UDEMY

Question 1

IAM Credentials Report

Answer 1

All users and status of users (account level)

Question 2

IAM access advisor

Answer 2

At user level: shows permissions granted and where last accessed.

Question 3

How can you connect to and ECS instance

Answer 3

SSH
EC2
instance Connect

Question 4

What are the three placement Groups for Ec2

Answer 4

Spread-across multiple az (limit 7)
Cluster-same hardware same az
Partition: spreaad at least two AZx but can have more than one instance on az

Question 5

Root Volumes upon termination?

Answer 5

Delete on termination unless otherwise specified.

Question 6

Sticky sessions

Answer 6

ELB Sticky Session feature ensures traffic for the same client is always redirected to the same target (e.g., EC2 instance). This helps that the client does not lose his session data.

Question 7

What does “X Forward for Header modified” added to the back end of a load balancer mean?

Answer 7

To obtain the client’s IP Address

Question 8

Network LB

Answer 8

high performance low latecy

Question 9

T/F Application load balancers support TCP

Answer 9

False Http, https and web socket

Question 10

How can ALBs route traffice?

Answer 10

ALBs can route traffic to different Target Groups based on URL Path, Hostname, HTTP Headers, and Query Strings.

Question 11

ALBs are good for

Answer 11

containers

Question 12

S3 Key are made up of

Answer 12

a made up of prefix and object name.

Question 13

What does S3 Requester pays mean?

Answer 13

requester pays instead of the bucket owner. requester must be authenticated in AWS

Question 14

Purpose of an SNS or sqs or lamda resource access policy

Answer 14

attaches from S3 in replace of IAM policies (or all of these and can work with Event Bridge)

Question 15

s3 Select

Answer 15

400% faster to perform SQL queries

Question 16

S3 SSE Encryption

Answer 16

Owned and managed server side by ASWs. AES256
enabled by default for new buckets and objects

Question 17

S3 SSE KMS

Answer 17

User control and audit in Cloud Trail
Server Side Encryption

Question 18

S3 SSE-C Encryption

Answer 18

Server Side fully managed by AWS, but not stored by AWs. provides HTP Headers for every HTTP request made

Question 19

S3 Client Side Encryption

Answer 19

Clients encrypt before sent to S3 outside of AWS

Question 20

CORS (cross origin resource Sharing)

Answer 20

web browser based mechanism to allow requests while visiting other origins. CORS headers must be enabled. web browser security allows images from one s3 bucket originating from another request.

Question 21

S3 Access Points

Answer 21

“Access Policy” that defines what data the users can access based on the policy. (accesspoints had a DNS name internet or VPC)

can also be used for “Object Lamda”:

Question 22

difference btwn cloudfront and Cross region replicaiton

Answer 22

Cloudfront: DCN utilizes cacheing
CRR: replicates buckets in regions

Question 23

cloudfront pricing

Answer 23

cost varies on edge locations
by Terabytes (more data transferred lower cost)
three price classes:
1. all (most expensive)
2. 200: most regions
3. Least expensive regions

Question 24

Cloudfront invalidation

Answer 24

Force cache on ttl

Question 25

Global accelerator

Answer 25

uses Anycast IP
leverages AWS internal network to access edge networks