Term
|
Definition
Perform penetration testing as performed by attackers to find any vulnerability. The organization must take an approval from AWS before performing penetration testing
Perform hardening testing to find if there are any unnecessary ports open
Perform SQL injection to find any DB security issues
The code memory checks are generally useful when the organization wants to improve the application performance. |
|
|
Term
| In Dynamo DB, an item can have more than one attribute, true or false? |
|
Definition
|
|
Term
| A user is enabling logging on a particular bucket. Which of the below mentioned options may be best suitable to allow access to the log bucket? |
|
Definition
| grant the write permission to the Amazon S3 Log Delivery group to write access log objects to the user’s bucket |
|
|
Term
| Amazon SNS mobile push notifications, you first need an app for the mobile endpoints that uses one of the supported push notification services: |
|
Definition
|
|
Term
| What does Provisioned IOPS utilize? |
|
Definition
| optimized EBS volumes and an optimized configuration stack |
|
|
Term
| General Purpose SSD volumes |
|
Definition
| deliver within 10% of their baseline and burst performance 99% |
|
|
Term
|
Definition
| 10% of their provisioned performance 99.9% of the time in a given year |
|
|
Term
| A user has developed an application required to send the data to a NoSQL database. The user wants to decouple the process so that the application keeps processing and sending data, but does not wait for database acknowledgement. Which of the below mentioned applications helps in this scenario? |
|
Definition
| Amazon Simple Queue Service |
|
|
Term
| True or False: AWS CloudFormation allows you to create Microsoft Windows stacks. |
|
Definition
|
|
Term
| What is the best application to get instances running in the cloud from the start? |
|
Definition
| AWS Elastic Beanstalk is best suited for those groups who want to deploy and manage their applications within minutes in the AWS cloud. As a bonus, you don’t even need experience with cloud computing to get started |
|
|
Term
| Do you need to create a file system before mounting an EBS volume? True or False. |
|
Definition
|
|
Term
| What are the two ways a user can map an ELB to DNS? |
|
Definition
| 1) By creating CNAME with the existing domain name service provider or 2) By creating a record with Route 53. |
|
|
Term
|
Definition
| contains information about how to route traffic on the Internet for your domain |
|
|
Term
| alias resource record set |
|
Definition
| routes queries for your domain name to your load balancer |
|
|
Term
|
Definition
| enable you to inject information into a running workflow execution |
|
|
Term
|
Definition
| A workflow that is initiated when triggered from a parent task. |
|
|
Term
|
Definition
| allows you to record important history of the execution of SWF flows. |
|
|
Term
| What does SQS allow the user to do? |
|
Definition
| SQS allows the user to move data between distributed components of applications so they can perform different tasks without losing messages or requiring each component to be always available |
|
|
Term
| What kind of endpoints can SNS send messages to? |
|
Definition
| deliver notifications by SMS text message or email to the Amazon Simple Queue Service (SQS) queues or to any HTTP endpoint. |
|
|
Term
| Which of the following transports can a user select as part of a subscription request? |
|
Definition
| “HTTP”, “HTTPS”,”Email”, “Email-JSON”, “SQS”, “and SMS”. |
|
|
Term
| What does Cloud Formation allow the user to do? |
|
Definition
| AWS CloudFormation allows you to create Microsoft Windows stacks based on Amazon EC2 Windows Amazon Machine Images (AMIs) and provides you with the ability to install software, to use remote desktop to access your stack, and to update and configure your stack. |
|
|
Term
| Does Amazon Beanstalk support multiple run environments? True or False. |
|
Definition
|
|
Term
| What can the owner of a bucket do to make the objects another user publishes public? |
|
Definition
| An S3 object ACL is the only way to manage access to objects which are not owned by the bucket owner. An AWS account that owns the bucket can grant another AWS account permission to upload objects. |
|
|
Term
| Bob is an IAM user who has access to the EC2 services. Admin is an IAM user who has access to all the AWS services including IAM. Can Bob change his own password? |
|
Definition
| Yes, provided Admin has given access to Bob to change his password. |
|
|
Term
| What is the best way to configure an RDS instance to an ELB? |
|
Definition
| Configure the private IP to have access to the ELB. |
|
|
Term
| What are the core components of Dynamo DB? |
|
Definition
"Table", a collection of Items;
"Items", with Keys and one or more Attribute;
"Attribute", with Name and Value. |
|
|
Term
| Queue names characteristics? |
|
Definition
| Queue names are limited to 80 characters. Alphanumeric characters plus hyphens (-) and underscores (_) are allowed. Queue names must be unique within an AWS account. After you delete a queue, you can reuse the queue name. |
|
|
Term
| If you want to give access to 20 users for an AWS account which is the best option? |
|
Definition
| AWS Identity and Access Management is a web service that enables the AWS customers to manage users and user permissions in AWS. The IAM is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon RDS, and the AWS Management Console. With IAM, the organization can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access. |
|
|
Term
| What is the initial status when a user makes changes to the RDS group? |
|
Definition
| When the user makes any changes to the RDS security group the rule status will be authorizing for some time until the changes are applied to all instances that the group is connected with. Once the changes are propagated the rule status will change to authorized. |
|
|
Term
| A user is planning to create a structured database in the cloud. Which of the below mentioned AWS offerings help the user achieve the goal? |
|
Definition
|
|
Term
| What are the states of an S3 bucket? |
|
Definition
| unversioned (the default), versioning-enabled or versioning-suspended. |
|
|
Term
| What happens if a user does not specify a backup window? |
|
Definition
| If the user does not specify a preferred backup window while enabling an automated backup, Amazon RDS assigns a default 30-minute backup window which is selected at random from an 8-hour block of time per region. |
|
|
Term
| An account owner has created an IAM user with the name cloudacademy. The account owner wants to give EC2 access of only the US West region to that IAM user. How can the owner configure this? |
