AWS Technical Essentials

Question 1

Each AWS Region is associated with

Answer 1

a geographical name
and a Region code.

Question 2

AWS has planned for many events through

Answer 2

redundancy (data centers with redundant power, networking and high speed and low latency links )

Question 3

This cluster of data centers is called an

Answer 3

Availability Zone

Question 4

AWS Region

Answer 4

clusters AZs together and also connects them with redundant high speed and low latency links

Question 5

four aspects you need to consider when deciding which AWS Region to use

Answer 5

compliance
latency
price
service availability.

Question 6

are used to cache content closer to end users, thus reducing latency.

Answer 6

Edge locations and regional edge caches

Question 7

When you decide which AWS Region to host your applications and workloads, consider: latency

Answer 7

If your application is sensitive to latency (the delay between a request for data and the response), choose a Region that is close to your user base

Question 8

When you decide which AWS Region to host your applications and workloads, consider: price

Answer 8

Due to the local economy and the physical nature of operating data centers, prices vary from one Region to another. Internet connectivity, imported equipment costs, customs, real estate, and other factors impact a Region’s pricing

Question 9

When you decide which AWS Region to host your applications and workloads, consider: service availability

Answer 9

Some services might not be available in some Regions.

Question 10

When you decide which AWS Region to host your applications and workloads, consider: compliance

Answer 10

Enterprise companies often must comply with regulations that require customer data to be stored in a specific geographic territory.

Question 11

When you operate a Region-scoped service,

Answer 11

you only need to select the Region that you want to use.

Question 12

If you are not asked to specify an individual Availability Zone to deploy the service in, this is an indicator that the service

Answer 12

operates on a Region-scope level

Question 13

For Region-scoped services, AWS automatically performs actions to

Answer 13

increase data durability and availability.

Question 14

some services ask you to specify an Availability Zone

Answer 14

You are often responsible for increasing the data durability and high availability of these resources.

Question 15

When Region-scoped, managed services are not available

Answer 15

make sure your workload is replicated across multiple Availability Zones. At a minimum, you should use two

Question 16

Every action that you make in AWS is

Answer 16

an API call that is authenticated and authorized

Question 17

The AWS root user has two sets of credentials associated with it

Answer 17

• the email address and password that were used to create the account
• access keys, which allow you to make programmatic requests from the AWS CLI or AWS API.

Question 18

Access keys consist of two parts:

Answer 18

Access key ID
Secret access key

Question 19

best practices for root user

Answer 19

Choose a strong password for the root user.

Enable multi-factor authentication (MFA) for the root user.

Never share your root user password or access keys with anyone.

Disable or delete the access keys associated with the root user.

Create an Identity and Access Management (IAM) user for administrative tasks or everyday tasks.

Question 20

AWS MFA mechanisms

Answer 20

Virtual MFA
Hardware TOTP token
FIDO security keys

Question 21

require that people have a valid credential

Answer 21

access management

Question 22

AM would not be responsible for

Answer 22

application-level access management.

Question 22

all API calls in AWS must be both signed and authenticated in order to be allowed, no matter if the resources

Answer 22

live in the same account or not.

Question 23

AWS IAM

Answer 23

• manages the login credentials and permissions to the AWS account,
• can manage the credentials used to sign API calls made to AWS services

Question 24

Authentication is verifying

Answer 24

if someone is who they say they are because they had the proper credentials to log in.

Question 24

The idea that your permissions control what you can or cannot do is

Answer 24

authorization.

Question 25

IAM users take care of authentication, and you can take care of authorization by

Answer 25

attaching IAM policies to users

Question 26

An Action in IAM is

Answer 26

an API call

Question 27

This IAM policy document contains

Answer 27

• permissions that allow the identity to which it’s attached to perform any EC2-related action.
• an Effect which is either allow or deny an Action
• restrict which AWS resources the actions are allowed to be performed against.
• include conditions in your policies that can further restrict actions.

Question 28

IAM groups are very simply just

Answer 28

groupings of IAM users.

Question 29

You can attach a policy to

Answer 29

a specific user or a group.

Question 30

as a best practice organize users into groups and assign

Answer 30

permissions to groups instead of individual users where possible.

Question 31

IAM offers many features to ensure security.

Answer 31

• IAM is global and not specific to any one Region.
• IAM is integrated with many AWS services by default.
• You can grant other identities permission to administer and use resources in your AWS account without having to share your password and key.
• IAM supports MFA.
• IAM supports identity federation, which allows users with passwords elsewhere—like your corporate network or internet identity provider—to get temporary access to your AWS account.
• Any AWS customer can use IAM; the service is offered at no additional charge.

Question 32

. Any activity done by A user is

Answer 32

billed to your account.

Question 33

When you create a user, you can provide them with the following types of access:

Answer 33

• Access to the AWS Management Console
• Programmatic access to the AWS CLI and AWS API

Question 34

IAM user credentials are considered permanent, which means that they

Answer 34

stay with the user until there’s a forced rotation by admins.

Question 35

An IAM user represents a

Answer 35

person or service that interacts with AWS.

Question 36

All users in the group inherit

Answer 36

the permissions assigned to the group.

Question 37

features of groups:

Answer 37

• Groups can have many users.
• Users can belong to many groups.
• Groups cannot belong to groups.

Question 38

To allow an IAM identity to perform specific actions in AWS, such as implement resources, you must

Answer 38

grant the IAM user the necessary permissions.

Question 39

IAM policy has four major JSON elements:

Answer 39

Version, Effect, Action, and Resource.

Question 40

IAM Version

Answer 40

defines the version of the policy language. It specifies the language syntax rules that are needed by AWS to process a policy. T

Question 41

IAM effect

Answer 41

specifies whether the policy will allow or deny access.

Question 42

IAM Action

Answer 42

describes the type of action that should be allowed or denied.

Question 43

IAM Resource

Answer 43

specifies the object or objects that the policy statement covers.

Question 44

An IAM role is an identity that can be assumed by

Answer 44

someone or something who needs temporary access to AWS credentials.

Question 45

Unlike IAM users IAM roles

Answer 45

do not have any login credentials like a username and password and the credentials used to sign requests are programmatically acquired, temporary in nature, and automatically rotated.

Question 46

federated users.

Answer 46

leverage IAM roles to grant access to existing identities from your enterprise user directory.

Question 47

AWS assigns a role to a federated user when access

Answer 47

is requested through an identity provider.

Question 48

Another identity that can assume an IAM role to gain access to AWS is

Answer 48

external identity providers.

Question 49

lock down the root user

Answer 49

• Don’t share the credentials associated with the root user.
• Consider deleting the root user access keys.
• Activate MFA on the root account.

Question 50

Least privilege

Answer 50

start with the minimum set of permissions in an IAM policy and then grant additional permissions as necessary for a user, group, or role.

Question 51

IAM is used to

Answer 51

secure access to your AWS account and resources. It provides a way to create and manage users, groups, and roles to access resources in a single AWS account.

Question 52

IAM is not used for

Answer 52

• website authentication and authorization
• IAM also does not support security controls for protecting operating systems and networks.

Question 53

User access keys only expire when

Answer 53

you or the account admin rotates the keys.

Question 54

Using an IdP, whether it’s with an AWS service such as AWS IAM Identity Center (successor to AWS Single Sign-On) or a third-party identity provider, provides

Answer 54

a single source of truth for all identities in your organization.

Question 55

AM provides last accessed information to

Answer 55

help you identify irrelevant credentials that you no longer need so that you can remove them.