General Knowledge defined on AWS(6-10)

Question 1

What is AWS shared responsibility model?

Answer 1

The customer is responsible for security in the cloud. AWS is responsible for the security of the cloud.

Question 2

What is AWS Identity and Access Management (IAM)?

Answer 2

AWS Identity and Access Management (IAM)(opens in a new tab) enables you to manage access to AWS services and resources securely.

Question 3

What are some features of AWS Identity and Access Management (IAM)?

Answer 3

Create IAM users , groups ( can assign to users once policies are applied ), and roles ( temporary permissions that can be taken on by external or internal entities)
Create IAM policies(written in JSON they define privileges for API calls and can be attached to users, groups, and roles)
Enable Multi-factor authentication.

Question 4

What are some good practices for IAM in AWS?

Answer 4

Security principle of least privilege when granting permission, Create individual IAM users for each person who needs to access AWS and IAM roles are ideal for situations in which access to services or resources needs to be granted temporarily, instead of long-term.

Question 5

What is AWS Organizations used for?

Answer 5

You can use AWS Organizations(opens in a new tab) to consolidate and manage multiple AWS accounts within a central location.

Question 6

How do you control permissions through AWS Organizations?

Answer 6

In AWS Organizations, you can centrally control permissions for the accounts in your organization by using service control policies (SCPs)(opens in a new tab). SCPs enable you to place restrictions on the AWS services, resources, and individual API actions that users and roles in each account can access.(SCPs cannot be applied to individual Users, Groups and Policies)

Question 7

What is an Organizational unit in AWS Organizations?

Answer 7

In AWS Organizations, you can group accounts into organizational units (OUs) to make it easier to manage accounts with similar business or security requirements. When you apply a policy to an OU, all the accounts in the OU automatically inherit the permissions specified in the policy.

Question 8

What is AWS Artifact?

Answer 8

AWS Artifact(opens in a new tab) is a service that provides on-demand access to AWS security and compliance reports and select online agreements.

Question 9

What are some places to go in AWS to ensure compliance?

Answer 9

The Customer Compliance Center and AWS Artifact

Question 10

Which tasks can you complete in AWS Artifact?

Answer 10

Access AWS compliance reports on-demand and
Review, accept, and manage agreements with AWS.

Question 11

What is a Denial-of-service attack?

Answer 11

A denial-of-service (DoS) attack is a deliberate attempt to make a website or application unavailable to users.

Question 12

What is AWS Shield?

Answer 12

AWS Shield is a service that protects applications against DDoS attacks. AWS Shield provides two levels of protection: Standard and Advanced.

Question 13

What is AWS Key Management Service (AWS KMS)?

Answer 13

AWS Key Management Service (AWS KMS)(opens in a new tab) enables you to perform encryption operations through the use of cryptographic keys. A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data. You can use AWS KMS to create, manage, and use cryptographic keys. You can also control the use of keys across a wide range of services and in your applications.

Question 14

What is AWS WAF?

Answer 14

AWS WAF(opens in a new tab) is a web application firewall that lets you monitor network requests that come into your web applications. AWS WAF works together with Amazon CloudFront and an Application Load Balancer. Recall the network access control lists that you learned about in an earlier module. AWS WAF works in a similar way to block or allow traffic. However, it does this by using a web access control list (ACL)(opens in a new tab) to protect your AWS resources.

Question 15

What does Amazon Inspector do?

Answer 15

Amazon Inspector helps to improve the security and compliance of applications by running automated security assessments. It checks applications for security vulnerabilities and deviations from security best practices, such as open access to Amazon EC2 instances and installations of vulnerable software versions.

Question 16

What is Amazon GuardDuty?

Answer 16

Amazon GuardDuty(opens in a new tab) is a service that provides intelligent threat detection for your AWS infrastructure and resources. It identifies threats by continuously monitoring the network activity and account behavior within your AWS environment.

Question 17

What is Amazon CloudWatch?

Answer 17

Amazon CloudWatch(opens in a new tab) is a web service that enables you to monitor and manage various metrics and configure alarm actions based on data from those metrics.

Question 18

What are CloudWatch alarms?

Answer 18

With CloudWatch, you can create alarms(opens in a new tab) that automatically perform actions if the value of your metric has gone above or below a predefined threshold.

Question 19

What is CloudWatch dashboard?

