AWS Cloud Technical Essentials

Question 1

It is the on-demand delivery of IT resources over the internet with pay-as-you-go pricing. Instead of buying, owning, and maintaining physical data centers and servers, you can access technology services, such as computing power, storage, and databases, on an as-needed basis from a cloud provider.

Answer 1

Cloud Computing

Question 2

What are the 6 benefits of Cloud Computing?

Answer 2

1. Pay as you go (Elasticity)
2. Benefit from massive economies of scale (Cost Savings)
3. Stop guessing capacity (Elasticity)
4. Increase speed and agility (Agility)
5. Stop sending money running and maintaining data centers (Cost Savings)
6. Go global in minutes

Question 3

What are the types of Cloud Computing?

Answer 3

• Infrastructure as a Service (IaaS)
• Platform as a Service (PaaS)
• Software as a Service (SaaS)

Question 4

It contains the basic building blocks for cloud IT. It typically provides access to networking features, computers (virtual or on dedicated hardware), and data storage space. IaaS gives you the highest level of flexibility and management control over your IT resources. It is most similar to the existing IT resources with which many IT departments and developers are familiar.

Answer 4

IaaS

Question 5

It removes the need for you to manage underlying infrastructure (usually hardware and operating systems), and allows you to focus on the deployment and management of your applications. This helps you be more efficient as you don’t need to worry about resource procurement, capacity planning, software maintenance, patching, or any of the other undifferentiated heavy lifting involved in running your application.

Answer 5

PaaS

Question 6

It provides you with a complete product that is run and managed by the service provider. In most cases, people referring to SaaS are referring to end-user applications (such as web-based email). With a SaaS offering, you don’t have to think about how the service is maintained or how the underlying infrastructure is managed. You only need to think about how you will use that particular software.

Answer 6

SaaS

Question 7

What are the types of Cloud Computing?

Answer 7

1. Cloud
2. Hybrid
3. On-premises

Question 8

What are clusters of Data Centers?

Answer 8

Availability Zone or AZ

An AZ consists of one or more data centers with redundant power, networking, and connectivity. These data centers operate in discrete facilities with undisclosed locations. They are connected using redundant high-speed and low-latency links.

If you see that a resource exists in us-east-1c, you know this resource is located in AZ c of the us-east-1 Region.

Question 9

What are clusters of AZs called?

Answer 9

Region

Question 10

What are the four aspects of choosing a Region?

Answer 10

1. Compliance - Enterprise companies often need to comply with regulations that require customer data to be stored in a specific geographic territory.
2. Latency - IT resources have to be close to your user base
3. Price - Prices may vary per region due to local economy and physical nature of operating data centers
4. Service Availability - Not all services are available in every region

Question 11

It consists of Edge locations and regional Edge caches. These are used to cache content closer to end users, thus reducing latency.

Answer 11

Global Edge Network

You can use services like Amazon CloudFront to cache content using the Edge locations.

Question 12

These are geographic locations worldwide where AWS hosts its data centers. AWS Regions are named after the location where they reside.

Answer 12

Regions

Question 13

Where is the AWS Cloud Infrastructure built around?

Answer 13

AWS Regions and Availability Zones

Question 14

It is the URL of the entry point for an AWS web service.

Answer 14

AWS Service Endpoint

Question 15

What are the types of AWS Service Endpoints?

Answer 15

1. Regional
2. Global
3. Federal Information Processing Standard (FIPS) - FIPS endpoints use a TLS software library that complies with FIPS 140-2. These endpoints might be required by enterprises that interact with the United States government. With FIPS endpoints, the minimum requirement is TLS 1.2. Recommended is TLS 1.3.
4. Dual Stack - These endpoints can be accessed using either IPv4 or IPv6 requests.

Question 16

What does API stand for?

Answer 16

Application Program Interface

Question 17

How to make API calls in AWS or how do you connect to AWS?

Answer 17

1. AWS Management Console - This is a web-based method that you log into from your browser.
2. AWS Command Line Interface (CLI)
3. AWS Software Development Kits (SDK)

Question 18

Who is responsible for the security in AWS Cloud?

Answer 18

This is a shared responsibility between AWS and the customer.

Question 19

What part of the Shared Responsibility Model is AWS responsible for?

