Must Knows!

Question 1

Which service should you use if you need a scalable, fast, and flexible non-relational database service?

Answer 1

Amazon DynamoDB

Question 2

What is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability?

Answer 2

Amazon DynamoDB

Question 3

What is a data warehousing service that is specifically designed for online analytic processing (OLAP) and business intelligence (BI) applications which require complex queries against large datasets?

Answer 3

Amazon Redshift

Question 4

Which database is used primarily as a relational database?

Answer 4

Amazon RDS

Question 5

Which database is commonly used as scalable object storage and not as a nonrelational database?

Answer 5

Amazon S3

Question 6

What is zone security?

Answer 6

Customer-specific control based on the AWS Shared Responsibility Model

Question 7

What can you use to connect your on-premises data center and your cloud architecture in AWS?

Answer 7

Virtual Private Gateway and Amazon Route 53

Question 8

What is a highly available and scalable cloud Domain Name System (DNS) web svc?

Answer 8

Amazon Route 53

Question 9

What enables EC2 instances in private subnet to connect to the Internet or other AWS services, but prevent the Internet from initiating a connection with those instances?

Answer 9

NAT Gateway

Question 10

What is VPC Peering? What can you VPC Peer with?

Answer 10

Networking connection between two VPCs; can create a VPC peering connection between your own VPCs, with a VPC in another AWS account, or with a VPC in a different AWS Region.

Question 11

What are six advantages of using Cloud Computing?

Answer 11

1. Trade capital expense for variable expense
2. Benefit from massive economies of scale
3. Stop guessing capacity
4. Increase speed and agility
5. Stop spending money running and maintaining data centers
6. Go global in minutes

Question 12

In the VPC dashboard of your AWS Management Console, which of the following services or features below can you manage?

Answer 12

All of the components of your VPCs (Subnets, Internet Gateways, NAT Gateways, Elastic IPs and many more)

Control the security of your VPC by configuring the Network ACLs and Security Groups

Question 13

How can you apply and easily manage the common access permissions to a large number of IAM users in AWS?

Answer 13

Attach policies/permissions to new IAM Group; then, add the IAM Users to the IAM Group

Question 14

Which of the following services in AWS could you use to deploy a web application to servers running on-premises?

Answer 14

OpsWorks & CodeDeploy

Question 15

What are patterns of cloud architecture for mission-critical application in AWS which must be highly available?

Answer 15

Use multiple Availability Zones to ensure that the application can handle the failure of any single component.

Question 16

What can improve the security of your Identity and Access Management (IAM) users?

Answer 16

1. Rotate credentials regularly
2. Configure a strong password policy for your users
3. Enable MFA

Question 17

Which type of Elastic Load Balancer supports path-based routing, host-based routing, and bi-directional communication channels using WebSockets?

Answer 17

Application Load Balancer

Question 18

Which type of Elastic Load Balancer is best suited for load balancing of Transmission Control Protocol (TCP), User Datagram Protocol (UDP) and Transport Layer Security (TLS) traffic where extreme performance is required. Operating at the connection level (Layer 4), Network Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) and is capable of handling millions of requests per second while maintaining ultra-low latencies, as well as sudden and volatile traffic patterns?

Answer 18

Network Load Balancer

Question 19

What is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS?

Answer 19

Amazon Macie

Question 20

What service is primarily used for governance, compliance, operational auditing, and risk auditing of your AWS account?

Answer 20

AWS CloudTrail

Question 21

What service is just a virtual private server (VPS) solution and is not used for Amazon EC2 Scaling. This service provides developers compute, storage, and networking capacity and capabilities to deploy and manage websites and web applications in the cloud?

Answer 21

Amazon LightSail

Question 22

How does AWS lessen the time to provision your IT resources?

Answer 22

It provides various ways to programmatically provision IT resources

Question 23

What is capable of inspecting your AWS environment and makes recommendations for saving money, improving system performance and reliability, or closing security gaps?

Answer 23

AWS Trusted Advisor

Question 24

What is a is capable of inspecting your AWS environment and makes recommendations for saving money, improving system performance and reliability, or closing security gaps?

