AWS Fundamentals 1

Question 1

Which contains what? AZ and Regions!

Answer 1

Regions contain multiple Azs

Question 2

Azs are?

Answer 2

Physical data centers

Question 3

Why are AZs Used?

Answer 3

For disaster recovery

Question 4

Azs are not available in?

Answer 4

Consoles

Question 5

IAM works with?

Answer 5

Users-Groups and Roles

Question 6

What is default format for IAM policy writing?

Answer 6

JSON

Question 7

How do we use groups and roles?

Answer 7

Groups = Usually by functions

Roles = for Internal AWS resources

Question 8

IAM is a non managed policy?YN

Answer 8

No - IAM is a managed policy

Question 9

What is the best practice to grant privileges?

Answer 9

Least privilege principle

Question 10

IAM federation used for?

Answer 10

To connect with organizations and external applications. [Active directory.]

The standard is SAML

Big enterprises usually integrate their own repository of users with IAM

Question 11

What is best practice to grant IAM role?

Answer 11

1 IAM role per person

1 IAM role per application

Question 12

What is the worst practice for security while writing code?

Answer 12

Never write credentials in code

Question 13

What is used for bootstrapping?

Answer 13

USER DATA

Question 14

What should be the first line of USER data script?

Answer 14

/bin/bash

Question 15

What are ECS laucnh modes?

Answer 15

On Demand - Reserved Instance - Convertible Reserved Instance - Scheduled Reserved Instance - Spot Instance - Dedicated Instance - Dedicated Host

Question 16

Your whole AWS security is?

Answer 16

1. Users
2. Groups
3. Roles

Question 17

EC2 pricing is per?

Answer 17

1. Region
2. Type
3. OS

The billing is done in first 60 sec block then rest per second basis

Question 18

How can you have your own Instance?

Answer 18

By creating a custom AMI

Question 19

IS AMI region specific?YN

Answer 19

Yes

Question 20

What are the characteristics of an AMI?

Answer 20

RAM - CPU - I/O - Network - GPU

Question 21

Security Groups can reference?

Answer 21

Ips - CIDR Blocks - Other security groups

Question 22

What are the differenct types of Load Balancers?

Answer 22

1. Classic Load Balancer - 2006
2. Application Load Balancer - 2016 Layer 7
3. Network Load balancer - 2017 Layer 4

Question 23

Application server can use following protocols?

Answer 23

Http - Https - Websockets

Question 24

How can we get client id from the instance while it is fronted via ALB?

Answer 24

By looking at X-Forwarded-For header

Question 25

NLB works with which protocol?

Answer 25

TCP traffic

Question 26

ALB works with security via?

Answer 26

SSL and SSL termination

Question 27

Service for Renting virtual machines?

Answer 27

EC2

Question 28

Service for Storing data on virtual drives?

Answer 28

EBS

Question 29

Service for Distributing load across machines?

Answer 29

ELB

Question 30

Service for Scaling the services?

Answer 30

ASG

Question 31

Security groups are acting as?

Answer 31

firewall

Question 32

Security groups regulate?

Answer 32

Access to Ports - Authorised IP ranges – IPv4 and IPv6 - Control of inbound network (from other to the instance) - Control of outbound network (from the instance to other)

Question 33

Security groups can be attached to multiple instances?YN

Answer 33

Yes

Question 34

Security groups are locked down via?

Answer 34

Region

Question 35

Security groups live outside EC2?YN

Answer 35

Yes

Question 36

What is the problem If your application is not accessible (time out)?

Answer 36

Security group issue

Question 37

What is the issue If your application gives a “connection refused“ error?

Answer 37

an application error or EC2 is not launched

Question 38

What are the defults for security groups?

Answer 38

All inbound traffic is blocked by default - All outbound traffic is authorised by default

Question 39

Why is elastic ip useful?

Answer 39

On instance start/stop it does not change.

Question 40

what is the command to ssh to EC2 instance?

Answer 40

ssh -i ec2-user@

Question 41

what if the command to ssh fails error 0644 and syntax its correct?

Answer 41

The issue is that perm file is insecure - use chmod0400

Question 42

Subnet represent?

Answer 42

Azs

Question 43

Auto scaling is done via?

Answer 43

Cloud watch alarms- trigger and monitoring - done on averge values

Question 44

Is ASG free service?YN

Answer 44

Yes

Question 45

What does Load Balancer work with?

Answer 45

Target groups

Question 46

EBS is locaked at?

Answer 46

AZ level

Question 47

EBS increase or scaling is done via?

Answer 47

Size and IOPS(only for IO1)

Question 48

How do you secure EBS?

Answer 48

Secure via Encrypted EBS - Data secure inflight and at rest - uses KMS and AES 256

Question 49

Load balancers provide?

Answer 49

DNS - never use underlying IP