Chap 1-3

Question 1

Difference between an AZ and Regions

Answer 1

AZs are just DCs full of servers, load balancers etc while a Region is a geographical area - each region consists of 2 or more AZs

Question 2

Edge Locations

Answer 2

1. Endpoints for AWS which are used for caching content

Question 3

Edge Locations vs Regions

Answer 3

there are many more edge locations compared to Regions (150) - review this

Question 4

Region

Answer 4

physical location in the world which consists of 2 or more AZs

Question 5

AZ

Answer 5

one or more discrete DCs, each with redundant power, networking and connectivity, housed in separate facilities

Question 6

Edge location consists of

Answer 6

CloudFront, amazon’s CDN

Question 7

AWS offers 3 support plans

Answer 7

Basic
Developer
Business

Question 8

AWS Basic plan

Answer 8

1. Free
2. Self service access to forums and resources
3. Best practice checks to help improve security and performance
4. Access to health status and notifications

Question 9

AWS Developer Plan

Answer 9

1. 29/month
2. Early adoption, testing and development
3. 1 primary contact can open an unlimited number of support cases
4. 12 hour response time for non prod systems

Question 10

AWS Business Plan

Answer 10

1. 100/month
2. For prod workloads & business critical dependencies
3. 24/7 chat, phone and email access to AWS Support
4. Unlimited contacts can open an unlimited number of support cases
5. 1-hour response time for production systems

Question 11

Root account

Answer 11

is the user account that you used for creating the account

Question 12

Root account God mode

Answer 12

Administrator access policy (most powerful resource)

Question 13

IAM is applied at the ? level

Answer 13

global (not specific to region)

Question 14

2 Access types to AWS

Answer 14

1. Programmatic

2. AWS Management Console Access

Question 15

Programmatic access

Answer 15

Enables an access key ID and secret access key for the AWS API, CLI, SDK and other development tools.

Question 16

AWS Management Console access

Answer 16

Enables a password that allows users to sign-in to the AWS Management console

Question 17

Roles

Answer 17

way for one AWS service to use another AWS service

Question 18

What are the permissions of new users when first created?

Answer 18

none

Question 19

What are assigned to new users when first created?

Answer 19

access key id and secret access keys

Question 20

Access key id and secret access keys are used to access?

Answer 20

AWS via the APIs and Command Line

Question 21

What happens if you lose your access key id and secret access keys?

Answer 21

Regenerate

Question 22

Always setup ? on your root account so that it will be secured

Answer 22

MFA

Question 23

IAM allows you to ? for password protection

Answer 23

Create and customise your own password rotation policies

Question 24

IAM consists of the following:

Answer 24

1. Users
2. Groups
3. Roles
4. Policies

Question 25

What is IAM

Answer 25

Identity Access Management - allows you to manage users and their level of access to the AWS console

Question 26

IAM - USERS

Answer 26

end users such as people, employees of an org

Question 27

IAM - GROUP

Answer 27

collection of users; each user in the group will inherit the permissions of the group

Question 28

IAM - POLICIES

Answer 28

made up document called policy documents in JSON format and they give permissions as to what a user/group/role is able to do

Question 29

IAM - ROLES

Answer 29

roles are assigned to AWS resources so that they can communicate with each other

Question 30

Power User

Answer 30

Provides full access to AWS services and resources, but does not allow management of Users and groups.

Question 31

SAML

Answer 31

Security Assertion Markup Language

Question 32

SAML gives your federated users?

Answer 32

SSO access to the Management Console

Question 33

Amazon recommends that you leave all security groups in web facing subnets open on port 22 to 0.0.0.0/0 CIDR (Classless Inter-Domain Routing) - TRUE OR FALSE

Answer 33

False

Question 34

VPC spans

Answer 34

all the AZ in the Region

Question 35

Each subnet must

Answer 35

reside in one AZ and cannot span AZs