AWS Basics

Question 1

What user is created when an AWS account is created?

Answer 1

The account root user.

Question 2

What span of control does the root user of an AWS account have over its account and and resources created within its account?

Answer 2

Full and unrestricted control.

Question 3

What is the default access setting for AWS accounts?

Answer 3

Deny, with the exeption of the root user. The root user has full and unrestricted access.

Question 4

What are the three types of multi-factor authentication (MFA) devices supported for AWS account authentication?

Answer 4

Authenticator app, security key, and hardware TOTP token

Question 5

What are AWS Budgets used for?

Answer 5

Monitors AWS costs and generates email alerts when accrued costs meet certain percentage thresholds.

Question 6

What is an AWS Public Service?

Answer 6

A Public Service can be accessed using public end points. This means it can be accessed from anywhere with an Internet connection.

Question 7

What is an AWS Private Service?

Answer 7

A Private Service exists inside of a VPC. Access to the VPC is a pre-requisite for access to a private service.

Question 8

What is an AWS Region?

Answer 8

A full deployment of computer, storage, database, and other AWS resources that are separated from analogous resources in other regions. For example, EC2 in one region is NOT the same as EC2 in another region.

Question 9

What is an AWS Edge Location?

Answer 9

A localized distribution or edge computing point. Edge locations can bring data and processing closer to customers, but do not have the full capabilities of a region.

Question 10

What are the benefits of AWS Regions?

Answer 10

1. Geographic separation allows for isolation of failures.
2. Geopolicical and regulatory separation allows for compliance based on the laws of different countries.
3. Customer proximity allows for increased performance when deployments are placed in a region close to customers.

Question 11

What is an Availablity Zone (AZ)?

Answer 11

Isolated resources located inside a Region. AZs are geographically separated within the region and operate with discrete facilities, networking, and power.

Question 12

What does it mean for a service to be globally resilient?

Answer 12

A global failure of AWS is required to cause the service to fail. Data is replicated across multiple Regions to ensure global reliability.

Question 13

What does it mean for a service to be Region resilient?

Answer 13

An entire AWS Region must fail to cause the service to fail. Data is replicated across multiple Availability Zones (AZ) within the Region to ensure regional reliability.

Question 14

What does it mean for a service to be AZ resilient?

Answer 14

An Availability Zone must fail to cause the service to fail. This happens when services are deployed in a single AZ.

Question 15

What is the customer’s responsibility in the AWS Shared Responsibility Model?

Answer 15

The customer has responsibility for security in the cloud. This includes configuration and security of the resources you provision, such as routing rules, security groups, identity and access management, customer data, EC2 instance patching, and patching of software you install on EC2 instances.

Question 16

What is AWS’s responsibility in the AWS Shared Responsibility Model?

Answer 16

AWS takes responsibility for security of the cloud. This includes hardware and software used to provide services, such as physical security, hypervisor patching, and services.

Question 17

What is High Availability (HA)?

Answer 17

High Availability seeks to ensure the highest uptime possible. It does not guarantee that there are no failures, but it tries to get the system back to an operational state as quickly as possible.

Question 18

What is Fault Tolerance?

Answer 18

Fault Tolerance seeks to enable continued operation of a system even if one or more components of the system fail.

Question 19

What is the purpose of an Amazon Resource Name (ARN)?

Answer 19

To uniquely identify resources within an AWS account.

Question 20

Describe the three different structures that can make up an ARN.

Answer 20

arn:partition:service:region:accountId:resourceId
arn:partition:service:region:accountId:resourceType:resourceId
arn:partition:service:region:accountId:resourceType/resourceId

Example: arn:aws:ec2:us-east-1:123456789012:vpc/vpc-0e9801d129

Question 21

What is block storage?

Answer 21

Raw storage that can be mounted or made into a bootable volume. There is no structure until the operating system creates a file system on the block storage.

Question 22

What is file storage?

Answer 22

Storage that has a file system structure. It is mountable, but not bootable.

Question 23

What is object storage?

Answer 23

A flat collection of data objects. It is not mountable or bootable.

Question 24

What service does AWS Backup provide?

Answer 24

Fully managed data-protection across a wide-range of AWS services across multiple accounts and regions.