Answer 24

AWS Cost Explorer

Question 25

What gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount?

Answer 25

AWS Budgets

Question 26

What is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS?

Answer 26

AWS Inspector

Question 27

What categories does Trusted Advisor check?

Answer 27

Cost optimization, security, fault tolerance, performance, and service limits

Question 28

Which Cost Management Tool allows you to track your Amazon EC2 Reserved Instance (RI) usage and view the discounted RI rate that was charged to your resources?

Answer 28

AWS Cost and Usage Report

Question 29

What provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources?

Answer 29

AWS Systems Manager

Question 30

What additional features do Business or Enterprise support plans have?

Answer 30

Use-case guidance, AWS Trusted Advisor, API for interacting w/ support center and trusted advisors, and 3rd party software support

Question 31

What is an audit service that records all API calls made to your AWS account?

Answer 31

CloudTrail

Question 32

What is an automated security assessment service for EC2 instance (virtual OS)?

Answer 32

Amazon Inspector Service

Question 33

Opportunity to replace upfront _____ with ___ variable costs is a key financial benefit of migrating systems from on-prem to AWS

Answer 33

CAPEX & low

Question 34

In the Shared Responsibility Model, what are shared control between AWS and the customer?

Answer 34

Controls which apply to both the infra and customer layer, including Patch mgmgt, config mgmt, and awareness & training

Question 35

Which service provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services?

Answer 35

AWS CloudTrail

Question 36

What is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources?

Answer 36

AWS Config

Question 37

What should you use to retrieve compliance-related docs, such as ISO certifications, Payment Card Industry (PCI), and Service Organization Control (SOC) reports?

Answer 37

AWS Artifacts

Question 38

What has 99.99999999999% reliability and durability?

Answer 38

S3

Question 39

What service makes it easy to set up, operate, and scale a relational database in the cloud by providing cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups?

Answer 39

Amazon RDS

Question 40

What can you use to launch a new Amazon RDS database cluster to your VPC?

Answer 40

AWS CloudFormation
AWS CLI
AWS Management Console

Question 41

What is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates?

Answer 41

AWS CodePipeline

Question 42

Who is a senior customer service agent who is assigned to your account when you subscribe to an Enterprise or qualified Reseller Support plan?

Answer 42

AWS Concierge

Question 43

What can a developer use to interact with your AWS services?

Answer 43

AWS Management Console
AWS SDKs
AWS CLI

Question 44

Which service should you use if there is a need to launch a customized self-hosted database which requires a scheduled shutdown every night to save on cost?

Answer 44

Amazon EC2 instance w/ an EBS volume

Question 45

What is the recommended storage option when you run a database on an instance?

Answer 45

Amazon EBS

Question 46

Who helps customers of all sizes design, architect, migrate, or build new applications on AWS?

Answer 46

APN Consulting Partners

Question 47

Who provides software solutions that are either hosted on, or integrated with, the AWS platform?`

Answer 47

APN Technology Partners

Question 48

What service allows you to set coverage targets and receive alerts when your utilization drops below the threshold you define?

Answer 48

AWS Budgets

Question 49

What allows you to monitor your estimated AWS charges, this service still does not allow you to set coverage targets and receive alerts when your utilization drops below the threshold you define?

Answer 49

Amazon CloudWatch Billing Alarm

the latter is AWS Budget

Question 50

What is a highly available and scalable cloud Domain Name System (DNS) web service in AWS?

Answer 50

Amazon Route 53

Question 51

What is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names like www.tutorialsdojo.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other?

Answer 51

Amazon Route 53

Question 52

What is a service that makes it easier for you to add powerful visual analysis to your applications that enables you to search, verify, and organize millions of images?

Answer 52

Rekognition

Question 53

What is a core Windows service that provides the foundation for many enterprise-class Microsoft-based solutions, including Microsoft SharePoint, Microsoft Exchange, and .NET applications?

Answer 53

Active Directory Domain Service

Question 54

What is an easy-to-use cloud platform that offers everything you need to build an application or website, plus a cost-effective, monthly plan?

