CloudFormation Physical resource
What Permissions
options does an AMI have?
a. Public Access, Owner only, Specific AWS Accounts
b. Public Access, Owner only, Specific IAM users
c. Public Access, Owner only, Specific Regions
d. Public Access, Specific AWS Accounts, Specific IAM users
·
a
What is NOT store in
an AMI?
a. boot volume
b. data volumes
c. AMI Permissions
d. Block Device Mapping
e. Instance settings
f. network setting
·
e, f
EC2 is an example of
which service model?
A. PAAS
B. IAAS
C. SAAS
D. DBaaS
E. FaaS
·
B
What is true of an AWS
Public Service?
a. Located in the public internet zone
b. located in the AWS Public zone
c. Located in a VPC
d. Publicly accessible by anyone
e. anyone can connect, but permissions are required to access the service
·
b, e
What is true of an AWS
Private Service
a. Located in the public internet
b. located in the AWS Public zone
c. Located in a VPC
d. accessible from the VPC it is located in
e. accessible from any other VPC
f. accessible from other VPCs or on-premise networks as long as private
networking is configured
·
c, d, f
·
what is true of Simple
Storage Service (S3)
a. S3 is an AWS Public Service
b. S3 is a private service
c. S3 is a web scale block storage system
d. S3 is an object storage system
e. Buckets can store a limit of 100TB of data
f. buckets can store an unlimited amount of data
·
a, d, f
what is a
CloudFormation Logical Resource
a. A resource in a stack which hasn't been created yet
b. a resource defined in a CloudFormation Template
c. a resource created in an AWS Account by CloudFormation
d. a name give to a resrource created with best practice configuration
·
b
What is a
CloudFormation Physical resource
a. a resource defined in a CludFormation template i.e. EC2Instance
b. a physical resource created by creating a CloudFormation stack
c. a product in AWS which is a physical piece of hardware i.e. a router
d. none of the above
·
b
what is a simple and
correct definition of High Availability?
a. a system which maximizes uptime
b. a system which is highly performing
c. a system which can operate through failure
d. a system which has regular backups and restore processes
·
a
which of the following
is a correct definition of a fault tolerant system?
a. a system which uses automation to return a service to operational status
with little user disruption
b. a system which has a 99.999% uptime
c. a system which allows failure, and can continue operating without disruption
d. a system which has regular and reliable system backups and restore processes
·
c
how many DNS root
servers exists?
a. 12
b. 13
c. 7
d. 100
·
b
who manages the DNS
Root Servers
a. IANA
b. 12 Large Organizations
c. IANA Root Server board
d. Google
·
b
who manages the DNS
Root Zone
a. IANA
b. 12 Large Organizations
c. IANA Root Server board
d. MIcrosoft
e. Nobody manages the root zone - its manged via the root hints file
·
a
which DNS Record Type
converts a HOST into an IPv4 Address
a. A
b. AAAA
C. TXT
D. MX
E. CNAME
F. NS
·
A
which DNS Record type
is hos the root zone delegates control of .org to the .org registry
A. A
B. AAAA
C. TXT
D. CNAME
E. MX
F. NS
·
F
Which type of
organization maintains the zones for a TLD (e.g. .ORG)
a. Registrar
b. Registry
c. IANA
d. none of the above
·
b
which type of
organization has relationships with the .org TLD zone manager allowing domain
registration?
a. Registrar
b. Registry
c. IANA
d. none of the above
·
a
how many subnets are
in a default VPC
a. 2
b. 3
c. equal to the number of AZs in the region the VPC is located in
d 10
·
c
what is the IP CIDR of
a default VPC
a. it depends on the region
b. random based on the AWS account
c. you can configure an IP range suitable for your network
d. 172.31.0.0/16
e. 10.0.0.0/16
·
d
is there a limit to
the number of IAM users in an AWS Account? If so, how many?
a. no limit
b. 1000 per region
c. 3000 per account
d. 5000 per account
e. 5000 per region
·
d
which of the following
are features of IAM groups
a. Admin groupings of IAM users
b. can hold identity permissions
c. can be used to login (Access Keys)
d. can be used to login (Username and password)
e. can be nested
·
a, b
what two policies are assigned to an IAM Role
a. permission policy
b. assumption policy
c. resource policy
d. trust policy
·
a, d
which of the following
are true for IAM Roles
a. roles have associated Long Term Credentials (Access Keys)
b. roles can be assumed
c. when assumed - temporary credentials are generated
d. roles can be logged into
e. when an identity logs into a role - temporary credentials are generated
·
b, c
what three features
are provided by AWS Organizations (pick all that apply)
a. consolidated billing
b. managed assistance for company and AWS account mergers
c. AWS Account restrictions using SCP
d. Account organization via OU's
e. Protection against credential leaks
f. Company ID reports
·
a, c, d
what functionality is
provided by CloudTrail
a. log ingestion
b. metrics management
c. account restrictions
d. account wide auditing and API logging
·
d
is it possible to
restrict what the Account Root User can do?
a. always
b. never
c. if AWS Organizations are used
d. if AWS Organizations are used .. but not the management account
·
d
what is Role Switching
a. change the permissions of an IAM role
b. changing the TRUST of a Role
c. changing who can assume a Role
d. Logging into a Role
e. Assuming a role in another AWS account to access that account via the
console UI
·
e
what are valid IAM
Policy Types (choose all that apply)
a. AWS Managed Policy
b. Customer Managed Policy
c. Self-managed Policy
d. Inline Policies
e. External Policies.
·
a, b, d