Pro Flashcards
Exam Pro Tips from A Cloud Guru
IAM is universal
IAM is not region specific, it applies to all regions.
The Root Account
The account created on first setup. It has complete administrative access rights
Access Key ID and Secret Access Keys
1) These are created and assigned when first created. 2) These are not the same as a password, they cannot be used to login to the console. 3) You use these to access AWS via APIs and the CLI
Secret Key Viewing
You only get to see the secret keys once, if you lose them you have to regenerate them.
Multi-Factor Authentication (MFA)
1) Always 2) Always for your Root account 3) Always
password rotation
customisable via a password policy rotation.
IAM consists of what ?
1) Users 2) Groups 3) Policies 4) Roles
New Users
Have no permissions when first created
Power user access allows ?
Access to all AWS services except for management of groups and users within IAM.
What is SSE ?
Server Side Encryption (SSE) * Amazon S3 Managed keys (SSE-S3) * KMS (SSE-KMS) (provides audit logs) * Customer-Provided Keys (SSE-C)
What VPN options does AWS offer?
1) Hardware VPN (IPSec)
2) AWS Direct Connect (purchase a direct connection 1-10Gb personal connection)
3) AWS VPN Cloudhub (dedicated private (up to 10 routers))
4) Software VPN (VPN that terminates on an EC2 instance)
What is AWS Artifact ?
It’s an AWS service that allows the end user to download compliance and reports usable in auditing processes.
(AWS > Services > Artifact)
What is Cloud trail?
- It’s an AWS service that logs events history of an AWS account
- It’s on by default
- It can send the logs to an S3 bucket, and after that, to CloudWatch.
- It logs activity from Console Management, SDKs, CLI and other AWS services.
What is cloud watch?
A big dispersed metrics gathering service, can you cannot opt our. CPU utilisation, I/O, Network throughput. You can create alarms based on statistics. alarms can send notifications and perform functions.
What is an Elastic Load Balancer ?
A network or application layer load balancer that allows you to spread network or application load.
What is the VPC?
Amazon Virtual Private Cloud. 1) Allow you to created virtual networks in the AWS cloud. 2) Allows complete control network configuration 3) Offers several layers of security controls 4) Other AWS services deploy into VPC. 5) Lives in a specific region 6) Can span multiple Availability Zones
What is a VPC subnet ?
It is used to separate and divide multiple Amazon VPCs. It allows amazon VPCs to span multiple Availability Zones. (AZ) You can create as many as you want. Fewer is recommended.
What are VPC route tables?
They control traffic going out of a subnet.
What is the role of an IGW?
Allows access to the internet from the VPC.
What is the role of the NACL?
It controls access to subnets. (stateless)
what is a public subnet ?
A VPC subnet can communicate directly with the internet. *requires a IGW)
what is a private subnet ?
A VPC subnet that cannot communicate directly with the internet.
What is the AWS Security Group?
It is built into AWS. It is essentially a virtual firewall. controls accessibility basically, it filters traffic to your instances
What is VTL ?
Virtual Tape Library (VTL) is a type of storage gateway available to AWS users.
What is an RI ?
This is an Amazon EC2 Reserved Instance, there are 3 types.
What is EFS ?
Elastic File system
What is SQS ?
It is web service that you access to a message queue, that can be used to store messages.
What is OLAP ?
Online Analytics Processing
What compliance /regulations can AWS Artifact documents help with?
(PCI, HIPAAA, ISO, GDPR, SOX )
