AWS Fundamentals 1 Flashcards

1
Q

Which contains what? AZ and Regions!

A

Regions contain multiple Azs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Azs are?

A

Physical data centers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Why are AZs Used?

A

For disaster recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Azs are not available in?

A

Consoles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

IAM works with?

A

Users-Groups and Roles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is default format for IAM policy writing?

A

JSON

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How do we use groups and roles?

A

Groups = Usually by functions

Roles = for Internal AWS resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

IAM is a non managed policy?YN

A

No - IAM is a managed policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the best practice to grant privileges?

A

Least privilege principle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

IAM federation used for?

A

To connect with organizations and external applications. [Active directory.]

The standard is SAML

Big enterprises usually integrate their own repository of users with IAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is best practice to grant IAM role?

A

1 IAM role per person

1 IAM role per application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the worst practice for security while writing code?

A

Never write credentials in code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is used for bootstrapping?

A

USER DATA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What should be the first line of USER data script?

A

/bin/bash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are ECS laucnh modes?

A

On Demand - Reserved Instance - Convertible Reserved Instance - Scheduled Reserved Instance - Spot Instance - Dedicated Instance - Dedicated Host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Your whole AWS security is?

A
  1. Users
  2. Groups
  3. Roles
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

EC2 pricing is per?

A
  1. Region
  2. Type
  3. OS

The billing is done in first 60 sec block then rest per second basis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

How can you have your own Instance?

A

By creating a custom AMI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

IS AMI region specific?YN

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are the characteristics of an AMI?

A

RAM - CPU - I/O - Network - GPU

21
Q

Security Groups can reference?

A

Ips - CIDR Blocks - Other security groups

22
Q

What are the differenct types of Load Balancers?

A
  1. Classic Load Balancer - 2006
  2. Application Load Balancer - 2016 Layer 7
  3. Network Load balancer - 2017 Layer 4
23
Q

Application server can use following protocols?

A

Http - Https - Websockets

24
Q

How can we get client id from the instance while it is fronted via ALB?

A

By looking at X-Forwarded-For header

25
NLB works with which protocol?
TCP traffic
26
ALB works with security via?
SSL and SSL termination
27
Service for Renting virtual machines?
EC2
28
Service for Storing data on virtual drives?
EBS
29
Service for Distributing load across machines?
ELB
30
Service for Scaling the services?
ASG
31
Security groups are acting as?
firewall
32
Security groups regulate?
Access to Ports - Authorised IP ranges – IPv4 and IPv6 - Control of inbound network (from other to the instance) - Control of outbound network (from the instance to other)
33
Security groups can be attached to multiple instances?YN
Yes
34
Security groups are locked down via?
Region
35
Security groups live outside EC2?YN
Yes
36
What is the problem If your application is not accessible (time out)?
Security group issue
37
What is the issue If your application gives a “connection refused“ error?
an application error or EC2 is not launched
38
What are the defults for security groups?
All inbound traffic is blocked by default - All outbound traffic is authorised by default
39
Why is elastic ip useful?
On instance start/stop it does not change.
40
what is the command to ssh to EC2 instance?
ssh -i ec2-user@
41
what if the command to ssh fails error 0644 and syntax its correct?
The issue is that perm file is insecure - use chmod0400
42
Subnet represent?
Azs
43
Auto scaling is done via?
Cloud watch alarms- trigger and monitoring - done on averge values
44
Is ASG free service?YN
Yes
45
What does Load Balancer work with?
Target groups
46
EBS is locaked at?
AZ level
47
EBS increase or scaling is done via?
Size and IOPS(only for IO1)
48
How do you secure EBS?
Secure via Encrypted EBS - Data secure inflight and at rest - uses KMS and AES 256
49
Load balancers provide?
DNS - never use underlying IP