guru Flashcards
Which of the following is NOT a feature of IAM?
Integrates with existing active directory account allowing single sign on
Centralised control of your AWS account
Fine-grained access control to AWS resources
Allows you to setup biometric authentication, so that no passwords are required
Allows you to setup biometric authentication, so that no passwords are required
The AWS sign-in endpoint for SAML is https://signin.aws.amazon.com/saml.
True or False?
True
What is the name of the API call used to request temporary security credentials from the AWS platform when federating with Active Directory?
AssumeRoleWithSAML
CovertRoleToSAML
GetSAMLRole
ShowMeTheSAML
AssumeRoleWithSAML
When using Active Directory to authenticate to AWS, which of the following answers contains the correct steps, in the correct order?
Federating with Active Directory is not possible with AWS.
The user navigates to ADFS webserver. The user enter in their single sign on credentials. The user’s web browser receives a SAML assertion from the AD server. The user’s browser then posts the SAML assertion to the AWS SAML end point for SAML and the AssumeRoleWithSAML API request is used to request temporary security credentials. 5) The user is then able to access the AWS Console.
The user navigates to the AWS console. The user enter in their active directory single sign on credentials in to AWS. The user’s web browser receives a SAML assertion from AWS. The user is then able to access the AWS Console.
The user navigates to ADFS webserver. The user enter in their single sign on credentials. The user’s web browser receives a SAML assertion from the AD server. The user’s browser then posts the SAML assertion to the AWS SAML end point for SAML and the GiveUserSAMLAccess API request is used to request temporary security credentials. 5) The user is then able to access the AWS Console.
The user navigates to ADFS webserver. The user enter in their single sign on credentials. The user’s web browser receives a SAML assertion from the AD server. The user’s browser then posts the SAML assertion to the AWS SAML end point for SAML and the AssumeRoleWithSAML API request is used to request temporary security credentials. 5) The user is then able to access the AWS Console.
AWS recommends that EC2 instances have credentials stored on them so that the instances can access other resources (such as S3 buckets).
True or False?
False
What is the name of the service that allows users to use their social media account to gain temporary access to the AWS platform?
Facebook Sign In Service
Web Confederation Services
Web Identity Federation
Active Directory Authentication Services
Web Identity Federation
When using Web Identity Federation to allow a user to access an AWS service (such as an S3 bucket), which of the following is the correct order of steps?
A user logs in to the AWS platform using their facebook credentials. AWS authenticate with facebook to check the credentials. Temporary Security Access is granted to AWS.
A user makes the AssumeRoleWithWebIdentity API Call. The user is then redirected to facebook to authenticate. Once authenticated, the user is given an ID token. The user is then granted temporary access to the AWS platform.
Users cannot use Facebook credentials to access the AWS platform.
A user authenticates with facebook first. They are then given an ID token by facebook. An API call, AssumeRoleWithWebIdentity, is then used in conjunction with the ID token. A user is then granted temporary security credentials.
A user authenticates with facebook first. They are then given an ID token by facebook. An API call, AssumeRoleWithWebIdentity, is then used in conjunction with the ID token. A user is then granted temporary security credentials.
When authenticating using Web Identity Federation, which of the following is the API call used to obtain temporary security credentials?
GetRoleWithWebIdentity
GetRole
AssumeRoleWithWebIdentity
AssumeRole
AssumeRoleWithWebIdentity
Which statement best describes IAM?
IAM allows you to manage users, groups, and roles and their corresponding level of access to the AWS Platform.
IAM stands for Improvised Application Management, and it allows you to deploy and manage applications in the AWS Cloud.
IAM allows you to manage permissions for AWS resources only.
IAM allows you to manage users’ passwords only. AWS staff must create new users for your organization. This is done by raising a ticket.
IAM allows you to manage users, groups, and roles and their corresponding level of access to the AWS Platform.
SAML stands for Security Assertion Markup Language.
True or False?
True
XXXXXXXXXXXXXXXXXX
XXXXXXXXXXX
You have an EC2 instance that needs to know both its private IP address and its public IP address. To do this, the application needs to ________.
Run IPCONFIG (Windows) or IFCONFIG (Linux)
Use the following command: “AWS EC2 displayIP”
Retrieve the instance Metadata from http://169.254.169.254/latest/meta-data/
Retrieve the instance Userdata from http://169.254.169.254/latest/meta-data/
Retrieve the instance Metadata from http://169.254.169.254/latest/meta-data/
Which of the following languages is NOT supported by the AWS SDK?
Perl
Node.JS
C++
Python
Ruby
Perl
Which of the following best describes Amazon ECS?
The Elastic Container Service is a serverless system to manage running many Docker containers in a flexible and cost-effective way.
