Exam flashcards 1
What is IAM?
AWS Identity and Access Management (IAM) is a service that helps you securely control access to AWS services and resources. Using IAM, you can create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources.
What are IAM Policies?
IAM policies are JSON documents that specify permissions for users, groups, and roles. They define what actions are allowed or denied for specific AWS services and resources. Policies are crucial for applying the principle of least privilege.
What is the principle of least privilege?
The principle of least privilege means granting users only the permissions they need to perform their tasks. This minimizes the security risk of unauthorized access or data breaches.
How can you secure the root account?
To secure the root account, enable Multi-Factor Authentication (MFA), limit its use to essential tasks, and avoid using it for everyday operations. Instead, create separate IAM users for daily activities.
What is AWS KMS?
AWS Key Management Service (KMS) is a managed service that allows you to create, control, and manage cryptographic keys used to encrypt your data. It integrates with other AWS services like S3, EBS, and RDS for encryption at rest.
What is AWS Shield?
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. It provides two tiers of protection: Shield Standard, which is automatically included at no cost, and Shield Advanced for additional protections.
What is AWS WAF?
AWS Web Application Firewall (WAF) helps protect your web applications by filtering and monitoring HTTP and HTTPS requests. It lets you control access based on conditions such as IP addresses, query string parameters, or specific headers.
What is VPC?
Amazon Virtual Private Cloud (VPC) allows you to define a logically isolated network in AWS. You have full control over IP addressing, subnets, route tables, and gateways, and can create secure connections between your on-premises network and AWS.
What are Security Groups?
Security Groups are virtual firewalls that control the traffic to and from AWS resources like EC2 instances. They allow or deny traffic based on inbound and outbound rules.
What is CloudTrail?
AWS CloudTrail records API calls made on your AWS account, including calls from the AWS Management Console, SDKs, and command-line tools. This enables auditing, monitoring, and troubleshooting of AWS resource usage.
What is the AWS Well-Architected Framework?
The AWS Well-Architected Framework helps you build secure, high-performing, resilient, and efficient infrastructure for your applications. It consists of five pillars: Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization.
What are the five pillars of the AWS Well-Architected Framework?
The five pillars are: 1) Operational Excellence, 2) Security, 3) Reliability, 4) Performance Efficiency, and 5) Cost Optimization.
What is the Operational Excellence pillar in the AWS Well-Architected Framework?
Operational Excellence focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures.
What is the Security pillar in the AWS Well-Architected Framework?
The Security pillar focuses on protecting data, systems, and assets by using strong access control, data protection mechanisms, and security automation.
What is the Reliability pillar in the AWS Well-Architected Framework?
Reliability focuses on ensuring that workloads can recover from infrastructure or service failures, meet availability requirements, and scale as needed.
What is the Performance Efficiency pillar in the AWS Well-Architected Framework?
Performance Efficiency focuses on using IT and computing resources efficiently to meet system requirements, while maintaining scalability.
What is the Cost Optimization pillar in the AWS Well-Architected Framework?
Cost Optimization involves avoiding unnecessary costs while maintaining the required performance, and using resources efficiently.
What is the purpose of Auto Scaling?
Auto Scaling ensures that you have the right amount of compute resources available to handle the load for your application. It automatically adjusts the number of EC2 instances based on traffic or demand.
What is an Elastic Load Balancer?
Elastic Load Balancer (ELB) automatically distributes incoming application traffic across multiple EC2 instances, containers, or IP addresses, ensuring high availability and fault tolerance.
What is an Availability Zone?
An Availability Zone is an isolated data center within an AWS Region, connected to other zones with low-latency links. Using multiple Availability Zones improves fault tolerance and disaster recovery.
What is Route 53?
Amazon Route 53 is a scalable DNS web service designed to route end-user requests to infrastructure in AWS and other domains, and to check the health of resources.
What is an RDS Read Replica?
An RDS Read Replica is a read-only copy of your database that you can use to offload read traffic. It helps improve database performance and is ideal for scaling read-heavy workloads.
What is Multi-AZ in RDS?
Multi-AZ (Availability Zone) in RDS ensures high availability by automatically replicating data to a standby instance in another Availability Zone. In the event of a failure, it automatically switches to the standby instance.
What is the difference between horizontal and vertical scaling?
Horizontal scaling involves adding more instances to distribute the load, while vertical scaling increases the resources of a single instance, such as CPU or memory.
What is S3 Cross-Region Replication?
S3 Cross-Region Replication automatically replicates S3 objects to a different AWS Region. It helps improve performance by keeping data close to users and ensures compliance with regional data storage regulations.
