Technical Essentials - IntroToAWS Flashcards
Which cloud computing advantage is being described:
The cloud computing model is based on paying only for the resources that you use. This is in contrast to on-premises models of investing in data centers and hardware that might not be fully used.
a) stop guessing capacity
b) go global in minutes
c) pay-as-you-go
d) increase speed and agility
e) realize cost savings
f) benefit from massive economies of scale
c) pay-as-you-go
Which cloud computing advantage is being described:
By using cloud computing, you can achieve a lower cost than you can get on your own. Because usage from hundreds of thousands of customers is aggregated in the cloud, AWS can achieve higher economies of scale, which translates into lower pay-as-you-go prices.
a) stop guessing capacity
b) go global in minutes
c) pay-as-you-go
d) increase speed and agility
e) realize cost savings
f) benefit from massive economies of scale
f) benefit from massive economies of scale
Which cloud computing advantage is being described:
Stop guessing on your infrastructure capacity needs. When you make a capacity decision before deploying an application, you often end up either sitting on expensive idle resources or dealing with limited capacity. With cloud computing, these problems go away. You can access as much or as little capacity as you need, and scale up and down as required with only a few minutes notice.
a) stop guessing capacity
b) go global in minutes
c) pay-as-you-go
d) increase speed and agility
e) realize cost savings
f) benefit from massive economies of scale
a) stop guessing capacity
Which cloud computing advantage is being described:
IT resources are only a click away, which means that you reduce the time to make resources available to developers from weeks to minutes. This results in a dramatic increase in agility for the organization, because the cost and time it takes to experiment and develop is significantly lower.
a) stop guessing capacity
b) go global in minutes
c) pay-as-you-go
d) increase speed and agility
e) realize cost savings
f) benefit from massive economies of scale
d) increase speed and agility
Which cloud computing advantage is being described:
Companies can focus on projects that differentiate their business and remove the “undifferentiated heavy lifting”, instead of maintaining data centers. With cloud computing, you can focus on your customers, rather than racking, stacking, and powering physical infrastructure.
a) stop guessing capacity
b) go global in minutes
c) pay-as-you-go
d) increase speed and agility
e) realize cost savings
f) benefit from massive economies of scale
e) realize cost savings
Which cloud computing advantage is being described:
Applications can be deployed in multiple Regions around the world with a few clicks. This means that you can provide lower latency and a better experience for your customers at a minimal cost.
a) stop guessing capacity
b) go global in minutes
c) pay-as-you-go
d) increase speed and agility
e) realize cost savings
f) benefit from massive economies of scale
b) go global in minutes
In AWS, the physical infrastructure that makes up the AWS Global Infrastructure is in the form of ____.
Regions and Availability Zones
____ are geographic locations worldwide where AWS hosts its data centers.
Regions
Without explicit customer consent and authorization, data is not replicated from one ____ to another.
Region
What are the four main aspects to consider when choosing a Region to host your applications and workloads?
data compliance
latency
pricing
service availability
If your application is sensitive to ____ (the delay between a request for data and the response), choose a Region that is close to your user base.
latency
Due to the local economy and the physical nature of operating data centers, ____ vary from one Region to another.
prices
T/F: AWS services are available in all Regions.
False
The AWS documentation provides a table that shows the services available in each Region.
Enterprise companies often must comply with regulations that require customer data to be stored in a specific ____ territory.
geographic
Inside every Region is a cluster of ____.
Availability Zones
An Availability Zone consists of ____ data centers with redundant power, networking, and connectivity.
one or more
T/F: Availability Zones have code names. Because they are located inside Regions, they can be addressed by appending a letter to the end of the Region code name. us-east-1a or sa-east-1b
True
Depending on the AWS service that you use, your resources are either deployed at the ____, ____ or ____. Each service is different, so you must understand how the scope of a service might affect your application architecture.
Availability Zone, Region, or Global level
If you are not asked to specify an individual Availability Zone to deploy the service in, this is an indicator that the service operates on a ____ level.
Region-scope
For ____ services, AWS automatically performs actions to increase data durability and availability.
Region-scoped
Some services ask you to specify an Availability Zone. With these services, you are often responsible for increasing the ____ and ____ of these resources.
data durability
high availability
A well-known best practice for cloud architecture is to use ____-scoped managed services to maintain high availability and resiliency.