Answer 19

AWS is responsible for security of the cloud. This means AWS is required to protect and secure the infrastructure that runs all the services offered in the AWS Cloud. AWS is responsible for:

• Protecting and securing AWS Regions, Availability Zones, and data centers, down to the physical security of the buildings
• Managing the hardware, software, and networking components that run AWS services, such as the physical server, host operating systems, virtualization layers, and AWS networking components

Question 20

Provide the 3 categories of AWS Services.

Answer 20

1. Infrastructure Services - Compute services, such as Amazon Elastic Compute Cloud (Amazon EC2
2. Container Services - Services that require less management from the customer, such as Amazon Relational Database Service (Amazon RDS). Container services refer to AWS abstracting application containers behind the scenes, not Docker container services. This enables AWS to move the responsibility of managing that platform away from customers.
3. Abstracted Services - Services that require very little management from the customer, such as Amazon Simple Storage Service (Amazon S3)

Question 21

What part of the Shared Responsibility Model is the customer responsible for?

Answer 21

You’re responsible for security in the cloud. When using any AWS service, you’re responsible for properly configuring the service and your applications, as well as ensuring your data is secure.The level of responsibility you have depends on the AWS service. Some services require you to perform all the necessary security configuration and management tasks, while other more abstracted services require you to only manage the data and control access to your resources.

Question 22

Who is responsible for Hardware or AWS Global Infrastructure?

Answer 22

AWS

Question 23

Who is responsible for Regions, AZs, and Edge Locations?

Answer 23

AWS

Question 24

Who is responsible for the infrastructure in various software components that run AWS services?

Answer 24

AWS

Question 25

Who is responsible for compute databases, storage, and networking?

Answer 25

AWS

Question 26

Who is responsible for securing services from the host operating system up through the virtualization layer?

Answer 26

AWS

Question 27

Who manages the physical host the VM is placed on as well as everything through the hypervisor level?

Answer 27

AWS

Question 28

Who is responsible for patching the host operating system and the hypervisor?

Answer 28

AWS

Question 29

Who is responsible for the underlying hardware up through the virtualization layer?

Answer 29

AWS

Question 30

Who is responsible for the security in the Cloud?

Answer 30

Customer

Question 31

Who is responsible for patching the operating systems of the customers’ VMs?

Answer 31

Customer

Question 32

Who is responsible for the security of the base layer in the Cloud?

Answer 32

AWS

Question 33

Who is responsible for encrypting the data in transit and at rest?

Answer 33

Customer

Question 34

Who is responsible for configuring firewalls in the Cloud?

Answer 34

Customer

Question 35

Who is responsible for defining user access?

Answer 35

Customer

Question 36

Who owns the customer’s data in AWS?

Answer 36

Customer

Question 37

Does the Shared Responsibility Model vary from service to service?

Answer 37

Yes

Question 38

Who is responsible for Platform, applications, identity and access management?

Answer 38

Customer

Question 39

Who is responsible for the security of the Cloud?

Answer 39

AWS

Question 40

Who is responsible for protecting and securing AWS Regions, Availability Zones, and data centers, down to the physical security of the buildings?

Answer 40

AWS

Question 41

Who is responsible for managing the hardware, software, and networking components that run AWS services, such as the physical server, host operating systems, virtualization layers, and AWS networking components

Answer 41

AWS

Question 42

Who is responsible for managing the underlying infrastructure and foundation services?

Answer 42

AWS

Question 43

Who is responsible for managing the underlying infrastructure and foundation services, operating system, and application platform?

Answer 43

AWS

Question 44

Who is responsible for operating the infrastructure layer, operating system, and platforms, as well as server-side encryption and data protection?

Answer 44

AWS

Question 45

Who is responsible for controlling the operating system and application platform, as well as encrypting, protecting, and managing customer data?

Answer 45

Customer

Question 46

Who is responsible for customer data, encrypting that data, and protecting it through network firewalls and backups?

Answer 46

Customer

Question 47

Who is responsible for managing customer data and protecting it through client-side encryption?

Answer 47

Customer

Question 48

Who is responsible for choosing a Region for AWS resources in accordance with data sovereignty regulations?

Answer 48

Customer

Question 49

Who is responsible for implementing data protection mechanisms, such as encryption and managing backups?

Answer 49

Customer

Question 50

Who is responsible for using access control to limit who has access to your data and AWS resources?

Answer 50

Customer

Question 51

Who is responsible for patching and fixing flaws within the infrastructure?