What is an EC2 Auto Scaling Group?
An EC2 Auto Scaling Group maintains a specified number of running EC2 instances, automatically adjusting the capacity based on predefined conditions like CPU utilization.
What is AWS Global Accelerator?
AWS Global Accelerator improves the availability and performance of your applications by directing traffic to the optimal endpoint using AWS global network, reducing latency.
What is IAM?
AWS Identity and Access Management (IAM) is a service that helps you securely control access to AWS services and resources. Using IAM, you can create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources.
What are IAM Policies?
IAM policies are JSON documents that specify permissions for users, groups, and roles. They define what actions are allowed or denied for specific AWS services and resources. Policies are crucial for applying the principle of least privilege.
What is the principle of least privilege?
The principle of least privilege means granting users only the permissions they need to perform their tasks. This minimizes the security risk of unauthorized access or data breaches.
How can you secure the root account?
To secure the root account, enable Multi-Factor Authentication (MFA), limit its use to essential tasks, and avoid using it for everyday operations. Instead, create separate IAM users for daily activities.
What is AWS KMS?
AWS Key Management Service (KMS) is a managed service that allows you to create, control, and manage cryptographic keys used to encrypt your data. It integrates with other AWS services like S3, EBS, and RDS for encryption at rest.
What is AWS Shield?
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. It provides two tiers of protection: Shield Standard, which is automatically included at no cost, and Shield Advanced for additional protections.
What is AWS WAF?
AWS Web Application Firewall (WAF) helps protect your web applications by filtering and monitoring HTTP and HTTPS requests. It lets you control access based on conditions such as IP addresses, query string parameters, or specific headers.
What is VPC?
Amazon Virtual Private Cloud (VPC) allows you to define a logically isolated network in AWS. You have full control over IP addressing, subnets, route tables, and gateways, and can create secure connections between your on-premises network and AWS.
What are Security Groups?
Security Groups are virtual firewalls that control the traffic to and from AWS resources like EC2 instances. They allow or deny traffic based on inbound and outbound rules.
What is CloudTrail?
AWS CloudTrail records API calls made on your AWS account, including calls from the AWS Management Console, SDKs, and command-line tools. This enables auditing, monitoring, and troubleshooting of AWS resource usage.
What is the AWS Well-Architected Framework?
The AWS Well-Architected Framework helps you build secure, high-performing, resilient, and efficient infrastructure for your applications. It consists of five pillars: Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization.
What are the five pillars of the AWS Well-Architected Framework?
The five pillars are: 1) Operational Excellence, 2) Security, 3) Reliability, 4) Performance Efficiency, and 5) Cost Optimization.
What is the Operational Excellence pillar in the AWS Well-Architected Framework?
Operational Excellence focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures.
What is the Security pillar in the AWS Well-Architected Framework?
The Security pillar focuses on protecting data, systems, and assets by using strong access control, data protection mechanisms, and security automation.
What is the Reliability pillar in the AWS Well-Architected Framework?
Reliability focuses on ensuring that workloads can recover from infrastructure or service failures, meet availability requirements, and scale as needed.
What is the Performance Efficiency pillar in the AWS Well-Architected Framework?
Performance Efficiency focuses on using IT and computing resources efficiently to meet system requirements, while maintaining scalability.
What is the Cost Optimization pillar in the AWS Well-Architected Framework?
Cost Optimization involves avoiding unnecessary costs while maintaining the required performance, and using resources efficiently.
What is the purpose of Auto Scaling?
Auto Scaling ensures that you have the right amount of compute resources available to handle the load for your application. It automatically adjusts the number of EC2 instances based on traffic or demand.
What is an Elastic Load Balancer?
Elastic Load Balancer (ELB) automatically distributes incoming application traffic across multiple EC2 instances, containers, or IP addresses, ensuring high availability and fault tolerance.
What is an Availability Zone?
An Availability Zone is an isolated data center within an AWS Region, connected to other zones with low-latency links. Using multiple Availability Zones improves fault tolerance and disaster recovery.
What is Route 53?
Amazon Route 53 is a scalable DNS web service designed to route end-user requests to infrastructure in AWS and other domains, and to check the health of resources.
What is an RDS Read Replica?
An RDS Read Replica is a read-only copy of your database that you can use to offload read traffic. It helps improve database performance and is ideal for scaling read-heavy workloads.
What is Multi-AZ in RDS?
Multi-AZ (Availability Zone) in RDS ensures high availability by automatically replicating data to a standby instance in another Availability Zone. In the event of a failure, it automatically switches to the standby instance.