Answer 54

Lightsail

Question 55

What are the benefits of Edge location?

Answer 55

1. Improves application performance by delivering content closer to your users
2. Provides caching which reduces the load on your origin servers

Question 56

Which services are regarded as regional services in AWS?

Answer 56

AWS Batch

Amazon EFS

Question 57

What EC2 instance purchasing option provides 75% discount?

Answer 57

Standard Reserved Instance

Question 58

What EC2 instance purchasing option provides 54% discount?

Answer 58

Convertible Reserved Instance

Question 59

Which service should a customer use if there is a requirement to launch a new database in AWS where the customer assumes the responsibility and management of the guest operating system, including updates and security patches?

Answer 59

Amazon EC2

Question 60

Be happy

Answer 60

Be happy

Question 61

What is a fully-managed document database service that supports MongoDB workloads?

Answer 61

Amazon DocumentDB

Question 62

Which AWS service should you use if you need to launch a highly scalable MySQL database?

Answer 62

Amazon Aurora

Question 63

What is a fully managed by Amazon Relational Database Service (RDS), which automates time-consuming administration tasks like hardware provisioning, database setup, patching, and backups?

Answer 63

Amazon Aurora

Question 64

What service makes it easy for you to deploy and run Memcached or Redis protocol-compliant server nodes in the cloud.?

Answer 64

Amazon ElastiCache

Question 65

What is the most cost-effective AWS Support Plan to use if you need access to AWS Support API for programmatic case management?

Answer 65

Business

Question 66

*Which AWS services should you use to store rapidly changing data with low read and write latencies?

Answer 66

Amazon EBS & Amazon RDS

Question 67

What can Amazon CloudWatch Logs can accomplish?

Answer 67

1. Adjust the retention policy for each log group

2. Monitor application logs from Amazon EC2 Instances

Question 68

Which combination of AWS services should you use to serve the files with lowest possible latency?

Answer 68

CloudFront & Amazon S3

Question 69

What is a caching feature for DynamoDB?

Answer 69

Amazon DynamoDB Accelerator (DAX)

Question 70

What is your one-stop-shop for accessing the most granular data about your AWS costs and usage, which also allows you to load your cost and usage information into Amazon Athena, Amazon Redshift, AWS QuickSight, or a tool of your choice?

Answer 70

Cost and Usage Report

Question 71

What can you do with Cost and Usage Report?

Answer 71

1. Access comprehensive AWS cost and usage information
2. Track your Amazon EC2 Reserved Instance (RI) usage
3. Leverage strategic data integrations

Question 72

A company is planning to adopt a hybrid cloud architecture with AWS. Which of the following can they use to assist them in estimating their costs?

Answer 72

AWS Total Cost of Ownership (TCO) Calculator

To estimate a bill, use the AWS Pricing Calculator.

Question 73

What service can forecast your costs based on your previous usage?

Answer 73

AWS Cost Explorer

Question 74

What service provides the lowest-cost storage option for retaining database backups which also allows occasional data retrieval in minutes?

Answer 74

Amazon Glacier

Question 75

What is an object storage service that offers industry-leading scalability, data availability, security, and performance?

Answer 75

Amazon S3

Question 76

What service should you use to host a new Microsoft SQL Server database in AWS for an urgent project?

Answer 76

Amazon RDS & EC2

Question 77

Which IAM identity is associated with the access keys that are used in managing your cloud resources via the AWS Command Line Interface (AWS CLI)?

Answer 77

IAM User

Question 78

What are the benefits of Amazon RDS, ElastiCache, and CloudSearch?

Answer 78

They are all managed, i.e. easy to set up, operate, and scale a relational database in the cloud; provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need. Periodically, Amazon RDS performs maintenance on Amazon RDS resources. Maintenance most often involves updates to the DB instance’s underlying hardware, underlying operating system (OS), or database engine version.

Question 79

What are the policy options for Route 53?

Answer 79

Simple routing policy, weighted routing policy, latency routing policy (redirect user based on user to minimize latency), failover routing policy

Question 80

What is an AWS CDN (content delivery network) service?

