMS)?

Answer 42

Workspaces

Question 43

What runs in AWS Managed VPCs and use ENIs injected into customer managed VPCs?

Answer 43

Workspaces and DS

Question 44

How do customers connect to workspaces?

Answer 44

Client App using Shared Gateways

Question 45

Are Workspaces Highly Available?

Answer 45

No they use a single subnet/AZ

Question 46

If you need to run other apps within your VPC whether they are going to be accessed by workspaces or not, if it needs a native Active Directory implementation what do you use?

Answer 46

AWS Managed AD or AD Connector

Question 47

AWS Managed Directory Service/ Microsoft AD support supports what?

Answer 47

Group Policies and Single Sign On

Question 48

AWS Managed MS AD also supports for extension?

Answer 48

Schema Extension

Question 49

AWS Managed MS AD which MS AD Aware Apps?

Answer 49

Sharepoint, SQL, and Distributed File System

Question 50

What 2 Size does MS AD come in?

Answer 50

Standard 30,000 and Enterprise 500,000

Question 51

Is AWS Managed Directory Service Highly Available?

Answer 51

Yes 2 AZ+

Question 52

AWS Managed MS AD includes monitor, recovery, replication, snapshots, and maintenance -configurable ; managed by AWS

True or False

Answer 52

True

Question 53

Does AWS Managed MS AD support one and two way external and forest trusts with on premises active directory?

Answer 53

Yes

Question 54

Directory in AWS can operate through a network link failure to any connected on premises systems

True or False?

Answer 54

True

Question 55

Directory in AWS supports for MFA

Answer 55

Radius Based MFA

Question 56

It allows the quick and easy setup of multi account environments

Answer 56

AWS Control Tower

Question 57

AWS Control Tower has a multi account environment. What is it called?

Answer 57

Loading Zone

Question 58

AWS Control Tower has something that automates and standardizes new account creation. What is it called?

Answer 58

Account Factory

Question 59

AWS Control Tower has something that detect and mandates rules and standards across all accounts. What is it called?

Answer 59

Guard Rail

Question 60

Single page oversight of the entire environment is called what in AWS Control Tower?

Answer 60

Dashboard