What is the difference between horizontal and vertical scaling?
Horizontal scaling involves adding more instances to distribute the load, while vertical scaling increases the resources of a single instance, such as CPU or memory.
What is S3 Cross-Region Replication?
S3 Cross-Region Replication automatically replicates S3 objects to a different AWS Region. It helps improve performance by keeping data close to users and ensures compliance with regional data storage regulations.
What is an EC2 Auto Scaling Group?
An EC2 Auto Scaling Group maintains a specified number of running EC2 instances, automatically adjusting the capacity based on predefined conditions like CPU utilization.
What is AWS Global Accelerator?
AWS Global Accelerator improves the availability and performance of your applications by directing traffic to the optimal endpoint using AWS global network, reducing latency.
What is IAM?
AWS Identity and Access Management (IAM) is a service that helps you securely control access to AWS services and resources. Using IAM, you can create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources.
What are IAM Policies?
IAM policies are JSON documents that specify permissions for users, groups, and roles. They define what actions are allowed or denied for specific AWS services and resources. Policies are crucial for applying the principle of least privilege.
What is the principle of least privilege?
The principle of least privilege means granting users only the permissions they need to perform their tasks. This minimizes the security risk of unauthorized access or data breaches.
How can you secure the root account?
To secure the root account, enable Multi-Factor Authentication (MFA), limit its use to essential tasks, and avoid using it for everyday operations. Instead, create separate IAM users for daily activities.
What is AWS KMS?
AWS Key Management Service (KMS) is a managed service that allows you to create, control, and manage cryptographic keys used to encrypt your data. It integrates with other AWS services like S3, EBS, and RDS for encryption at rest.
What is AWS Shield?
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. It provides two tiers of protection: Shield Standard, which is automatically included at no cost, and Shield Advanced for additional protections.
What is AWS WAF?
AWS Web Application Firewall (WAF) helps protect your web applications by filtering and monitoring HTTP and HTTPS requests. It lets you control access based on conditions such as IP addresses, query string parameters, or specific headers.
What is VPC?
Amazon Virtual Private Cloud (VPC) allows you to define a logically isolated network in AWS. You have full control over IP addressing, subnets, route tables, and gateways, and can create secure connections between your on-premises network and AWS.
What are Security Groups?
Security Groups are virtual firewalls that control the traffic to and from AWS resources like EC2 instances. They allow or deny traffic based on inbound and outbound rules.
What is CloudTrail?
AWS CloudTrail records API calls made on your AWS account, including calls from the AWS Management Console, SDKs, and command-line tools. This enables auditing, monitoring, and troubleshooting of AWS resource usage.
What is the AWS Well-Architected Framework?
The AWS Well-Architected Framework helps you build secure, high-performing, resilient, and efficient infrastructure for your applications. It consists of five pillars: Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization.
What are the five pillars of the AWS Well-Architected Framework?
The five pillars are: 1) Operational Excellence, 2) Security, 3) Reliability, 4) Performance Efficiency, and 5) Cost Optimization.
What is the Operational Excellence pillar in the AWS Well-Architected Framework?
Operational Excellence focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures.
What is the Security pillar in the AWS Well-Architected Framework?
The Security pillar focuses on protecting data, systems, and assets by using strong access control, data protection mechanisms, and security automation.
What is the Reliability pillar in the AWS Well-Architected Framework?
Reliability focuses on ensuring that workloads can recover from infrastructure or service failures, meet availability requirements, and scale as needed.
What is the Performance Efficiency pillar in the AWS Well-Architected Framework?
Performance Efficiency focuses on using IT and computing resources efficiently to meet system requirements, while maintaining scalability.
What is the Cost Optimization pillar in the AWS Well-Architected Framework?
Cost Optimization involves avoiding unnecessary costs while maintaining the required performance, and using resources efficiently.
What is the purpose of Auto Scaling?
Auto Scaling ensures that you have the right amount of compute resources available to handle the load for your application. It automatically adjusts the number of EC2 instances based on traffic or demand.
What is an Elastic Load Balancer?
Elastic Load Balancer (ELB) automatically distributes incoming application traffic across multiple EC2 instances, containers, or IP addresses, ensuring high availability and fault tolerance.
What is an Availability Zone?
An Availability Zone is an isolated data center within an AWS Region, connected to other zones with low-latency links. Using multiple Availability Zones improves fault tolerance and disaster recovery.
What is Route 53?
Amazon Route 53 is a scalable DNS web service designed to route end-user requests to infrastructure in AWS and other domains, and to check the health of resources.