|
Definition
| Create an IAM policy and define region in condition. |
|
|
Term
| Does a secondary index support queries as well as scans? True or False? |
|
Definition
| True. In DynamoDB, a secondary index is a data structure that contains a subset of attributes from a table, along with an alternate key to support Query operations. |
|
|
Term
|
Definition
| helps the user identify the port used by the client while sending a request to ELB |
|
|
Term
| What are the different approaches to manage cookies with ELB? |
|
Definition
| The key to manage the sticky session is determining how long the load balancer should route the user's request to the same application instance. If the application has its own session cookie, then the user can set the Elastic Load Balancing to create the session cookie to follow the duration specified by the application's session cookie. If the user’s application does not have its own session cookie, then he can set the Elastic Load Balancing to create a session cookie by specifying his own stickiness duration. |
|
|
Term
| What is the best approach for restricting access to less than 5000 IAM users? |
|
Definition
| Identity federation enables users from an existing directory to access resources within your AWS account, making it easier to manage your users by maintaining their identities in a single place. In this case, the federated user is the only solution since AWS does not allow creating more than 5000 IAM users. |
|
|
Term
| How can you configure an elastic load balancer? |
|
Definition
| You can configure your load balancer in ELB (Elastic Load Balancing) to use a SSL certificate in order to improve your system security.The load balancer uses the certificate to terminate and then decrypt requests before sending them to the back-end instances. Elastic Load Balancing uses AWS Identity and Access Management (IAM) to upload your certificate to your load balancer. |
|
|
Term
| Can you move a different volume to the same EC2 instance in a different AZ? |
|
Definition
| If an EBS volume is not in the same AZ of an EC2 instance, it cannot be attached to the instance. The only option is to take a snapshot of the volume and create a new volume in the instance’s AZ. |
|
|
Term
| What is an Activity Worker? |
|
Definition
| activity worker is a program that receives activity tasks, performs them, and provides results back. Which translates to a piece of software that implements tasks. |
|
|
Term
| How does billing work within AWS? |
|
Definition
| Billing commences when Amazon EC2 initiates the boot sequence of an AMI instance. Billing ends when the instance shuts down, which could occur through a web services command, by running “shutdown -h”, or through instance failure. Pricing is per instance-hour consumed for each instance type. Partial instance-hours consumed are billed as full hours |
|
|
Term
| Amazon Simple Email Service |
|
Definition
| is a highly scalable and cost-effective email-sending service for businesses and developers. It integrates with other AWS services, making it easy to send emails from applications that are hosted on AWS. |
|
|
Term
| What is the one piece of information you do not provide with SWF? |
|
Definition
| Before designing a workflow or any activity, you must register at least one domain |
|
|
Term
| Do workflows have to be in the same domain in order to interact? True or False. |
|
Definition
|
|
Term
|
Definition
| program that receives activity tasks, performs them, and provides results back |
|
|
Term
| What is an activity worker? |
|
Definition
| program that receives activity tasks, performs them, and provides results back |
|
|
Term
|
Definition
| The decider schedules activity tasks, provides input data to the activity workers, processes events that arrive while the workflow is in progress, and ultimately ends (or closes) the workflow when the objective has been completed. |
|
|
Term
| Does AWS reserve the right if none of the following requests have been issued for more than 30 days? |
|
Definition
SendMessage
ReceiveMessage
DeleteMessage
GetQueueAttributes
SetQueueAttributes |
|
|
Term
| Does Dynamo DB have unlimited storage? |
|
Definition
|
|
Term
| What is the maximum key length? |
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| Allowed characters are letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - =. _ : / @. |
|
|
Term
| Where can a user find the details for an instance termination? |
|
Definition
| description tab under the label State transition reason |
|
|
Term
| What is the only recommendation for a bucket ACL? |
|
Definition
| Amazon S3 Log Delivery group to write access log objects to your bucket. |
|
|
Term
| What are you charged for with Dynamo DB? |
|
Definition
|
|
Term
|
Definition
| configures additional network interfaces that you attach while the instance is running, refreshes secondary IPv4 addresses during DHCP lease renewal, and updates the related routing rules. |
|
|
Term
| Will a user be charged for the volume even if the EBS backed instance has stopped running? |
|
Definition
|
|
Term
| What is a must have for an IAM policy? |
|
Definition
|
|
Term
|
Definition
| element is required and specifies whether the statement results in an allow or an explicit deny |
|
|
Term
|
Definition
| element to specify the user (IAM user, federated user, or assumed-role user), AWS account, AWS service, or other principal entity that is allowed or denied access to a resource. |
|
|
Term
|
Definition
| element specifies the object or objects that the statement covers |
|
|
Term
|
Definition
| lets you specify conditions for when a policy is in effect |
|
|
Term
| Subnets in a VPC have to be associated with exactly one route table? |
|
Definition
|
|
Term
| Reccomended device name for Windows? |
|
Definition
|
|
Term
| If a user wants a site to have a specific domain name instead of his account id they can create an alias. |
|
Definition
| create an alias for his AWS account ID |
|
|
Term
| ec2-modify-image-attribute |
|
Definition
| allows a user to share the AMI with his peers. |
|
|
Term
| SLA for provisioned IOPS 90% |
|
Definition
|
|
Term
| When should elastic IPs be used? |
|
Definition
| Because, when the user has attached more than one network interface with an instance, AWS cannot assign public IPs to the |
|
|
Term
| Device names for root volumes |
|
Definition
| For Paravirtual virtualization type /dev/sda1 is the reserved name and for HVM virtualization /dev/sda1 or /dev/xvda |
|
|
Term
| Both the back and front end protocols for an ELB should be the same |
|
Definition
|
|