Region
When Region-scoped services are not available, make sure your workload is replicated across multiple ____.
Availability Zones
At a minimum, you should use ____ Availability Zones. That way, if an Availability Zone fails, your application will have infrastructure up and running in a second Availability Zone to take over the traffic.
two
____ locations are global locations where content is cached.
Edge
Amazon ____ delivers your content through a worldwide network of edge locations.
CloudFront
When a user requests content that is being served with CloudFront, the request is routed to the location that provides the lowest ____.
latency
When you work with the AWS Cloud, managing security and compliance is a shared responsibility between AWS and you. To depict this shared responsibility, AWS created the ____.
shared responsibility model
AWS is responsible for security ____ the cloud. This means that AWS protects and secures the infrastructure that runs the services offered in the AWS Cloud.
of
Identify who is responsible for protecting and securing AWS Regions, Availability Zones, and data centers, down to the physical security of the buildings.
a) aws
b) customer
a) aws
Identify who is responsible for managing the hardware, software, and networking components that run AWS services, such as the physical servers, host operating systems, virtualization layers, and AWS networking components.
a) aws
b) customer
a) aws
The level of responsibility that AWS has depends on the service. AWS classifies services into two categories.
Identify the category described below:
Compute services, such as Amazon Elastic Compute Cloud (Amazon EC2). AWS manages the underlying infrastructure and foundation services.
a) infrastructure services
b) abstracted services
a) infrastructure services
The level of responsibility that AWS has depends on the service. AWS classifies services into two categories.
Identify the category described below:
Services that require very little management from the customer, such as Amazon Simple Storage Service (Amazon S3). AWS operates the infrastructure layer, operating system, and platforms, in addition to server-side encryption and data protection.
a) infrastructure services
b) abstracted services
b) abstracted services
Customers are responsible for security ____ the cloud. When using any AWS service, the customer is responsible for properly configuring the service and their applications, in addition to ensuring that their data is secure.
in
The level of responsibility that the customer has depends on the service. AWS classifies services into two categories.
Identify the category described below:
Compute services, such as Amazon Elastic Compute Cloud (Amazon EC2). Customers control the operating system and application platform, in addition to encrypting, protecting, and managing customer data.
a) infrastructure services
b) abstracted services
a) infrastructure services
The level of responsibility that the customer has depends on the service. AWS classifies services into two categories.
Identify the category described below:
Services that require very little management from the customer, such as Amazon Simple Storage Service (Amazon S3). Customers are responsible for customer data, encrypting the data, and protecting it through network firewalls and backups.
a) infrastructure services
b) abstracted services
b) abstracted services
A key concept is that customers maintain complete control of their data and are responsible for managing the ____ related to their content.
security
Who is responsible for choosing a Region for AWS resources in accordance with data sovereignty regulations?
a) aws
b) customer
b) customer
Who is responsible for implementing data-protection mechanisms, such as encryption and scheduled backups?
a) aws
b) customer
b) customer
Who is responsible for using access control to limit who can access your data and AWS resources?
a) aws
b) customer
b) customer
The AWS root user has what two sets of credentials associated with it?
email address / password
access key id / secret access key
You need both the access key ID and secret access key to authenticate your requests through the ____ or ____.
AWS CLI
AWS API
Which supported MFA device is described below:
A software app that runs on a phone or other device that provides a one-time passcode. These applications can run on unsecured mobile devices, and because of that, they might not provide the same level of security as hardware or FIDO security keys.
a) Hardware TOTOP
b) Virtual MFA
c) FIDO security keys
b) Virtual MFA
Which supported MFA device is described below:
FIDO-certified hardware security keys are provided by third-party providers such as Yubico. You can plug your FIDO security key into a USB port on your computer and enable it using the instructions that follow.
a) Hardware TOTOP
b) Virtual MFA
c) FIDO security keys
c) FIDO security keys
Which supported MFA device is described below:
A hardware device, generally a key fob or display card device, that generates a one-time, six-digit numeric code based on the time-based one-time password (TOTP) algorithm.
a) Hardware TOTOP
b) Virtual MFA
c) FIDO security keys
a) Hardware TOTOP
____ ensures that the user is who they say they are. It answers the question, “Are you who you say you are?”
Authentication
____ is the process of giving users permission to access AWS resources and services. It determines whether a user can perform certain actions, such as read, edit, delete, or create resources. It answers the question, “What actions can you perform?”
