Security

Question 1

What is Salting?

Answer 1

Appending or prepending a random value to a piece of data before hashing it.

Question 2

What are rainbow table attacks?

Answer 2

They use pregenerated hashes of commonly used passwords.

Question 3

What kind of KMS keys do AWS integrated services use?

Answer 3

symmetric keys. You don’t have access to the key.

Question 4

Can you automatically rotate secrets in Secrets Manager?

Answer 4

Yes

Question 5

Can secrets in Secrets Manager be replicated?

Answer 5

Yes from region to region. Good for BC / DR

Question 6

Can AWS WAF be added to an NLB?

Answer 6

No. Only and ALB

Question 7

What is the most secure and scalable way to expose a service to 1000s of VPCs

Answer 7

AWS Private Link

Question 8

What are the requirements for Private Link?

Answer 8

A network load balancer (service VPC) and ENI (Customer VPC)

Question 9

How do you bypass TTL in CloudFront?

Answer 9

CloudFront Invalidation

Question 10

CloudWatchMetrics belong to?

Answer 10

NameSpaces

Question 11

What is a CloudWatch Dimension?

Answer 11

An attribute of a metric

Question 12

Can you send cloudwatch logs to Kinesis Data streams / firehose?

Answer 12

Yes. You can also filter them using a metric filter. This will allow you to send the metrics to third parties.

Question 13

Where do you query CloudWatch Logs natively?

Answer 13

CloudWatch Logs Insight

Question 14

What is a CloudWatch Logs Subscription?

Answer 14

It allows you to get a real-time stream of log events for processing and analysis.

Question 15

How could you aggregate cloudwatch logs from multiple accounts?

Answer 15

Have them all send to a single kinesis data stream. You can filter them using a subscription filter. Kinesis data firehose would store the result in S3

Question 16

What does CloudTrail insights do?

Answer 16

It detects unusual activity in your account. Service limits, IAM action bursts, etc..

Question 17

How long are events in Cloudtrail stored by default?

Answer 17

90 days

Question 18

What is CloudTrail lake?

Answer 18

It is a managed data lake for cloudTrail events. Events are converted to ORC format.

Question 19

How do you Query CloudTrail Lake?

Answer 19

Using SQL and you can visualize events in the dashboard.

Question 20

How are custom AWS Config rules created?

Answer 20

AWS Lambda

Question 21

Can you automate remediation of AWS Config violations?

Answer 21

Yes, using SSM Documents.

Question 22

What is SageMaker?

Answer 22

It is a fully managed service to build ML models.

Question 23

What is the SageMaker feature store?

Answer 23

It allows you to import your data and organize it.

Question 24

What Modes does SageMaker Feature Store support?

Answer 24

Streaming or Batch (S3, Athena, Etc..).

Question 25

What does SageMaker ML Lineage Tracking do?

Answer 25

It keeps a running history of your models for tracking and audit compliance.

Question 26

What is SageMaker Data Wrangler?

Answer 26

It is a built-in ETL pipeline for SageMaker. Tailored for ML projects.

Question 27

What is AWS CLoud9

Answer 27

It is a cloud-based integrated development environment, IDE. Works from your browser.

Question 28

What is the AWS Cloud Development Kit CDK?

Answer 28

It allows you to define your cloud infrastructure using a familiar language. .NEt , JavaScript, etc..

Question 29

What should you use if you want an alarm sent when costs exceed the budget allocated?

Answer 29

You would use AWS Budgets

Question 30

Can API Gateway connect to Kinesis Data Streams?

Answer 30

Yes

Question 31

What are the three API Gateway endpoints

Answer 31

Edge-Optimized

Regional - All in the same region.

Private - VPC access only

Question 32

Does API Gateway support cognito?

Answer 32

Yes

Question 33

In SQS, does the visibility timeout remove the message from the queue?

Answer 33

No

Question 34

Should you ever use Data Wrangler with PII

Answer 34

NO. Use Glue instead

Question 35

Can Redshift UNLOAD data to S3 Glacier Instant Retrieval?

Answer 35

No

Question 36

Can you use IAM database authentication with MS SQL

Answer 36

No.

Question 37

What does a high iterator age mean in Kinesis?

Answer 37

That the last record in the stream is aging which means data is not processed fast enough.

Question 38

How many lambda functions are executed per shard in Kinesis?

Answer 38

one per shard

Question 39

What does the parallelization factor do in Kinesis

Answer 39

a feature that allows you to process one shard of a Kinesis or DynamoDB data stream with more than one Lambda invocation simultaneously.