Answer 19

The CloudWatch dashboard(opens in a new tab) feature enables you to access all the metrics for your resources from a single location.

Question 20

What is AWS CloudTrail?

Answer 20

AWS CloudTrail(opens in a new tab) records API calls for your account. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, and more. You can think of CloudTrail as a “trail” of breadcrumbs (or a log of actions) that someone has left behind them.

Question 21

What is CloudTrail Insights?

Answer 21

Within CloudTrail, you can also enable CloudTrail Insights(opens in a new tab). This optional feature allows CloudTrail to automatically detect unusual API activities in your AWS account.

Question 22

What is AWS Trusted Advisor?

Answer 22

AWS Trusted Advisor(opens in a new tab) is a web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices.

Question 23

What are the 5 pillars of AWS Trusted Advisor?

Answer 23

cost optimization, performance, security, fault tolerance, and service limits. For the checks in each category, Trusted Advisor offers a list of recommended actions and additional resources to learn more about AWS best practices. (There are 3 categorical outputs in each pillar The green check indicates the number of items for which it detected no problems. The orange triangle represents the number of recommended investigations. The red circle represents the number of recommended actions.)

Question 24

What is AWS Pricing Calculator?

Answer 24

The AWS Pricing Calculator(opens in a new tab) lets you explore AWS services and create an estimate for the cost of your use cases on AWS.

Question 25

Where do you go to pay AWS Bills?

Answer 25

Use the AWS Billing & Cost Management dashboard(opens in a new tab) to pay your AWS bill, monitor your usage, and analyze and control your costs.

Question 26

What is Consolidated billing?

Answer 26

The consolidated billing feature of AWS Organizations enables you to receive a single bill for all AWS accounts in your organization. By consolidating, you can easily track the combined costs of all the linked accounts in your organization. The default maximum number of accounts allowed for an organization is 4, but you can contact AWS Support to increase your quota, if needed.(You can share savings plans as well across accounts)

Question 27

What is AWS Budgets?

Answer 27

In AWS Budgets(opens in a new tab), you can create budgets to plan your service usage, service costs, and instance reservations.

Question 28

What is AWS Cost Explorer?

Answer 28

AWS Cost Explorer(opens in a new tab) is a tool that lets you visualize, understand, and manage your AWS costs and usage over time.(You can use tags to track costs and get an in-depth look)

Question 29

What are the AWS Support Plans?

Answer 29

Basic
Developer
Business
Enterprise On-Ramp
Enterprise

Question 30

What is a Technical Account Manager (TAM)?

Answer 30

The Enterprise On-Ramp and Enterprise Support plans include access to a Technical Account Manager (TAM). TAMs provide expert engineering guidance, help you design solutions that efficiently integrate AWS services, assist with cost-effective and resilient architectures, and provide direct access to AWS programs and a broad community of experts.

Question 31

What does AWS Marketplace provide?

Answer 31

AWS Marketplace(opens in a new tab) is a digital catalog that includes thousands of software listings from independent software vendors. You can use AWS Marketplace to find, test, and buy software that runs on AWS.

Question 32

What is AWS Cloud Adoption Framework (AWS CAF)?

Answer 32

The AWS Cloud Adoption Framework (AWS CAF)(opens in a new tab) organizes guidance into six areas of focus, called Perspectives

Question 33

What are the 6 categories of AWS CAF

Answer 33

Business Perspective, People Perspective, Governance Perspective, Platform Perspective, Security Perspective and Operations Perspective

Question 34

What are the 6 strategies for migration?

Answer 34

Rehosting(no effort just moving to AWS)
Replatforming(minimal effort like moving MySQL DB to RDS MySQL DB)
Refactoring/re-architecting(Big effort restructuring)
Repurchasing
Retaining( just keep the application for a little while longer than retireing)
Retiring( not moving application at all to AWS since it is absolete)

Question 35

What are the SNOW categories for Data Migrations?

Answer 35

AWS SnowCone, AWS SnowBall and AWS SnowMobile (Goes from smallest to largest data needs all are physical equipment delivered to you for migrations).

Question 36

Which service enables you to quickly build, train, and deploy machine learning models?

Answer 36

Amazon SageMaker

Question 37

What are Well-Architected Framework is based on six pillars?

Answer 37

Operational excellence
Security
Reliability
Performance efficiency
Cost optimization
Sustainability