Answer 51

AWS

Question 52

Who is responsible for patching their guest OS and applications?

Answer 52

Customer

Question 53

Who is responsible for maintaining the configuration of its infrastructure devices?

Answer 53

AWS

Question 54

Who is responsible for configuring the guest operating systems, databases, and applications?

Answer 54

Customer

Question 55

What are the things to remember when creating a root user account?

Answer 55

1. Use Multi-factor Authentication (MFA)
2. Do not use the root user for everyday tasks, even the administrative ones.

Question 56

What is the process of giving users permission to access AWS resources and services?

Answer 56

Authorization

Question 57

What is the process of verifying the user’s identity?

Answer 57

Authentication

Question 58

What is a single sign-in identity that has complete access to all AWS services and resources in the account?

Answer 58

AWS Root User

Question 59

What are the two sets of credentials associated with an AWS Root User?

Answer 59

1. Email address and Password
2. Access keys

Question 60

What are the two parts of an Access Key?

Answer 60

1. Access Key ID
2. Secret Access Key

Question 61

What do you need to authenticate your requests via AWS CLI or AWS API?

Answer 61

1. Access Key ID
2. Secret Access Key

Question 62

Who has complete access to all AWS services and resources in your account, as well as your billing and personal information?

Answer 62

AWS Root User

Question 63

How do you ensure the safety of the AWS Root User?

Answer 63

1. Choose a strong password for the root user.
2. Never share your root user password or access keys with anyone.
3. Disable or delete the access keys associated with the root user.
4. Do not use the root user for administrative tasks or everyday tasks.

Question 64

How do you delete the access key of your AWS Root User?

Answer 64

1. Go to the My Security Credentials page in the AWS Management Console and sign-in with the root user’s email address and password.
2. Open the Access Keys section.
3. Under Actions, click Delete.
4. Click Yes.

Question 65

What is the simplest and most common form of authentication?

Answer 65

Single-factor Authentication

Question 66

What are the forms of Single-factor Authentication?

Answer 66

1. Username and Password
2. Security PIN
3. Security token

Question 67

What form of authentication requires two or more authentication methods to verify an identity?

Answer 67

Multi-factor Authentication

Question 68

What are the different categories of information for an MFA?

Answer 68

1. Something you know, such as a username and password, or PIN
2. Something you have, such as a one-time passcode from a hardware device or mobile app
3. Something you are, such as fingerprint or face scanning technology

Question 69

What are the different MFA mechanisms?

Answer 69

1. Virtual MFA devices
2. Hardware devices
3. Universal 2nd Factor (U2F) devices

Question 70

Which Virtual MFA devices are supported by AWS?

Answer 70

1. Authy
2. Duo Mobile
3. LastPass Authenticator
4. Microsoft Authenticator
5. Google Authenticator

Question 71

Which Hardware devices are supported by AWS?

Answer 71

1. Key Fob
2. Display Card

Question 72

Which U2F device is supported by AWS?

Answer 72

1. YubiKey

Question 73

What is a Virtual MFA device?

Answer 73

A software app that runs on a phone or other device that provides a one-time passcode

Question 74

What is an MFA Hardware device?

Answer 74

A hardware device, generally a key fob or display card device that generates a one-time six-digit numeric code.

Question 75

What is an MFA U2F device?

Answer 75

A hardware device that you plug into a USB port on your computer.

Question 76

In IAM, what is a Group?

Answer 76

It refers to a collection of IAM users.

Question 77

Can you assign a policy to a Root User?

Answer 77

No

Question 78

Can you assign a policy to an Admin User?

Answer 78

Yes

Question 79

It is a web service that enables you to manage access to your AWS account and resources.

Answer 79

IAM

Question 80

What does IAM stand for?

Answer 80

Identity and Access Management

Question 81

What provides a centralized view of who and what are allowed inside your AWS account (authentication), and who and what have permissions to use and work with your AWS resources (authorization)?

Answer 81

IAM

Question 82

Is IAM global and not specific to any one Region?

Answer 82

Yes. You can see and use your IAM configurations from any Region in the AWS Management Console.

Question 83

How much does it cost to use an IAM service?

Answer 83

The service is offered at no additional charge.

Question 84

What represents a person or service that interacts with AWS?

Answer 84

IAM User

Question 85

Can an IAM Group have many IAM Users?

Answer 85

Yes

Question 86

Can an IAM Group belong to other IAM Groups?