The Elastic Container Scheduler is a serverless system to manage running many Docker containers in a flexible and cost-effective way.
The Elastic Container Scheduler is a service that manages running Docker containers on a group of your EC2 instances.
The Elastic Container Service is a service that manages running Docker containers on a group of your EC2 instances.
The Elastic Container Scheduler is software that you can run and manage to orchestrate many running Docker containers.
The Elastic Container Service is software that you can run and manage to orchestrate many running Docker containers.
The Elastic Container Service is a service that manages running Docker containers on a group of your EC2 instances.
Which AWS service below is chargeable?
Elastic Beanstalk
Autoscaling
Elastic Load Balancers
Cloud Formation
Elastic Load Balancers
In order to enable encryption at rest using EC2 and Elastic Block Store, you must ________.
Mount the EBS volume in to S3 and then encrypt the bucket using a bucket policy.
Configure encryption when creating the EBS volume
Configure encryption using X.509 certificates
Configure encryption using the appropriate Operating Systems file system
Configure encryption when creating the EBS volume
The default region for an SDK is “US-EAST-1”.
True or False?
True
An HTTP 200 code means ________.
There has been a server side error
The request has failed
There has been a client side error.
The request was successful
The request was successful
An HTTP 3xx code means ________.
There has been a server side error
There has been a client side error
There has been a redirection
The request was successful
There has been a redirection
To accommodate the hosting of multiple sites, you can have multiple SSL certificates on an Elastic Load Balancer.
True or False?
False
To retrieve instance Metadata or Userdata, you will need to use which the following IP Addresses?
http: //192.168.0.254
http: //169.254.169.254
http: //10.0.0.1
http: //127.0.0.1
http://169.254.169.254
A HTTP 4XX code means ________.
The request was successful.
There has been a client side error.
There has been a server side error.
There has been a redirection.
There has been a client side error.
A HTTP 5XX code means ________.
The request was a success\
There has been a server side error
There has been a client side error
There has been a redirection
There has been a server side error
XXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXX
If you encrypt a bucket on S3, what type of encryption does AWS use?
Advanced Encryption Standard (AES) 128
International Data Encryption Algorithm (IDEA).
Advanced Encryption Standard (AES) 256
Data Encryption Standard (DES)
Advanced Encryption Standard (AES) 256
S3 provides unlimited storage.
True or False?
True
What is the HTTP code you would see once you successfully place a file in an S3 bucket?
404
200
524
312
200
You are using S3 in AP-Northeast to host a static website in a bucket called “acloudguru”. What would the new URL endpoint be?
https: //s3-ap-northeast-1.amazonaws.com/acloudguru/
http: //acloudguru.s3-website-ap-northeast-1.amazonaws.com
http: //www.acloudguru.s3-website-ap-northeast-1.amazonaws.com
http: //acloudguru.s3-website-ap-southeast-1.amazonaws.com
http://acloudguru.s3-website-ap-northeast-1.amazonaws.com
What is the largest size file you can transfer to S3 using a PUT operation?
5TB
100MB
1GB
5GB
5GB
If you want to enable a user to download your private data directly from S3, you can insert a pre-signed URL into a web page before giving it to your user.
True or false?
True
What is the maximum file size that can be stored on S3?
1TB
4TB
2TB
5TB
5TB
The minimum file size allowed on S3 is 1 byte.
True or False
False
In terms of performance, a scan is more efficient than a query.
True or False?
False
What is the API call to retrieve multiple items from a DynamoDB table?
BatchGet
GetItems
BatchGetItem
BatchGetItems
BatchGetItem
You have an application that needs to read 25 items of 13kb in size per second. Your application uses strongly consistent reads. What should you set the read throughput to?
10
25
50
100
100
DynamoDB is a No-SQL database provided by AWS.
True or False?
True
What does the error “ProvisionedThroughputExceededException” mean in DynamoDB?
The DynamoDB table is unavailable.
The DynamoDB table has exceeded the allocated space.
You exceeded your maximum allowed provisioned throughput for a table or for one or more global secondary indexes.
There is no such error message. The correct error message would be “ProvisionedThroughputFailureException”.
You exceeded your maximum allowed provisioned throughput for a table or for one or more global secondary indexes.
You have a motion sensor which writes 600 items of data every minute. Each item consists of 5kb. What should you set the write throughput to?
10
20
50
40
50
In terms of performance, a scan is more efficient than a query.
True or False?
False
Using the AWS portal, you are trying to Scale DynamoDB past its preconfigured maximums. Which service can you increase by raising a ticket to AWS support?
