AWSS

Question 1

Dividing resources among regions allows you to do the following.

Answer 1

1. Locate your infrastructure geographically closer to your users to allow access with lower possible latency.
2. Meet regulatory compliance with legal and banking rules.
3. Isolate groups of resources from each other and from larger networks to allow the greatest possible security.

Question 2

Some AWS resources are not visibly tied to any one region. Here are examples of Global Services.

Answer 2

1. AWS Identity & Access Management (IAM)
2. Amazon CloudFront
3. S3

Question 3

The service for managing the way access to your account resources is achieved by way of users and groups, roles and policies.

Answer 3

AWS Identity and Access Management (IAM)

Question 4

The content delivery network you can use to lower access latency for your application users by storing cached versions of frequently requested data at AWS edge locations.

Answer 4

CloudFront

Question 5

The block of IP addresses assigned for use within a single availability Zone.

Answer 5

Subnet. Private networks - typically use IPv4 protocol. Have have up to 200 subnets per AZ.

Question 6

One or more independently powered data centers running a wide range of hardware host types.

Answer 6

Availability Zone (AZ)

Question 7

A resource running without a back up.

Answer 7

Single Point of Failure

Question 8

Provisioning two or more instances of whatever your workload requires rather than just one. The only effective protection against failures.

Answer 8

Redundancy

Question 9

What is used to prevent application failure.

Answer 9

Autoscaling and Load Balancing.

Question 10

A site where AWS deploys physical server infrastructure to provide low latency user access to Amazon-based data. Front line resource for directing the kind of network traffic that can most benefit from speed.

Answer 10

Edge Location

Question 11

Best Known tenant of edge locations.

Answer 11

CloudFront

Question 12

Amazon’s Domain Name System (DNS) administration tool for managing domain name registration and traffic routing

Answer 12

Amazon Route 53

Question 13

A manage service for countering the threat of distributed denial of service (DDoS) attacks against your AWS-based infrastructure.

Answer 13

AWS Shield

Question 14

A managed service for protecting web applications from web-based threats.

Answer 14

AWS Web Application Firewall (WAF)

Question 15

A tool designed to use the serverless power that customize CloudFront behavior,

Answer 15

Lambda@Edge

Question 16

Handle less popular content. Currently 9 worldwide

Answer 16

Regional Edge Cache

Question 17

AWS Shared Responsibility Model

Answer 17

AWS Responsible for: The security of the cloud & patching underlying virtualization software running in AWS data centers.

You: Security of what’s in the cloud and patching OSs running on EC2 instances

Question 18

Hides all or some of the underlying configurations and administration work to keep things running. Your responsible for patching , updates and all the regular care. Ex: Elastic Bean–hides all the complexity of it’s runtime environment, leaving you to do beyond uploading your application code.

Answer 18

Managed Resources

Question 19

Your expected to care for the operating system and everything that’s running on it. If you can edit it, you own it. EX: Ec2,

Answer 19

Unmanaged Resources

Question 20

Any service outages that could affect the performance of anyone’s workload will appear here. First place you check when troubleshooting a failing application.

Answer 20

Service Health Dashboard

Question 21

Makes it abundantly clear that it does not permit the use of it’s infrastructure in any illegal, harmful, or offensive way.

Answer 21

AWS Acceptable Use Policy

Question 22

True or False: AWS Regions connect atleast 2 availability zones located within a single geographic area into a low latency network.

Answer 22

True

Question 23

A group of 1 or more independent (and fault-protected) data centers located within a single geographic region.

Answer 23

Availability Zone.

Question 24

What are global resources whose use isn’t restricted to any one region.

Answer 24

IAM, CloudFront, S3, Route 53

Question 25

Can be used to make your infrastructure more resilient and reliable by launching parallel redundant instances in multiple Availability Zones.

Answer 25

Principal of Availability

Question 26

Globally distributed data servers that can store cached copies of AWS based data from which –CloudFront service —they can be efficiently served to end users.

Answer 26

AWS Edge Locations

Question 27

You can automate the process of increasing or decreasing the scale of a deployment based on need. Availability. To ensure that a predefined service level is maintained regardless of external demand or instance failure.