What is an RDS Read Replica?
An RDS Read Replica is a read-only copy of your database that you can use to offload read traffic. It helps improve database performance and is ideal for scaling read-heavy workloads.
What is Multi-AZ in RDS?
Multi-AZ (Availability Zone) in RDS ensures high availability by automatically replicating data to a standby instance in another Availability Zone. In the event of a failure, it automatically switches to the standby instance.
What is the difference between horizontal and vertical scaling?
Horizontal scaling involves adding more instances to distribute the load, while vertical scaling increases the resources of a single instance, such as CPU or memory.
What is S3 Cross-Region Replication?
S3 Cross-Region Replication automatically replicates S3 objects to a different AWS Region. It helps improve performance by keeping data close to users and ensures compliance with regional data storage regulations.
What is an EC2 Auto Scaling Group?
An EC2 Auto Scaling Group maintains a specified number of running EC2 instances, automatically adjusting the capacity based on predefined conditions like CPU utilization.
What is AWS Global Accelerator?
AWS Global Accelerator improves the availability and performance of your applications by directing traffic to the optimal endpoint using AWS global network, reducing latency.
What is IAM?
AWS Identity and Access Management (IAM) is a service that helps you securely control access to AWS services and resources. Using IAM, you can create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources.
What are IAM Policies?
IAM policies are JSON documents that specify permissions for users, groups, and roles. They define what actions are allowed or denied for specific AWS services and resources. Policies are crucial for applying the principle of least privilege.
What is the principle of least privilege?
The principle of least privilege means granting users only the permissions they need to perform their tasks. This minimizes the security risk of unauthorized access or data breaches.
How can you secure the root account?
To secure the root account, enable Multi-Factor Authentication (MFA), limit its use to essential tasks, and avoid using it for everyday operations. Instead, create separate IAM users for daily activities.
What is AWS KMS?
AWS Key Management Service (KMS) is a managed service that allows you to create, control, and manage cryptographic keys used to encrypt your data. It integrates with other AWS services like S3, EBS, and RDS for encryption at rest.
What is AWS Shield?
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. It provides two tiers of protection: Shield Standard, which is automatically included at no cost, and Shield Advanced for additional protections.
What is AWS WAF?
AWS Web Application Firewall (WAF) helps protect your web applications by filtering and monitoring HTTP and HTTPS requests. It lets you control access based on conditions such as IP addresses, query string parameters, or specific headers.
What is VPC?
Amazon Virtual Private Cloud (VPC) allows you to define a logically isolated network in AWS. You have full control over IP addressing, subnets, route tables, and gateways, and can create secure connections between your on-premises network and AWS.
What are Security Groups?
Security Groups are virtual firewalls that control the traffic to and from AWS resources like EC2 instances. They allow or deny traffic based on inbound and outbound rules.
What is CloudTrail?
AWS CloudTrail records API calls made on your AWS account, including calls from the AWS Management Console, SDKs, and command-line tools. This enables auditing, monitoring, and troubleshooting of AWS resource usage.
What is the AWS Well-Architected Framework?
The AWS Well-Architected Framework helps you build secure, high-performing, resilient, and efficient infrastructure for your applications. It consists of five pillars: Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization.
What are the five pillars of the AWS Well-Architected Framework?
The five pillars are: 1) Operational Excellence, 2) Security, 3) Reliability, 4) Performance Efficiency, and 5) Cost Optimization.
What is the Operational Excellence pillar in the AWS Well-Architected Framework?
Operational Excellence focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures.
What is the Security pillar in the AWS Well-Architected Framework?
The Security pillar focuses on protecting data, systems, and assets by using strong access control, data protection mechanisms, and security automation.
What is the Reliability pillar in the AWS Well-Architected Framework?
Reliability focuses on ensuring that workloads can recover from infrastructure or service failures, meet availability requirements, and scale as needed.
What is the Performance Efficiency pillar in the AWS Well-Architected Framework?
Performance Efficiency focuses on using IT and computing resources efficiently to meet system requirements, while maintaining scalability.
What is the Cost Optimization pillar in the AWS Well-Architected Framework?
Cost Optimization involves avoiding unnecessary costs while maintaining the required performance, and using resources efficiently.
What is the purpose of Auto Scaling?
Auto Scaling ensures that you have the right amount of compute resources available to handle the load for your application. It automatically adjusts the number of EC2 instances based on traffic or demand.
What is an Elastic Load Balancer?
Elastic Load Balancer (ELB) automatically distributes incoming application traffic across multiple EC2 instances, containers, or IP addresses, ensuring high availability and fault tolerance.
