Pro

Question 1

IAM is universal

Answer 1

IAM is not region specific, it applies to all regions.

Question 2

The Root Account

Answer 2

The account created on first setup. It has complete administrative access rights

Question 3

Access Key ID and Secret Access Keys

Answer 3

1) These are created and assigned when first created. 2) These are not the same as a password, they cannot be used to login to the console. 3) You use these to access AWS via APIs and the CLI

Question 4

Secret Key Viewing

Answer 4

You only get to see the secret keys once, if you lose them you have to regenerate them.

Question 5

Multi-Factor Authentication (MFA)

Answer 5

1) Always 2) Always for your Root account 3) Always

Question 6

password rotation

Answer 6

customisable via a password policy rotation.

Question 7

IAM consists of what ?

Answer 7

1) Users 2) Groups 3) Policies 4) Roles

Question 8

New Users

Answer 8

Have no permissions when first created

Question 9

Power user access allows ?

Answer 9

Access to all AWS services except for management of groups and users within IAM.

Question 10

What is SSE ?

Answer 10

Server Side Encryption (SSE) * Amazon S3 Managed keys (SSE-S3) * KMS (SSE-KMS) (provides audit logs) * Customer-Provided Keys (SSE-C)

Question 11

What VPN options does AWS offer?

Answer 11

1) Hardware VPN (IPSec)
2) AWS Direct Connect (purchase a direct connection 1-10Gb personal connection)
3) AWS VPN Cloudhub (dedicated private (up to 10 routers))
4) Software VPN (VPN that terminates on an EC2 instance)

Question 12

What is AWS Artifact ?

Answer 12

It’s an AWS service that allows the end user to download compliance and reports usable in auditing processes.

(AWS > Services > Artifact)

Question 13

What is Cloud trail?

Answer 13

• It’s an AWS service that logs events history of an AWS account
• It’s on by default
• It can send the logs to an S3 bucket, and after that, to CloudWatch.
• It logs activity from Console Management, SDKs, CLI and other AWS services.

Question 14

What is cloud watch?

Answer 14

A big dispersed metrics gathering service, can you cannot opt our. CPU utilisation, I/O, Network throughput. You can create alarms based on statistics. alarms can send notifications and perform functions.

Question 15

What is an Elastic Load Balancer ?

Answer 15

A network or application layer load balancer that allows you to spread network or application load.

Question 16

What is the VPC?

Answer 16

Amazon Virtual Private Cloud. 1) Allow you to created virtual networks in the AWS cloud. 2) Allows complete control network configuration 3) Offers several layers of security controls 4) Other AWS services deploy into VPC. 5) Lives in a specific region 6) Can span multiple Availability Zones

Question 17

What is a VPC subnet ?

Answer 17

It is used to separate and divide multiple Amazon VPCs. It allows amazon VPCs to span multiple Availability Zones. (AZ) You can create as many as you want. Fewer is recommended.

Question 18

What are VPC route tables?

Answer 18

They control traffic going out of a subnet.

Question 19

What is the role of an IGW?

Answer 19

Allows access to the internet from the VPC.

Question 20

What is the role of the NACL?

Answer 20

It controls access to subnets. (stateless)

Question 21

what is a public subnet ?

Answer 21

A VPC subnet can communicate directly with the internet. *requires a IGW)

Question 22

what is a private subnet ?

Answer 22

A VPC subnet that cannot communicate directly with the internet.

Question 23

What is the AWS Security Group?

Answer 23

It is built into AWS. It is essentially a virtual firewall. controls accessibility basically, it filters traffic to your instances

Question 24

What is VTL ?

Answer 24

Virtual Tape Library (VTL) is a type of storage gateway available to AWS users.

Question 25

What is an RI ?

Answer 25

This is an Amazon EC2 Reserved Instance, there are 3 types.

Question 26

What is EFS ?

Answer 26

Elastic File system

Question 27

What is SQS ?

Answer 27

It is web service that you access to a message queue, that can be used to store messages.

Question 28

What is OLAP ?

Answer 28

Online Analytics Processing

Question 29

What compliance /regulations can AWS Artifact documents help with?

Answer 29

(PCI, HIPAAA, ISO, GDPR, SOX )