Answer 27

Auto Scaling

Question 28

You can automatically redirect incoming requests away from a nonfunctioning instance and to a backup replacement. Driving force

Answer 28

Load Balancing

Question 29

• Data centers running uniform host types
• Data centers within a broad geographic area
• Not restricted to a single data center

Answer 29

• Edge Location
• AWS Region
• Availability Zones

Question 30

What is the primary benefit of using CloudFront distribution.

Answer 30

Reduced latency access to your content no matter where your end users live.

Question 31

What are the two most significant architectural benefits of the way AWS designed its regions.

Answer 31

• It can make applications available to end users with lower latency.
• It can make applications more compliant with local regulations.

Question 32

What is the most effective approach for improving the resilience of your EC2 web server.

Answer 32

Launch parallel load-balanced instances in multiple availability zones within a single AWS region.

Question 33

The block of IP addresses assigned for use within a single Availability zone.

Answer 33

Subnet

Question 34

What is the primary goal of autoscaling.

Answer 34

To ensure that a pre-defined service level is maintained regardless of external demand or instance failures.

Question 35

What AWS services benefit from Amazon Edge Locations.

Answer 35

EC2 Load Balancers

CloudFront.

Question 36

What are the primary benefit of using CloudFront distribution.

Answer 36

Reduced latency access to your content no matter where your end users live.

Question 37

Controls which people and processes get past the wall guarding your resources (authentication) and what they are allowed to do (authoritization)

Answer 37

Identity and Access Management (IAM) service

Question 38

The user identity that was generated when you first created your AWS account. They have the permission to perform any task on your account. To protect, created a complex password and multifactor authentication.

Answer 38

root user

Question 39

Adds a second layer of security to your logins. A temporary digital token

Answer 39

Multi-Factor authentication (MFA)

Question 40

Tool to use to safely encrypt remote login sessions

Answer 40

Secure Shell (SSH) Key Pairs

Question 41

Create users to whom you can assign only the permissions needed for a specific set of tasks.

Answer 41

Principle of least privilege

Question 42

Use this to administrate the permissions associated with multiple users in batches.

Answer 42

User Groups

Question 43

Defines the limits for what can be done within your AWS account. For the most part, used by applications and services rather then people.

Answer 43

IAM roles

Question 44

SS0

Answer 44

AWS Single Sign On Service

Question 45

Credential Reports provide information on what.

Answer 45

• State of your account security
• listing of all current IAM users
• When they last logged in
• whether MFA enabled
• whether they have access keys

Question 46

The data file used to control an object’s cryptographic transformation. Are mostly managed on AWS by the AWS Key Management Service (KMS)

Answer 46

Encryption Keys

Question 47

How do you encrypt S3 buckets.

Answer 47

Can encrypt before or after creation of S3 buckets. You select S3 managed service-side encryption keys (SSE-S3) or KMS managed services (SSE-KMS)

Question 48

Prevents wrong people from being able to read your objects living in your S3 buckets.

Answer 48

Server side Encryption

Question 49

Prevents the wrong people from intercepting those objects while in transit from your local infrastructure.

Answer 49

Client side Encryption
-Before uploading data into S3, you need to encrypt your data using KMS managed customer master key or a client side master key.

Question 50

a set of links to documents describing various regulatory standards and how AWS meets them.

Answer 50

AWS Architect

Question 51

Programmatic and command-line access to resources is authenticated using security credentials consisting of what.

Answer 51

Access Key ID

Secret Access Key

Question 52

Primarily focused on helping you control access to your AWS resources

Answer 52

Identity and Access Management (IAM)

Question 53

This handles access keys.

Answer 53

KMS (Key Management Service)

Question 54

This managed SSH Key Pairs

Answer 54

EC2

Question 55

What text format does the credential report use.

Answer 55

CSV

Question 56

What AWS resources can be encrypted using KMS.

Answer 56

-RDS database, S3 Buckets and DynamoDB database.

Question 57

What does KMS use to encrypt objects stored on your AWS account.

Answer 57

Customer Master Key

Question 58

What is the purpose of the Service Organization Controls (SOC) reports found on AWS Artifact

Answer 58

They attest to the AWS infrastructure compliance with data accountability standards like Sarbanes-Oxley.

Question 59

What roles can the documents provided by AWS Artifact play in your application planning.

Answer 59

• They can help you confirm that your deployment infrastructure is compliant with regulatory standards.
• They can provide insight into various regulatory and industry standards that represent best practices.