What is an Availability Zone?
An Availability Zone is an isolated data center within an AWS Region, connected to other zones with low-latency links. Using multiple Availability Zones improves fault tolerance and disaster recovery.
What is Route 53?
Amazon Route 53 is a scalable DNS web service designed to route end-user requests to infrastructure in AWS and other domains, and to check the health of resources.
What is an RDS Read Replica?
An RDS Read Replica is a read-only copy of your database that you can use to offload read traffic. It helps improve database performance and is ideal for scaling read-heavy workloads.
What is Multi-AZ in RDS?
Multi-AZ (Availability Zone) in RDS ensures high availability by automatically replicating data to a standby instance in another Availability Zone. In the event of a failure, it automatically switches to the standby instance.
What is IAM?
AWS Identity and Access Management (IAM) is a service that helps you securely control access to AWS services and resources. Using IAM, you can create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources.
What are IAM Policies?
IAM policies are JSON documents that specify permissions for users, groups, and roles. They define what actions are allowed or denied for specific AWS services and resources. Policies are crucial for applying the principle of least privilege.
What is the principle of least privilege?
The principle of least privilege means granting users only the permissions they need to perform their tasks. This minimizes the security risk of unauthorized access or data breaches.
How can you secure the root account?
To secure the root account, enable Multi-Factor Authentication (MFA), limit its use to essential tasks, and avoid using it for everyday operations. Instead, create separate IAM users for daily activities.
What is AWS KMS?
AWS Key Management Service (KMS) is a managed service that allows you to create, control, and manage cryptographic keys used to encrypt your data. It integrates with other AWS services like S3, EBS, and RDS for encryption at rest.
What is AWS Shield?
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. It provides two tiers of protection: Shield Standard, which is automatically included at no cost, and Shield Advanced for additional protections.
What is AWS WAF?
AWS Web Application Firewall (WAF) helps protect your web applications by filtering and monitoring HTTP and HTTPS requests. It lets you control access based on conditions such as IP addresses, query string parameters, or specific headers.
What is VPC?
Amazon Virtual Private Cloud (VPC) allows you to define a logically isolated network in AWS. You have full control over IP addressing, subnets, route tables, and gateways, and can create secure connections between your on-premises network and AWS.
What are Security Groups?
Security Groups are virtual firewalls that control the traffic to and from AWS resources like EC2 instances. They allow or deny traffic based on inbound and outbound rules.
What is CloudTrail?
AWS CloudTrail records API calls made on your AWS account, including calls from the AWS Management Console, SDKs, and command-line tools. This enables auditing, monitoring, and troubleshooting of AWS resource usage.
What is the AWS Well-Architected Framework?
The AWS Well-Architected Framework helps you build secure, high-performing, resilient, and efficient infrastructure for your applications. It consists of five pillars: Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization.
What are the five pillars of the AWS Well-Architected Framework?
The five pillars are: 1) Operational Excellence, 2) Security, 3) Reliability, 4) Performance Efficiency, and 5) Cost Optimization.
What is the Operational Excellence pillar in the AWS Well-Architected Framework?
Operational Excellence focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures.
What is the Security pillar in the AWS Well-Architected Framework?
The Security pillar focuses on protecting data, systems, and assets by using strong access control, data protection mechanisms, and security automation.
What is the Reliability pillar in the AWS Well-Architected Framework?
Reliability focuses on ensuring that workloads can recover from infrastructure or service failures, meet availability requirements, and scale as needed.
What is the Performance Efficiency pillar in the AWS Well-Architected Framework?
Performance Efficiency focuses on using IT and computing resources efficiently to meet system requirements, while maintaining scalability.
What is the Cost Optimization pillar in the AWS Well-Architected Framework?
Cost Optimization involves avoiding unnecessary costs while maintaining the required performance, and using resources efficiently.
What is the purpose of Auto Scaling?
Auto Scaling ensures that you have the right amount of compute resources available to handle the load for your application. It automatically adjusts the number of EC2 instances based on traffic or demand.
What is an Elastic Load Balancer?
Elastic Load Balancer (ELB) automatically distributes incoming application traffic across multiple EC2 instances, containers, or IP addresses, ensuring high availability and fault tolerance.
What is an Availability Zone?
An Availability Zone is an isolated data center within an AWS Region, connected to other zones with low-latency links. Using multiple Availability Zones improves fault tolerance and disaster recovery.
What is Route 53?
Amazon Route 53 is a scalable DNS web service designed to route end-user requests to infrastructure in AWS and other domains, and to check the health of resources.
What is an RDS Read Replica?