Answer 86

No

Question 87

Can an IAM User belong to many IAM Groups?

Answer 87

Yes

Question 88

How do you grant permissions in IAM?

Answer 88

By using IAM Policies

Question 89

Can you attach an IAM Policy to an IAM User?

Answer 89

Yes

Question 90

Can you attach an IAM Policy to an IAM Group?

Answer 90

Yes

Question 91

Can you attach an IAM Policy to an IAM Role?

Answer 91

Yes

Question 92

What are the four major JSON elements in an IAM Policy?

Answer 92

1. Version
2. Effect
3. Action
4. Resource

Question 93

What defines the version of the policy language?

Answer 93

The Version element in an IAM Policy.

Question 94

Which JSON element in an IAM Policy specifies the language syntax rules that are needed by AWS to process a policy?

Answer 94

Version

Question 95

How do you use all the available policy features in an IAM Policy?

Answer 95

Include “Version”: “2012-10-17” before the “Statement” element in all your policies.

Question 96

Which JSON element in an IAM Policy specifies whether the statement will allow or deny access?

Answer 96

Effect

Question 97

What are the valid values for the Effect element in an IAM Policy?

Answer 97

1. Allow
2. Deny

Question 98

Which JSON element in an IAM Policy describes the type of action that should be allowed or denied?

Answer 98

Action

Question 99

What does the “*” mean in the Action element of an IAM Policy?

Answer 99

“*” is called a wildcard, and it is used to symbolize every action inside your AWS account.

Question 100

Which JSON element in an IAM Policy specifies the object or objects that the policy statement covers?

Answer 100

Resource

Question 101

What does the “*” mean in the Resource element of an IAM Policy?

Answer 101

“*” is called a wildcard. This represents .all resources inside your AWS console

Question 102

Which JSON element in an IAM Policy specifies whether the statement results in an allow or an explicit deny?

Answer 102

Effect

Question 103

Which JSON element in an IAM Policy describes the specific actions that will be allowed or denied?

Answer 103

Action

Question 104

Which JSON element in an IAM Policy specifies the object or objects that the statement covers?

Answer 104

Resource

Question 105

What is the difference between an IAM User and an IAM Role?

Answer 105

IAM users have usernames and passwords as well as static credentials whereas IAM roles do not have any login credentials like a username and password and the credentials used to sign requests are programmatically acquired, temporary in nature, and automatically rotated.

Question 106

What is a standard security principle that advises you to grant only the necessary permissions to do a particular job and nothing more?

Answer 106

Principle of Least Privilege

Question 107

Is IAM used to secure access to your AWS account and resources?

Answer 107

Yes

Question 108

Is IAM used for website authentication and authorization, such as providing users of a website with sign-in and sign-up functionality?

Answer 108

No

Question 109

Does iAM support security controls for protecting operating systems and networks?

Answer 109

No

Question 110

What does IdP stand for?

Answer 110

Identity Provider

Question 111

What provides you a single source of truth for all identities in your organization?

Answer 111

Identity Provider or IdP

Question 112

What is AWS’ Single Sign-On service called?

Answer 112

AWS IAM Identity Center

Question 113

What is an AWS IAM Identity Center?

Answer 113

It lets your users sign in to a user portal with a single set of credentials.

Question 114

What does ARN stand for?

Answer 114

Amazon Resource Name

Question 115

What do you need to define to allow your users to make programmatic calls to AWS using things like the AWS command line and AWS software development kits?

Answer 115

Access Keys

Question 116

Which compute service that allows you to host virtual machines?

Answer 116

EC2

Question 117

What does AMI stand for?

Answer 117

Amazon Machine Image

Question 118

True or False: Every action a user takes in AWS is an API call

Answer 118

True

Question 119

What are the four main factors that a solutions architect should consider when they must choose a Region?

Answer 119

Latency, price, service availability, and compliance

Question 120

What provides temporary credentials (that expire after a defined period of time) to AWS services?

Answer 120

IAM Role

Question 121

It consists of one or more data centers with redundant power, networking, and connectivity. These data centers operate in discrete facilities with undisclosed locations. They are connected using redundant high-speed and low-latency links.

Answer 121

Availability Zone (AZ)

Question 122

Name the list of AWS compute services.