Answer 80

AWS CloudFront

Question 81

What service improves read performance and user experience by caching content at the edge?

Answer 81

AWS CloudFront

Question 82

What can CloudFront cache from?

Answer 82

S3 bucket & Custom Origin (Http)

Customer origin includes:
App Load Balancer, EC2 instance, S3 website, and any http backend

Question 83

Global edge network

Answer 83

CloudFront

Question 84

What is CloudFront good for?

Answer 84

Static content that must be available everywhere

Question 85

What should you use to replicate entire S3 bucket into another region?

Answer 85

S3 Cross Region Replication

Question 86

What is great for content that needs to be available at low latency in few regions? How does it work?

Answer 86

S3 Cross Region Replication

File is transferred to an AWS edge location, which will then forward the data to the S3 bucket in the target region to increase transfer speed

Question 87

What improves global application availability and (60%) performance using AWS global internal network?

Answer 87

AWS global accelerator

Question 88

What are the similarities between AWS Global Accelerator and CloudFront?

Answer 88

Both use AWS global network and edge locations, and integrate with AWS Shield for DDoS protection

Question 89

What are the differences between AWS Global Accelerator and CloudFront?

Answer 89

CloudFront uses caching (of images & videos & dynamic content - API & dynamic content) and content is served at the edge

Global Accelerator does not use caching; they are proxying packets at the edge to applications running in 1/1+ AWS regions

AWS Global Accelerator and Amazon CloudFront are separate services that use the AWS global network and its edge locations around the world. CloudFront improves performance for both cacheable content (such as images and videos) and dynamic content (such as API acceleration and dynamic site delivery). Global Accelerator improves performance for a wide range of applications over TCP or UDP by proxying packets at the edge to applications running in one or more AWS Regions. Global Accelerator is a good fit for non-HTTP use cases, such as gaming (UDP), IoT (MQTT), or Voice over IP, as well as for HTTP use cases that specifically require static IP addresses or deterministic, fast regional failover. Both services integrate with AWS Shield for DDoS protection.

Question 90

What 8 svcs are AWS customers welcomed to carry out security assessments or pen test against without prior approval?

Answer 90

• Amazon EC2 instances, NAT Gateways, and Elastic Load Balancers
• Amazon RDS
• Amazon CloudFront
• Amazon Aurora
• Amazon API Gateways
• AWS Lambda and Lambda Edge functions
• Amazon Lightsail resources
• Amazon Elastic Beanstalk environments

Question 91

What is AWS encryption service for data both at rest and in transit?

Answer 91

AWS Key Management Service (KMS)

Question 92

What cloud optimized database supports SQL and automatically grows in increments of 10 GB up to 64 GB?

Answer 92

Aurora

Question 93

Which service provides alerts and remediation guidance when AWS is experiencing events that may impact you?

Answer 93

AWS Personal Health Dashboard

Question 94

What service provides access to current status and historical data about each and every Amazon Web Service?

Answer 94

AWS Service Health Dashboard

Question 95

Which are AWS serverless platform that does not require provisioning, maintaining, and administering servers for backend components?

Answer 95

Serverless computing: AWS Lambda, Lambda@Edge, and AWS Fargate

API Proxy: Amazon API Gateway services

Question 96

A customer currently has a Basic support plan and they are planning to use the Infrastructure Event Management, Well-Architected Reviews and Operations Reviews features in AWS. What should they do in order to access these features in the most cost-effective manner?

Answer 96

AWS Enterprise Support

Question 97

What is the only support plan to have specific SLA for “business-critical system down”? What is it?

Answer 97

Enterprise and <15 mins

Question 98

A company needs to troubleshoot an issue on their serverless application which is composed of an API Gateway, Lambda function, and a DynamoDB database. Which service should they use to trace user requests as they travel through their entire application?

Answer 98

AWS X-ray

Question 99

Which AWS Cost Management tools enable you to forecast future costs and usage of your AWS resources based on your past consumption?