An RDS Read Replica is a read-only copy of your database that you can use to offload read traffic. It helps improve database performance and is ideal for scaling read-heavy workloads.
What is Multi-AZ in RDS?
Multi-AZ (Availability Zone) in RDS ensures high availability by automatically replicating data to a standby instance in another Availability Zone. In the event of a failure, it automatically switches to the standby instance.
What is the difference between horizontal and vertical scaling?
Horizontal scaling involves adding more instances to distribute the load, while vertical scaling increases the resources of a single instance, such as CPU or memory.
What is S3 Cross-Region Replication?
S3 Cross-Region Replication automatically replicates S3 objects to a different AWS Region. It helps improve performance by keeping data close to users and ensures compliance with regional data storage regulations.
What is an EC2 Auto Scaling Group?
An EC2 Auto Scaling Group maintains a specified number of running EC2 instances, automatically adjusting the capacity based on predefined conditions like CPU utilization.
What is AWS Global Accelerator?
AWS Global Accelerator improves the availability and performance of your applications by directing traffic to the optimal endpoint using AWS global network, reducing latency.
What is IAM?
AWS Identity and Access Management (IAM) is a service that helps you securely control access to AWS services and resources. Using IAM, you can create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources.
What are IAM Policies?
IAM policies are JSON documents that specify permissions for users, groups, and roles. They define what actions are allowed or denied for specific AWS services and resources. Policies are crucial for applying the principle of least privilege.
What is the principle of least privilege?
The principle of least privilege means granting users only the permissions they need to perform their tasks. This minimizes the security risk of unauthorized access or data breaches.
How can you secure the root account?
To secure the root account, enable Multi-Factor Authentication (MFA), limit its use to essential tasks, and avoid using it for everyday operations. Instead, create separate IAM users for daily activities.
What is AWS KMS?
AWS Key Management Service (KMS) is a managed service that allows you to create, control, and manage cryptographic keys used to encrypt your data. It integrates with other AWS services like S3, EBS, and RDS for encryption at rest.
What is AWS Shield?
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. It provides two tiers of protection: Shield Standard, which is automatically included at no cost, and Shield Advanced for additional protections.
What is AWS WAF?
AWS Web Application Firewall (WAF) helps protect your web applications by filtering and monitoring HTTP and HTTPS requests. It lets you control access based on conditions such as IP addresses, query string parameters, or specific headers.
What is VPC?
Amazon Virtual Private Cloud (VPC) allows you to define a logically isolated network in AWS. You have full control over IP addressing, subnets, route tables, and gateways, and can create secure connections between your on-premises network and AWS.
What are Security Groups?
Security Groups are virtual firewalls that control the traffic to and from AWS resources like EC2 instances. They allow or deny traffic based on inbound and outbound rules.
What is CloudTrail?
AWS CloudTrail records API calls made on your AWS account, including calls from the AWS Management Console, SDKs, and command-line tools. This enables auditing, monitoring, and troubleshooting of AWS resource usage.
What is the AWS Well-Architected Framework?
The AWS Well-Architected Framework helps you build secure, high-performing, resilient, and efficient infrastructure for your applications. It consists of five pillars: Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization.
What are the five pillars of the AWS Well-Architected Framework?
The five pillars are: 1) Operational Excellence, 2) Security, 3) Reliability, 4) Performance Efficiency, and 5) Cost Optimization.
What is the Operational Excellence pillar in the AWS Well-Architected Framework?
Operational Excellence focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures.
What is the Security pillar in the AWS Well-Architected Framework?
The Security pillar focuses on protecting data, systems, and assets by using strong access control, data protection mechanisms, and security automation.
What is the Reliability pillar in the AWS Well-Architected Framework?
Reliability focuses on ensuring that workloads can recover from infrastructure or service failures, meet availability requirements, and scale as needed.
What is the Performance Efficiency pillar in the AWS Well-Architected Framework?
Performance Efficiency focuses on using IT and computing resources efficiently to meet system requirements, while maintaining scalability.
What is the Cost Optimization pillar in the AWS Well-Architected Framework?
Cost Optimization involves avoiding unnecessary costs while maintaining the required performance, and using resources efficiently.
What is the purpose of Auto Scaling?
Auto Scaling ensures that you have the right amount of compute resources available to handle the load for your application. It automatically adjusts the number of EC2 instances based on traffic or demand.
What is an Elastic Load Balancer?
Elastic Load Balancer (ELB) automatically distributes incoming application traffic across multiple EC2 instances, containers, or IP addresses, ensuring high availability and fault tolerance.
