IAM, AWS CLI, EC2 Fundamentals

Question 1

What is the terminal command to list all iam users?

Answer 1

aws iam list-users

Question 2

What policy should be enabled to see the list of iam users in aws console?

Answer 2

IAMReadOnlyAccess

Question 3

How does the ec2 instance grant permission to allow for viewing list of iam users in the terminal?

Answer 3

The IAM role linked to the ec2 instance has a policy of IAMReadOnlyAccess

Question 4

What happens if the IAMReadOnlyAccess policy is not enabled on the role attached to the ec2 instance?

Answer 4

The command to view all users will fail

Question 5

What is the proper definition of an IAM Role?

Answer 5

An IAM entity that defines a set of permissions for making requests to AWS services, and will be used by an AWS service

Question 6

Which of the following is an IAM Security tool?
a) IAM Credentials Report
b) IAM Root Account Manager
c) IAM Services Report
d) IAM Security Advisor

Answer 6

IAM Credentials Report

IAM Credentials report lists all your AWS Account’s IAM Users and the status of their various credentials.

Question 7

Which answer is INCORRECT regarding IAM users?
a) IAM Users can belong to multiple User Groups
b) IAM users don’t have to belong to a user group
c) IAM policies can be attached directly to IAM users
d) IAM users access AWS services using root account credentials,

Answer 7

d)

IAM Users access AWS services using their own credentials (username & password or Access Keys).

Question 8

Which of the following is an IAM best practice?
a) create several, IAM users for one physical person
b) don’t use the root user account
c) share your AWS account credentials with your colleagues, so she, or he can perform a task for you
d) don’t enable MFA for easier access

Answer 8

b)
Use the root account only to create your first IAM User and a few account/service management tasks. For everyday tasks, use an IAM User.

Question 9

What are IAM Policies?
a) set up policies that defines how AWS accounts interact with each other
b) JSON documents that define a set up permissions for making requests to AWS services and can be used by IAM users user groups and IAM roles
c) set of policies that defines the password for IAM users
d) A set of policies is defined by AWS that show how customers interact with AWS

Answer 9

b)

Question 10

Which principle should you apply regarding IAM Permissions?

Answer 10

Grant least privilege

Don’t give more permissions than the user needs.

Question 11

What should you do to increase your root account security?

Answer 11

Enable MFA

When you enable MFA, this adds another layer of security. Even if your password is stolen, lost, or hacked your account is not compromised.

Question 12

IAM User Groups can contain IAM Users and other User Groups. True or False?

Answer 12

False

IAM User Groups can contain only IAM Users.

Question 13

An IAM policy consists of one or more statements. A statement in an IAM Policy does not consists which of the following,

a) Effect

b) Principal

c) Version

d) Action

e) Resource

Answer 13

c) Version

A statement in an IAM Policy consists of Sid, Effect, Principal, Action, Resource, and Condition. Version is part of the IAM Policy itself, not the statement.

Question 14

Which EC2 Purchasing Option can provide you the biggest discount, but it is not suitable for critical jobs or databases?

Answer 14

Spot Instances are good for short workloads and this is the cheapest EC2 Purchasing Option. But, they are less reliable because you can lose your EC2 instance.

Question 15

What should you use to control traffic in and out of EC2 instances?

Answer 15

Security Groups

Security Groups operate at the EC2 instance level and can control traffic.

Question 16

How long can you reserve an EC2 Reserved Instance?

Answer 16

1 or 3 years

EC2 Reserved Instances can be reserved for 1 or 3 years only.

Question 17

You would like to deploy a High-Performance Computing (HPC) application on EC2 instances. Which EC2 instance type should you choose?

a) Storage Optimized

b) Compute Optimized

c) Memory Optimized

d) General Purpose

Answer 17

b)

Compute Optimized EC2 instances are great for compute-intensive workloads requiring high-performance processors (e.g., batch processing, media transcoding, high-performance computing, scientific modeling & machine learning, and dedicated gaming servers).

Question 18

Which EC2 Purchasing Option should you use for an application you plan to run on a server continuously for 1 year?

a) Reserved Instances

b) Spot Instances

c) On-Demand Instances

Answer 18

a)

Reserved Instances are good for long workloads. You can reserve EC2 instances for 1 or 3 years.

Question 19

You are preparing to launch an application that will be hosted on a set of EC2 instances. This application needs some software installation and some OS packages need to be updated during the first launch. What is the best way to achieve this when you launch the EC2 instances?

a) Connect to each EC2 instance using SSH then install the required software and update your OS packages manually

b) write a bash script that installs the required Software and updates to your OS then contact AWS support and provide them with the script. They will then run it on your EC2 instance at launch.

c) write a bash script that installs the required software and updates to your OS then use the script in EC2 User Data when your launch EC2 instances

Answer 19

c)

EC2 User Data is used to bootstrap your EC2 instances using a bash script. This script can contain commands such as installing software/packages, download files from the Internet, or anything you want.

Question 20

Which EC2 Instance Type should you choose for a critical application that uses an in-memory database?

a) Storage Optimized

b) Compute Optimized

c) Memory Optimized

d) General Purpose

Answer 20

c)

Memory Optimized EC2 instances are great for workloads requiring large data sets in memory.

Question 21

You have an e-commerce application with an OLTP database hosted on-premises. This application has popularity which results in its database has thousands of requests per second. You want to migrate the database to an EC2 instance. Which EC2 Instance Type should you choose to handle this high-frequency OLTP database?

a) Storage Optimized

b) Compute Optimized

c) Memory Optimized

d) General Purpose

Answer 21

a)

Storage Optimized EC2 instances are great for workloads requiring high, sequential read/write access to large data sets on local storage.

Question 22

Security Groups can be attached to only one EC2 instance. True or False ?

Answer 22

Security Groups can be attached to multiple EC2 instances within the same AWS Region/VPC.

Question 23

You’re planning to migrate on-premises applications to AWS. Your company has strict compliance requirements that require your applications to run on dedicated servers. You also need to use your own server-bound software license to reduce costs. Which EC2 Purchasing Option is suitable for you?

a) Convertible Reserved Instances

b) Dedicated Hosts

c) Spot Instances

Answer 23

b)

Dedicated Hosts are good for companies with strong compliance needs or for software that have complicated licensing models. This is the most expensive EC2 Purchasing Option available.

Question 24

You would like to deploy a database technology on an EC2 instance and the vendor license bills you based on the physical cores and underlying network socket visibility. Which EC2 Purchasing Option allows you to get visibility into them?

a) Spot Instances

b) On-Demand

c) Dedicated Hosts

d) Reserved Instances

Answer 24

c)