Upgrade & Secure Your Future with DevOps, SRE, DevSecOps, MLOps!

We spend hours on Instagram and YouTube and waste money on coffee and fast food, but won’t spend 30 minutes a day learning skills to boost our careers.
Master in DevOps, SRE, DevSecOps & MLOps!

Learn from Guru Rajesh Kumar and double your salary in just one year.


Get Started Now!

AWS

AWS Interview Questions and Answer Part – 35

January 18, 2020 comments off

Cloud Trail delivers logs to which of the following?

  • S3 buckets and RedShift instances
  • S3 buckets and EC2 instances
  • S3 buckets and CloudWatch Logs groups (Ans)
  • S3 buckets and RDS instances

In a policy, a resource is:

  • A role
  • An AWS object (Ans)
  • a network object
  • An IAM object

Policies are written in:

  • JSON (Ans)
  • SOAPjr
  • HTML
  • XML

Rolling back a policy to a previous version is accomplished by which of the following methods?

  • Setting the default version of the policy (Ans)
  • Deleting the later version of a policy to get to the desired version
  • Selecting the rollback action under policies

The best tool to identify excess permissions and inactive accounts is:

  • Amazon Inspector
  • Credential Report
  • Cloud Trail
  • Access Advisor (Ans)
  • Trusted Advisor

Roles can be used with federated users from all of the following except:

  • Google
  • Active Directory
  • Salesforce.com (Ans)
  • Facebook

Roles can be delegated to IAM users only if:

  • A trust has been established betwen the role creator and the user creator
  • A trust has been established to another AWS account (Ans)
  • They are federated with Active Directory users

Auditing answers all of the following questions except which one?

  • Who
  • How (Ans)
  • What
  • Where
  • When

Customer Managed policies are best for which of the following situations?

  • Those who need granularity and control over specific privileges (Ans)
  • Those wanting a simple policy experience
  • Those who are new to AWS policies

Which of the following policy types is deleted when the associated object is deleted?

  • AWS Managed Policies
  • Customer Managed Policies
  • System Managed Policies
  • Inline Policies (Ans)

When multiple statements exist in a single policy or multiple policies are applied to a single object, the policies are:

  • ORed (Ans)
  • Ignored as only one statement per policy or policy per object is allowed
  • ANDed
  • XORed

To revert to a previous version if a policy, you select which option?

  • Revert to policy
  • Set as active policy
  • Set as default (Ans)

IAM Roles can be assumed by:

  • Applications
  • IAM Users (Ans)
  • IAM Groups

IAM roles can be assumed by users in other accounts.

  • False
  • True (Ans)

The least expensive way to store cloud trail data for long periods of time is:

  • Archiving all data to Glacier
  • S3 Reduced Redundancy Storage
  • S3 Lifecycle policies in conjunction with Glacier (Ans)
  • S3 Infrequent Access

Which type of policies are used with roles to provide access to AWS resources?

  • Trust and Permission (Ans)
  • Account and Permission
  • Account and Access
  • Trust and Access

The best tool to identify potential compliance violations is:

  • Trusted Advisor
  • Cloud Trail
  • Credential Report
  • Access Advisor
  • Amazon Inspector (Ans)

Auditing can be used to look for cost savings.

  • False
  • True (Ans)

IAM Policies contant all of the following components except:

  • Resource
  • Effect
  • Action
  • Condition
  • Result (Ans)

If versioning of policies and the ability to revert to a previous version are required, select the _ policy type.

  • Inline
  • Customer Managed (Ans)
  • Version-enabled
  • AWS Managed

Cloud Trail is enabled on a _ basis.

  • Object
  • Region (Ans)
  • Availability Zone

When policies are evaluated, the precedence in permissions is:

  • Least Restricitive
  • Explicit Deny, Explicit Allow, Implicit Deny (Ans)
  • Explicit Allow, Explicit Deny, Implicit Deny
  • Most Restricitive

Cloud Trail data can be encrypted.

  • False
  • True (Ans)

IAM roles can be assigned to EC2 servers to provide access to AWS resources for applications running on that server.

  • False
  • True (Ans)

Cloud Trail audits which of these?

  • API Access
  • Neither of these
  • Both of these (Ans)
  • Console Access

Manged policies exist as stand-alone objects that can be associated with multiple IAM objects.

  • False
  • True (Ans)

The AWS security best practice for applications requiring access to AWS resources is to:

  • Embed Access Keys and Secret keys within those applications
  • Prompt the user for an IAM user name and password when access is needed
  • Assign roles to applications
  • Assign roles to EC2 servers running those applications (Ans)
DevOps Certification, SRE Certification, and DevSecOps Certification by DevOpsSchool

Explore our DevOps Certification, SRE Certification, and DevSecOps Certification programs at DevOpsSchool. Gain the expertise needed to excel in your career with hands-on training and globally recognized certifications.