What is an Availability Zone?
An Availability Zone is an isolated data center within an AWS Region, connected to other zones with low-latency links. Using multiple Availability Zones improves fault tolerance and disaster recovery.
What is Route 53?
Amazon Route 53 is a scalable DNS web service designed to route end-user requests to infrastructure in AWS and other domains, and to check the health of resources.
What is an RDS Read Replica?
An RDS Read Replica is a read-only copy of your database that you can use to offload read traffic. It helps improve database performance and is ideal for scaling read-heavy workloads.
What is Multi-AZ in RDS?
Multi-AZ (Availability Zone) in RDS ensures high availability by automatically replicating data to a standby instance in another Availability Zone. In the event of a failure, it automatically switches to the standby instance.
What is IAM?
AWS Identity and Access Management (IAM) is a service that helps you securely control access to AWS services and resources. Using IAM, you can create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources.
What are IAM Policies?
IAM policies are JSON documents that specify permissions for users, groups, and roles. They define what actions are allowed or denied for specific AWS services and resources. Policies are crucial for applying the principle of least privilege.
What is the principle of least privilege?
The principle of least privilege means granting users only the permissions they need to perform their tasks. This minimizes the security risk of unauthorized access or data breaches.
How can you secure the root account?
To secure the root account, enable Multi-Factor Authentication (MFA), limit its use to essential tasks, and avoid using it for everyday operations. Instead, create separate IAM users for daily activities.
What is AWS KMS?
AWS Key Management Service (KMS) is a managed service that allows you to create, control, and manage cryptographic keys used to encrypt your data. It integrates with other AWS services like S3, EBS, and RDS for encryption at rest.
What is AWS Shield?
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. It provides two tiers of protection: Shield Standard, which is automatically included at no cost, and Shield Advanced for additional protections.
What is AWS WAF?
AWS Web Application Firewall (WAF) helps protect your web applications by filtering and monitoring HTTP and HTTPS requests. It lets you control access based on conditions such as IP addresses, query string parameters, or specific headers.
What is VPC?
Amazon Virtual Private Cloud (VPC) allows you to define a logically isolated network in AWS. You have full control over IP addressing, subnets, route tables, and gateways, and can create secure connections between your on-premises network and AWS.
What are Security Groups?
Security Groups are virtual firewalls that control the traffic to and from AWS resources like EC2 instances. They allow or deny traffic based on inbound and outbound rules.
What is CloudTrail?
AWS CloudTrail records API calls made on your AWS account, including calls from the AWS Management Console, SDKs, and command-line tools. This enables auditing, monitoring, and troubleshooting of AWS resource usage.
What is the AWS Well-Architected Framework?
The AWS Well-Architected Framework helps you build secure, high-performing, resilient, and efficient infrastructure for your applications. It consists of five pillars: Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization.
What are the five pillars of the AWS Well-Architected Framework?
The five pillars are: 1) Operational Excellence, 2) Security, 3) Reliability, 4) Performance Efficiency, and 5) Cost Optimization.
What is the Operational Excellence pillar in the AWS Well-Architected Framework?
Operational Excellence focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures.
What is the Security pillar in the AWS Well-Architected Framework?
The Security pillar focuses on protecting data, systems, and assets by using strong access control, data protection mechanisms, and security automation.
What is the Reliability pillar in the AWS Well-Architected Framework?
Reliability focuses on ensuring that workloads can recover from infrastructure or service failures, meet availability requirements, and scale as needed.
What is the Performance Efficiency pillar in the AWS Well-Architected Framework?
Performance Efficiency focuses on using IT and computing resources efficiently to meet system requirements, while maintaining scalability.
What is the Cost Optimization pillar in the AWS Well-Architected Framework?
Cost Optimization involves avoiding unnecessary costs while maintaining the required performance, and using resources efficiently.
What is the purpose of Auto Scaling?
Auto Scaling ensures that you have the right amount of compute resources available to handle the load for your application. It automatically adjusts the number of EC2 instances based on traffic or demand.
What is an Elastic Load Balancer?
Elastic Load Balancer (ELB) automatically distributes incoming application traffic across multiple EC2 instances, containers, or IP addresses, ensuring high availability and fault tolerance.
What is an Availability Zone?
An Availability Zone is an isolated data center within an AWS Region, connected to other zones with low-latency links. Using multiple Availability Zones improves fault tolerance and disaster recovery.
What is Route 53?
Amazon Route 53 is a scalable DNS web service designed to route end-user requests to infrastructure in AWS and other domains, and to check the health of resources.
What is an RDS Read Replica?
