The best tool to identify excess access keys and passwords that have NOT been rotated recently is:
- Cloud Trail
- Trusted Advisor
- Amazon Inspector
- Access Advisor
- Credential Report (Ans)
Which of the following AWS Directory Service offerings does not support transferring FSMO roles:
- AD Redirector
- AD Connector
- LDAP
- Simple AD (Ans)
- Enterprise AD
Which of the following is NOT part of Amazon’s responsibility?
- Availability Zones
- Edge locations
- Regions
- Network Security (Ans)
Which of the following is NOT an MFA option for IAM users?
- Google Authenticator
- Biometric (Ans)
- Hardware token (FOB)
- SMS (text)
- Windows Authenticator
Which of the following CANNOT have a role assigned to it?
- Federated User
- EC2 instance
- Web Service
- IAM Group (Ans)
- IAM User
Which of the following is NOT a type of policy?
- Inline Policy
- AWS Managed Policy
- Customer Managed Policy
- System Managed Policy (Ans)
The common parameters passed to AWS to grant federated access regardless of which API include all of the following except:
- Role name
- Duration for which the credentials are valid
- SAML Token (Ans)
Which of the following is NOT a reason to use multiple AWS accounts?
- Control access to different workloads by different administrators
- Reduce the potential damage after a security breach
- Control network security (Ans)
- Store auditing and backup data for safe keeping and restricted access
Which of the following is much more difficult when multiple accounts are used?
- Visibility of what money is spent on across accounts
- Maximum volume discounts (they are determined per account)
- Security consistency across accounts (Ans)
CloudTrail can save auditing information to:
- An S3 bucket per account
- An S3 bucket per region
- An S3 bucket for all accounts owned (Ans)
Which of the following identity sources is NOT supported with AWS?
- Twitter (Ans)
- Amazon
Which of the following uses a Rules Package to determine what gets reported?
- Amazon Inspector
- Access Advisor
- Cloud Trail
- Trusted Advisor
- Credential Report (Ans)
IAM Groups should be used to group:
- IAM Users (Ans)
- IAM Roles
- IAM Policies
IAM roles can be used for which of the following?
- Both of these (Ans)
- Neither of these
- Providing applications on EC2 servers access to AWS resources
- Identity Federation
Which of the following is NOT a VPC prerequisite when using AWS Directory Services?
- Two subnets in two availability zones
- Default hardware tenancy
- Two subnets in two regions (Ans)
When an object is deleted, which of the following policy type(s) is/are also deleted with it?
- Customer Managed
- AWS Managed
- None of these – policies must always be deleted separately from objects using them.
- Inline (Ans)
- All of these – all policies are automatically deleted.
The root user account looks like which of the following?
- A user name
- An account number
- A domain user name
- An email address (Ans)
You can require Multi Factor Authentication (MFA) be used with roles.
- Yes (Ans)
- No
To configure access across accounts for users, which of the following actions should be used?
- Create a duplicate user account in each AWS account for the administrator to use.
- Federate users and authenticate to a third party or on-premises directory.
- Create a role in each other AWS account, assign the correct permissions for that account, and allow the appropriate IAM users access to it. (Ans)
- Put IAM users from each of the accounts in the IAM group(s) in the accounts to which they need access.
The root account should be used for which of the following?
- Day-to-day administration
- Creating IAM users
- Initial setup and billing (Ans)
IAM users, groups, and roles cost how much per month?
- Pennies per thousand objects
- Nothingthey are free. (Ans)
- Pennies per hundred objects
- Pennies per ten thousand objects
- Gradle versions, their supported Java versions, and unsupported Java versions - December 23, 2024
- An Introduction of GitLab Duo - December 22, 2024
- Best Hospitals for affordable surgery for medical tourism - December 20, 2024