Answer 122

1. AWS App Runner
2. Batch
3. EC2
4. EC2 Image Builder
5. Elastic Beanstalk
6. Lambda
7. Lightsail
8. AWS Outposts
9. Serverless Application Repository

Question 123

What are the categories of AWS compute services?

Answer 123

1. Instances (virtual machines)
2. Containers
3. Serverless
4. Edge and hybrid
5. Cost and capacity management

Question 124

What are the AWS services under Instances (virtual machines)?

Answer 124

1. Amazon Elastic Compute Cloud (EC2)
2. Amazon EC2 Spot Instances
3. Amazon EC2 Auto Scaling
4. Amazon Lightsail
5. AWS Batch

Question 125

What are the AWS services under Containers?

Answer 125

1. Amazon Elastic Container Service (ECS)
2. Amazon ECS Anywhere
3. Amazon Elastic Container Registry (ECR)
4. Amazon Elastic Kubernetes Service (EKS)
5. Amazon EKS Anywhere
6. AWS Fargate
7. AWS App Runner

Question 126

What are the AWS services under Serverless?

Answer 126

AWS Lambda

Question 127

What are the AWS services under Edge and Hybrid?

Answer 127

1. AWS Outposts
2. AWS Snow Family
3. AWS Wavelength
4. VMWare Cloud on AWS
5. AWS Local Zones

Question 128

What are the AWS services under Cost and Capacity Management?

Answer 128

1. AWS Savings Plan
2. AWS Compute Optimizer
3. AWS Elastic Beanstalk
4. EC2 Image Builder
5. Elastic Load Balancing (ElB)

Question 129

It is a secure and resizeable compute capacity (virtual servers) in the cloud.

Answer 129

Amazon Elastic Compute Cloud (EC2)

Question 130

It is used to run fault-tolerant workloads for up to 90% off.

Answer 130

Amazon EC2 Spot Instances

Question 131

It is used to automatically add or remove compute capacity to meet changes in demand.

Answer 131

Amazon EC2 Auto Scaling

Question 132

It is an easy-to-use cloud platform that offers you everything you need to build an application or website.

Answer 132

Amazon Lightsail

Question 133

It is a fully managed batch processing at any scale.

Answer 133

AWS Batch

Question 134

It is a highly secure, reliable, and scalable way to run containers.

Answer 134

Amazon Elastic Container Service (ECS)

Question 135

It is used to run containers on customer managed infrastructure.

Answer 135

Amazon ECS Anywhere

Question 136

It is used to easily store, manage, and deploy container images.

Answer 136

Amazon Elastic Container Registry

Question 137

It is a fully managed Kubernetes service.

Answer 137

Amazon Elastic Kubernetes Service (Amazon EKS)

Question 138

It is used to create and operate Kubernetes clusters on your own infrastructure.

Answer 138

Amazon EKS Anywhere

Question 139

It is a serverless compute for containers.

Answer 139

AWS Fargate

Question 140

It is used to build and run containerized applications on a fully managed service.

Answer 140

AWS App Runner

Question 141

It is used to run code without thinking about servers. Pay only for the compute time you consume.

Answer 141

AWS Lambda

Question 142

It is used to run AWS infrastructure and services on premises for a truly consistent hybrid experience.

Answer 142

AWS Outposts

Question 143

It is used to collect and process data in rugged or disconnected edge environments.

Answer 143

AWS Snow Family

Question 144

It is used to deliver ultra-low latency application for 5G devices.

Answer 144

AWS Wavelength

Question 145

It is the preferred service for all vSphere workloads to rapidly extend and migrate to the cloud

Answer 145

VMWare Cloud on AWS

Question 146

It is used to run latency sensitive applications closer to end-users.

Answer 146

AWS Local Zones

Question 147

It is a flexible pricing model that provides savings of up to 72% on AWS compute usage.

Answer 147

AWS Savings Plan

Question 148

It recommends optimal AWS compute resources for your workloads to reduce costs and improve performance.

Answer 148

AWS Compute Optimizer

Question 149

It is an easy-to-use service for deploying and scaling web applications and services.

Answer 149

AWS Elastic Beanstalk

Question 150

It is used to build and maintain secure Linux or Windows Server images.

Answer 150

EC2 Image Builder

Question 151

It is used to automatically distribute incoming application traffic across multiple targets.

Answer 151

Elastic Load Balancing

Question 152

It is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers.

Answer 152

Amazon Elastic Compute Cloud (EC2)