Upgrade & Secure Your Future with DevOps, SRE, DevSecOps, MLOps!

We spend hours on Instagram and YouTube and waste money on coffee and fast food, but won’t spend 30 minutes a day learning skills to boost our careers.
Master in DevOps, SRE, DevSecOps & MLOps!

Learn from Guru Rajesh Kumar and double your salary in just one year.


Get Started Now!

AWS

AWS Interview Questions and Answer Part – 31

January 18, 2020 comments off

What is the definition of a managed policy?

  • Custom policy controlled by the customer
  • Deployed by the customer
  • Created and maintained by AWS (Ans)
  • Policies applied to users and groups

What’s one difference between a network access control lists and a security group?

  • Security groups can span availability zones.
  • Security groups control subnet access, and network access control lists control instance access.
  • Security groups control instance access; network access control lists manage subnet access. (Ans)
  • Security groups are stateless; network access control lists are stateful.

How can Windows instances take advantage of paravirtualization services at AWS?

  • There is PV support for network and storage drivers. (Ans)
  • Select compute optimized instances when deploying Windows.
  • Upgrade Windows instances to Windows Server 2016 Datacenter.
  • Windows instances cannot take advantage of her paravirtualization.

How are Amazon EC2 key pairs used for Windows authentication?

  • Decryption of the user logon credentials
  • Decryption of the administrator password (Ans)
  • Encryption and decryption of logon information zip file
  • Decryption of the administrators secret key

What is the purpose of the AWS security token service with regard to federated users?

  • Security credentials are provided when requested by end-users.
  • Federated users are provided with temporary security credentials. (Ans)
  • Security credentials are provided for access to AWS resources.
  • To integrate AWS Active Directory services with customers corporate Active Directory services.

How can AWS customers confirm that identity and access management security controls are verifiable?

  • Reviewing the ISO 27001 audit
  • Reviewing the SOC-2 audit
  • Reviewing the SOC-3 audit (Ans)
  • Reviewing current IAM settings

IAM policy defines what key component?

  • Compliance and integrity
  • Integrity and encryption
  • Authorization and compliance
  • Authentication and authorization (Ans)

What IAM policy choices control root account authentication?

  • IAM group policy
  • IAM policies in general
  • Multifactor authentication (Ans)
  • IAM username policy

Which of these statements best describes AWS Lambda?

  • Datastream analysis
  • Workflow orchestration for multiple tasks
  • Serverless technology for running functions (Ans)

Which of these tools can assist with designing an environment stop/start process?

  • EC2 instances
  • Service dependency map (Ans)
  • API credentials

Which of these most accurately describes the AWS CLI?

  • Compiled executables written in C# that enable end users to access the AWS service API endpoints
  • A unified single command that interfaces between the end user and the various AWS service API endpoints (Ans)
  • Downloadable java libraries that can be run as executables to access the AWS service API endpoints

Which of these is a true statement when copying an object into an S3 bucket that is owned by another account?

  • Object ownership follows the account performing the copy or upload. (Ans)
  • Object ownership is irrelevant.
  • Object ACLs are more important than object ownership.
  • Object ownership follows the bucket.

Which of these credential locations will be tested first when using the AWS CLI?

  • Instance profile credentials
  • Config file
  • Environment variables (Ans)
  • Credentials file

Which service is used to directly generate instance profile credentials, which are visible via EC2 instance metadata?

  • EC2
  • EBS
  • KMS
  • STS (Ans)

Which command line option helps restrict the amount of output when using the CLI?

  • region
  • dry-run
  • filter (Ans)
  • output

Which of these tasks can be easily performed using the AWS Console?

  • Bulk ACL creation
  • Bucket creation (Ans)
  • Intra-bucket copies

What is the meaning of the statement “The service API is a contract with the customer”?

  • The API can only be changed if all customers agree first.
  • The API can only be added to or extended, not changed or reduced in functionality. (Ans)
  • The API is never changed after initial service release.

What are the steps involved in deleting an AMI?

  • Terminate AMI, delete snapshots
  • Delete AMI
  • Deregister AMI, delete snapshots (Ans)

What is the most appropriate AWS feature for sorting EC2 instances?

  • EC2 instance type
  • Subnet
  • Metadata tags (Ans)
  • Security groups

MFA should be used for:

  • Priviledged users
  • Every IAM user
  • The root account
  • Priviledged users and the root account (Ans)
  • Every IAM group
DevOps Certification, SRE Certification, and DevSecOps Certification by DevOpsSchool

Explore our DevOps Certification, SRE Certification, and DevSecOps Certification programs at DevOpsSchool. Gain the expertise needed to excel in your career with hands-on training and globally recognized certifications.