Answer 99

Cost Explorer

Question 100

What allows you to estimate your AWS bill by manually entering your planned resources by service. It does not forecast future costs and usage of your AWS resources based on your past consumption, unlike the AWS Cost Explorer.?

Answer 100

AWS Pricing Calculator

Question 101

What lists your AWS usage for each service category used by an account and its IAM users in hourly or daily line items, as well as any tags that you have activated for cost allocation purposes?

Answer 101

AWS Cost and Usage report

Question 102

What is a fully managed service that uses machine learning to deliver highly accurate forecasts of any time-series data, such as retail demand, manufacturing demand, travel demand, revenue, IT capacity, logistics, and web traffic.?

Answer 102

Amazon Forecast

Redshift is columnar OLAP not transaction

Question 103

What is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. It also allows you to establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections?

Answer 103

AWS Direct Connect

Question 104

What is the difference between VPN Connection/AWS VPN CloudHub and Direct Connect?

Answer 104

VPN is an internet-based connection unlike Direct Connect, which is a dedicated connection

Question 105

What services allows you to easily migrate petabyte-scale data to AWS?

Answer 105

AWS Snowball

Question 106

What is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet? AND serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses?

Answer 106

Internet gateway

Question 107

What is a service meant for creating, publishing, maintaining, monitoring, and securing APIs?

Answer 107

API Gateway

Question 108

What should you use to enable instances in a private subnet to connect to the Internet or other AWS services, but prevent the Internet from initiating connections with the instances?

Answer 108

NAT Gateways and NAT Instances

Question 109

What are the benefits of Amazon Relational Database Service?

Answer 109

Makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need.

Question 110

What is a fast, fully managed data warehouse that makes it simple and cost-effective to analyze all your data using standard SQL and your existing Business Intelligence (BI) tools?

Answer 110

Amazon Redshift

Question 111

Which should you use to automatically transfer your infrequently accessed data in your S3 bucket to a more cost-effective storage class?

Answer 111

Lifecycle policy

Question 112

What service helps you migrate databases to AWS quickly and securely, which keeping the source database remains fully operational during the migration, minimizing downtime to applications that rely on the database?

Answer 112

The AWS Database Migration Service. It can migrate your data to and from most widely used commercial and open-source databases, and supports both homogeneous & heterogeneous migration

Question 113

What services will help you create a highly available and scalable web app in the cloud?

Answer 113

AWS ELB and Amazon EC2 Auto Scaling.

Question 114

What is a fully managed application streaming service which you can use to centrally manage your desktop applications?

Answer 114

Amazon AppStream 2.0

Question 115

What do you need to launch an EBS-backed EC2 instance?

Answer 115

EBS Root volume, VPC and subnet specification, and Security Group

Question 116

What service should you use to ingest real-time data such as video, audio, application logs, website clickstreams, and IoT telemetry data for machine learning, analytics, and other applications?

Answer 116

Amazon Kinesis

Question 117

What service enables you to process and analyze data as it arrives and respond instantly instead of having to wait until all your data is collected before the processing can begin?

Answer 117

Amazon Kinesis

Question 118

Be happy

Answer 118

Be happy

Question 119

What is a web service that helps you reliably process and move data between different AWS compute and storage services, as well as on-premises data sources, at specified intervals?

Answer 119

Amazon Data Pipeline

Question 120

What is best suited for load balancing of HTTP and HTTPS traffic and provides advanced request routing targeted at the delivery of modern application architectures, including microservices and containers? And, also routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) based on the content of the request by operating at the individual request level (layer 7)?

Answer 120

Application Load Balancer

Question 121

Which of the following allows you to create and deploy infrastructure-as-code templates in AWS?

Answer 121

CloudFormation

Question 122

What is a service that provides every developer and data scientist with the ability to build, train, and deploy machine learning models quickly in AWS?

Answer 122

Amazon SageMaker

Question 123

What is cloudsearch?

Answer 123

It is primarily used to set up, manage, and scale a search solution for your website or application in AWS.

Question 124

What lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define?