An RDS Read Replica is a read-only copy of your database that you can use to offload read traffic. It helps improve database performance and is ideal for scaling read-heavy workloads.
What is Multi-AZ in RDS?
Multi-AZ (Availability Zone) in RDS ensures high availability by automatically replicating data to a standby instance in another Availability Zone. In the event of a failure, it automatically switches to the standby instance.
What is the difference between horizontal and vertical scaling?
Horizontal scaling involves adding more instances to distribute the load, while vertical scaling increases the resources of a single instance, such as CPU or memory.
What is S3 Cross-Region Replication?
S3 Cross-Region Replication automatically replicates S3 objects to a different AWS Region. It helps improve performance by keeping data close to users and ensures compliance with regional data storage regulations.
What is an EC2 Auto Scaling Group?
An EC2 Auto Scaling Group maintains a specified number of running EC2 instances, automatically adjusting the capacity based on predefined conditions like CPU utilization.
What is AWS Global Accelerator?
AWS Global Accelerator improves the availability and performance of your applications by directing traffic to the optimal endpoint using AWS global network, reducing latency.
What is IAM?
AWS Identity and Access Management (IAM) is a service that helps you securely control access to AWS services and resources. Using IAM, you can create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources.
What are IAM Policies?
IAM policies are JSON documents that specify permissions for users, groups, and roles. They define what actions are allowed or denied for specific AWS services and resources. Policies are crucial for applying the principle of least privilege.
What is the principle of least privilege?
The principle of least privilege means granting users only the permissions they need to perform their tasks. This minimizes the security risk of unauthorized access or data breaches.
How can you secure the root account?
To secure the root account, enable Multi-Factor Authentication (MFA), limit its use to essential tasks, and avoid using it for everyday operations. Instead, create separate IAM users for daily activities.
What is AWS KMS?
AWS Key Management Service (KMS) is a managed service that allows you to create, control, and manage cryptographic keys used to encrypt your data. It integrates with other AWS services like S3, EBS, and RDS for encryption at rest.
What is AWS Shield?
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. It provides two tiers of protection: Shield Standard, which is automatically included at no cost, and Shield Advanced for additional protections.
What is AWS WAF?
AWS Web Application Firewall (WAF) helps protect your web applications by filtering and monitoring HTTP and HTTPS requests. It lets you control access based on conditions such as IP addresses, query string parameters, or specific headers.
What is VPC?
Amazon Virtual Private Cloud (VPC) allows you to define a logically isolated network in AWS. You have full control over IP addressing, subnets, route tables, and gateways, and can create secure connections between your on-premises network and AWS.
What are Security Groups?
Security Groups are virtual firewalls that control the traffic to and from AWS resources like EC2 instances. They allow or deny traffic based on inbound and outbound rules.
What is CloudTrail?
AWS CloudTrail records API calls made on your AWS account, including calls from the AWS Management Console, SDKs, and command-line tools. This enables auditing, monitoring, and troubleshooting of AWS resource usage.
What is the AWS Well-Architected Framework?
The AWS Well-Architected Framework helps you build secure, high-performing, resilient, and efficient infrastructure for your applications. It consists of five pillars: Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization.
What are the five pillars of the AWS Well-Architected Framework?
The five pillars are: 1) Operational Excellence, 2) Security, 3) Reliability, 4) Performance Efficiency, and 5) Cost Optimization.
What is the Operational Excellence pillar in the AWS Well-Architected Framework?
Operational Excellence focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures.
What is the Security pillar in the AWS Well-Architected Framework?
The Security pillar focuses on protecting data, systems, and assets by using strong access control, data protection mechanisms, and security automation.
What is the Reliability pillar in the AWS Well-Architected Framework?
Reliability focuses on ensuring that workloads can recover from infrastructure or service failures, meet availability requirements, and scale as needed.
What is the Performance Efficiency pillar in the AWS Well-Architected Framework?
Performance Efficiency focuses on using IT and computing resources efficiently to meet system requirements, while maintaining scalability.
What is the Cost Optimization pillar in the AWS Well-Architected Framework?
Cost Optimization involves avoiding unnecessary costs while maintaining the required performance, and using resources efficiently.
What is the purpose of Auto Scaling?
Auto Scaling ensures that you have the right amount of compute resources available to handle the load for your application. It automatically adjusts the number of EC2 instances based on traffic or demand.
What is an Elastic Load Balancer?
Elastic Load Balancer (ELB) automatically distributes incoming application traffic across multiple EC2 instances, containers, or IP addresses, ensuring high availability and fault tolerance.