Global Secondary Indexes
Local Secondary Indexes
Provisioned throughput limits
Item Sizes
Provisioned throughput limits
10XXXXXXXXXX
XXXXXXXXXX
You have an EC2 instance that needs to know both its private IP address and its public IP address. To do this, the application needs to ________.
Run IPCONFIG (Windows) or IFCONFIG (Linux)
Retrieve the instance Userdata from http://169.254.169.254/latest/meta-data/
Retrieve the instance Metadata from http://169.254.169.254/latest/meta-data/
Use the following command: “AWS EC2 displayIP”
Retrieve the instance Metadata from http://169.254.169.254/latest/meta-data/
An HTTP 200 code means ________.
There has been a server side error
The request has failed
There has been a client side error.
The request was successful
The request was successful
The default region for an SDK is “US-EAST-1”.
True or False
True
When you first create an S3 bucket, this bucket is publicly accessible by default.
True or False
False
You are hosting a static website in an S3 bucket that uses Java script to reference assets in another S3 bucket. For some reason, these assets are not displaying when users browse to the site. What could be the problem?
You haven’t enabled Cross Origin Resource Sharing (CORS) on the bucket where the assets are stored.
You cannot use one S3 bucket to reference another S3 bucket.
Amazon S3 does not support Javascript.
You need to open port 80 on the appropriate security group in which the S3 bucket is located.
You haven’t enabled Cross Origin Resource Sharing (CORS) on the bucket where the assets are stored.
You have an application that needs to read 25 items of 13kb in size per second. Your application uses eventually consistent reads. What should you set the read throughput to?
50
10
25
100
50
XXXSQSQUIZXXXXXX
XXXXXXXXXX
Your EC2 instances download jobs from an SQS queue. However, they are taking too long to process the messages. What API call can you use to extend the length of time to process the jobs?
AlterMessageTime
SetMessageVisibility
ChangeMessageVisibility
ExtendMessageTime
ChangeMessageVisibility
What is the maximum visibility of an SQS message in a queue?
12 hours
1 day
1 hour
14 days
12 hours
What is the maximum long poll time out?
1 hour
20 seconds
50 seconds
5 minutes
20 seconds
You run a video-hosting website with two types of members: premium, fee-paying members; and free members. Each video that is uploaded is processed by a fleet of EC2 instances, which poll an SQS queue as videos are uploaded. However, you need to ensure that the videos uploaded by your premium, fee-paying members have a higher priority than those of your free members. How might you work with SQS to endure priority treatment of the premium members’ videos?
Create two SQS queues — one for premium members, and one for free members. Program your EC2 fleet to poll the premium queue first and, if empty, to then poll your free members SQS queue.
SQS would not be suitable for this scenario. It would be much better to use SNS to encode the videos.
SQS allows you to set priorities on individual items within the queue, so simply set the fee paying members at a higher priority than your free members.
Create two SQS queues — one for premium members, and one for free members. Program your EC2 fleet to poll the premium queue first and, if empty, to then poll your free members SQS queue.
SQS was the first service on the AWS platform?
True or False?
True
How large can an SQS message be?
128KB
512KB
64KB
256KB
256KB
An SQS message can be delivered multiple times.
True or False?
True
What is the default visibility timeout for a message in an SQS queue?
1 minute
1 year
15 minutes
30 seconds
30 seconds
What is the maximum retention period for an SQS message?
12 hours
1 day
14 days
1 hour
14 days
Which Amazon service can you use in conjunction with SQS to “fan out” SQS messages to multiple queues.
ElastiCache
SWF
SES
SNS
SNS
You have a fleet of EC2 instances that are constantly polling empty SQS queues, burning CPU cycles and costing your company money. What should you do?
Enable SQS Short Polling.
Delete the entire EC2 fleet so that they no longer poll the queue.
Enable SQS Long Polling.
Consider using ElastiCache to cache the messages, rather than SQS.
Enable SQS Long Polling.
You are designing a new application that processes payments and delivers promotional emails to customers. You need to ensure that the payment process takes priority over the creation and delivery of emails. How might you use SQS to achieve this.
Use 1 SQS queue for the platform. Use the HighPriority API call to ensure that all payment SQS messages take priority over the promotional email messages.
Use 1 SQS queue for the platform. Use the SetPriority API call to ensure that all payment SQS messages take priority over the promotional email messages.
Use 2 SQS queues for the platform. Have the EC2 fleet poll the promotional emails SQS queue first. If this queue is empty, then poll the payment emails queue.
Use 2 SQS queues for the platform. Have the EC2 fleet poll the payment SQS queue first. If this queue is empty, then poll the promotional emails queue.
Use 2 SQS queues for the platform. Have the EC2 fleet poll the payment SQS queue first. If this queue is empty, then poll the promotional emails queue.