Authorization
____ is an AWS service that helps you manage access to your AWS account and resources. It also provides a centralized view of who and what are allowed inside your AWS account (authentication), and who and what have permissions to use and work with your AWS resources (authorization).
AWS Identity and Access Management (IAM)
T/F: IAM is global and not specific to any one Region. You can see and use your IAM configurations from any Region in the AWS Management Console.
True
Which items below are features of IAM:
a) IAM is integrated with all AWS services by default.
b) You can grant other identities permission to administer and use resources in your AWS account without having to share your password and key.
c) Is available only on paid tiers
d) IAM supports MFA. You can add MFA to your account and to individual users for extra security.
e) IAM supports identity federation, which allows users with passwords elsewhere—like your corporate network or internet identity provider—to get temporary access to your AWS account.
b, d, e
a) IAM is integrated with MOST aws services
c) IAM is available on all tiers at no additional charge
An IAM ____ represents a person or service that interacts with AWS.
user
What two types of access can you provide when you create a user?
access to AWS management console
programmatic access to AWS CLI and AWS API
An IAM ____ is a collection of users. All users in the group inherit the permissions assigned to the group. This makes it possible to give permissions to multiple users at once.
group
T/F: To allow an IAM identity to perform specific actions in AWS, such as implement resources, you must grant the IAM user the necessary permissions.
True
To manage access and provide permissions to AWS services and resources, you create IAM ____ and attach them to an IAM identity.
policies
Identify the IAM policy json element described:
This element specifies whether the policy will allow or deny access. In this policy, the Effect is “Allow”, which means you’re providing access to a particular resource.
a) Version
b) Effect
c) Action
d) Resource
b) Effect
Identify the IAM policy json element described:
This element specifies the object or objects that the policy statement covers. In the policy example, the resource is the wildcard “*”. This represents all resources inside your AWS console.
a) Version
b) Effect
c) Action
d) Resource
d) Resource
Identify the IAM policy json element described:
This element defines the version of the policy language. It specifies the language syntax rules that are needed by AWS to process a policy. To use all the available policy features, include “Version”: “2012-10-17” before the “Statement” element in your policies.
a) Version
b) Effect
c) Action
d) Resource
a) Version
Identify the IAM policy json element described:
This element describes the type of action that should be allowed or denied. In the example policy, the action is “*”. This is called a wildcard, and it is used to symbolize every action inside your AWS account.
a) Version
b) Effect
c) Action
d) Resource
c) Action
An IAM ____ is an identity that can be assumed by someone or something who needs temporary access to AWS credentials.
role
IAM ____ do not have any login credentials like a username and password and the credentials used to sign requests are programmatically acquired, temporary in nature, and automatically rotated.
roles
The important thing to know about roles is that the credentials they provide ____ and roles are assumed ____.
expire
programmatically
You can leverage IAM roles to grant access to existing identities from your enterprise user directory. These are known as ____ users.
federated
AWS assigns a role to a federated user when access is requested through an identity provider. We also have AWS services that can make this process easier such as AWS ____.
IAM Identity Center
The below actions are al l examples of doing what?
Don’t share the credentials associated with the root user.
Consider deleting the root user access keys.
Activate MFA on the root account.
Lock down the AWS root user
____ is a standard security principle that advises you to grant only the necessary permissions to do a particular job and nothing more.
Least privilege
To implement least privilege for access control, start with the ____ set of permissions in an IAM policy and then grant additional permissions as necessary for a user, group, or role.
minimum
Which of the following are inappropriate uses for IAM?
a) secure access to your AWS account and resources
b) website authentication and authorization, such as providing users of a website with sign-in and sign-up functionality
c) provides a way to create and manage users, groups, and roles to access resources in a single AWS account
d) support security controls for protecting operating systems and networks
b, d
When you assume a role, IAM dynamically provides temporary credentials that expire after a defined period of time, between 15 minutes and 36 hours.
Users, on the other hand, have long-term credentials in the form of user name and password combinations or a set of access keys.
User access keys only expire when you or the account admin ____.
rotates the keys
User login credentials expire if you applied a ____ to your account that forces users to rotate their passwords.
password policy
T/F: Using an identify provider, such as AWS IAM Identity Center, is considered best practice.
True