Answer 124

Amazon VPC

Question 125

Which is a fully-managed source control service that allows you to host Git-based repositories and enable code collaboration for your team via pull requests, branching, and merging?

Answer 125

AWS CodeCommit

Question 126

What unified UI enables you to quickly develop, build, and deploy applications on AWS? Where can you edit?

Answer 126

AWS CodeStar & Cloud9

Question 127

What is a fully managed build service that compiles source code, runs tests, and produces software packages that are ready to deploy?

Answer 127

AWS CodeBuild

Question 128

What is primarily used to automate code deployments to any instance, including EC2 instances and instances running on-premises?

Answer 128

AWS CodeDeploy

Question 129

What is a data migration and edge computing device that comes either compute and storage optimized?

Answer 129

AWS Snowball Edge

Question 130

What is primarily used to migrate tens of petabytes to exabytes of data in batches to the cloud?

Answer 130

AWS Snowmobile

Question 131

What is a data transport that is suitable for moving 8 TB of data?

Answer 131

AWS Snowcone

Question 132

What is a feature of Amazon CloudFront that lets you run code closer to users of your application, which improves performance and reduces latency?

Answer 132

Lambda@Edge

Question 133

Who is a part of AWS Enterprise Support which provides advocacy and guidance to help plan and build solutions using best practices, coordinate access to subject matter experts and product teams, and proactively keep your AWS environment operationally healthy?

Answer 133

Technical Account Management

Question 134

What should you use to retrieve the instance ID, public keys, and public IP address of their EC2 instance?

Answer 134

Instance metadata

Question 135

What mainly provides the information required to launch an instance, which is a virtual server in the cloud?

Answer 135

Amazon Machine Image

Question 136

Which service allows you to send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available?

Answer 136

Amazon SQS

Question 137

What is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications; and also eliminates the complexity and overhead associated with managing and operating message-oriented middleware, and empowers developers to focus on differentiating work; and, allows you to send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available?

Answer 137

Amazon SQS (Simple Queue Service)

Question 138

What are the characteristics of Amazon EC2 Convertible Reserved Instances?

Answer 138

• Allows the change of instance family, operating system, tenancy, and payment option
• Has the capability to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value

Question 139

What are the 5 pillars of Well-Architected Reviews?

Answer 139

1. Operational Excellence
2. Security
3. Reliability
4. Performance Efficiency
5. Cost Optimization

Question 140

What is a fully managed database in AWS that can be used to store JSON documents?

Answer 140

Amazon DynamoDb

Question 141

What is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads?

Answer 141

Amazon GuardDuty

Question 142

What is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS?

Answer 142

AWS Shield

Question 143

What is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources?

Answer 143

AWS WAF?

Question 144

What is typically used to secure your VPC subnets?

Answer 144

Network ACL (network access control list)

Question 145

What is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets that can be set up with rules similar to your security groups in order to add an additional layer of security to your VPC?

Answer 145

Network ACL (network access control list)

Question 146

What is used to secure your EC2 instances and RDS databases in a similar way with how network ACLs work? Can this be used for subnet security?

Answer 146

Security group

Question 147

What services can you use to test and troubleshoot IAM and resource-based policies?

Answer 147

IAM Policy Simulator

Question 148

What is primarily used if you want to add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily?

Answer 148

Amazon Cognito

Question 149

What should you use if you need to provide temporary AWS credentials for users who have been authenticated via their social media logins as well as for guest users who do not require any authentication?

Answer 149

Amazon Cognito Identity Pool

Question 150

What is the most secure way to provide applications temporary access to your AWS resources?

Answer 150

IAM role because instead of being uniquely associated with one person (like IAM user), a role is intended to be assumable by anyone who needs it

Question 151

There is an incident with your team where an S3 object was deleted using an account without the owner’s knowledge. What can be done to prevent unauthorized deletion of your S3 objects?

Answer 151

In S3, once versioning is enabled for your objects, you can also set up MFA delete so that deleting objects require an additional MFA authentication.

Question 152

Which policies grant the necessary permissions required to access your Amazon S3 resources?

Answer 152

User policies & Bucket policies