AWS Cloud Practitioner

What is an IAM User?

An IAM User is an entity representing a person or service that interacts with AWS.

What is an IAM Role?

Am IAM Role is a set of temporary permissions that can be assumed by users or applications.

What is an IAM Group?

An IAM Group is a collection of IAM users that share the same permissions.

What is a SCP?

A SCP is a document that defines permissions in JSON format.

What is MFA?

MFA is a security feature that requires more than one method of verification for access.

What does “Use Groups” mean?

Use Groups are assigning permissions to multiple users at once for easier management.

What does “Least Privilege” mean?

Granting only the necessary permissions for users to perform their tasks.

What does “Regularly Review” mean?

Conducting audits of IAM configurations to ensure compliance and security.

What does “Strong Passwords” mean?

Enforcing policies that require complex and secure passwords.

What does “Avoid Root Account” mean?

Minimizing the use of the root account for everyday tasks to reduce risk.

Which aspects are important when managing IAM users?

Enforcing strong password policies to enhance account security and regularly auditing user access to ensure compliance and security.

What are some benefits of using IAM roles in AWS? 

IAM roles help reduce the need for embedding credentials in application code and IAM roles provide temporary security credentials that can be used by applications or services.

What is the primary purpose of IAM policies in AWS?

IAM policies define permissions that dictate what actions are allowed or denied on AWS resources.

What is true about IAM Roles?

IAM roles can be assumed temporarily by users or applications to obtain permissions.

Which practice regarding IAM User Management is recommended?

Regularly review IAM configurations to maintain security and compliance.

What is a key feature of Multi-Factor Authentication (MFA) in IAM?

MFA adds an extra layer of security by requiring more than one form of verification.

What is the main advantage of using IAM groups in AWS?

The use of IAM Groups allows for easier management of permissions by applying the same permissions to multiple users at once.

What does the Version element in an IAM policy specify?

The version of the policy language being used in the document.

What is a key characteristic of IAM roles?

Roles provide temporary security credentials that can be assumed by users or applications.

What is the primary purpose of the Effect element in an IAM policy?

An Effect element specifies whether the actions in the policy are allowed or denied.

What is the primary function of IAM groups in AWS?

IAM Groups simplify permission management by allowing the same permissions to be assigned to multiple users at once.

What does the Action element in an IAM policy specify?

The specific AWS actions that are allowed or denied by the policy.

What is the purpose of the Condition element in an IAM policy?

A Condition element specifes conditions under which the policy's permissions apply.

What does the principle of least privilege encourage in AWS IAM?

Granting users only the permissions necessary to perform their specific tasks to minimize security risks.

What is the primary purpose of IAM policies in AWS?

To define permissions that dictate what actions are allowed or denied on AWS resources.

What is the main benefit of using IAM groups in AWS?

Groups allow for easier management of permissions by applying the same permissions to multiple users at once

Which practices enhance security in AWS IAM?

Regularly auditing IAM configurations to ensure compliance, enforcing strong password policies for all users, enabling Multi-Factor Authentication for all IAM users

What are some advantages of IAM Roles?

IAM roles help reduce the risk of credential exposure in applications and can be assumed by applications to obtain temporary permissions

What are the main benefits of using IAM groups in AWS?

IAM groups can contain users from different departments, enabling flexible access control and simplify permission management by allowing bulk assignment of permissions

In AWS IAM, what is the purpose of the Resource element in a policy?

It specifies the Amazon Resource Name (ARN) of the AWS resources the policy applies to.

What is the main purpose of AWS Identity and Access Management (IAM)?

To manage access to AWS resources by defining users, groups, roles, and permissions.

How IAM policies are structured?

IAM policies are written in JSON format and consist of a set of statements that define permissions.

Mention some statements which describe IAM Policies

Policies define permissions in JSON format and can specify actions, resources, and effects and can include conditions that determine when the permissions apply.

What is the primary advantage of using IAM roles for applications running on EC2 instances?

IAM roles provide temporary security credentials without needing to embed sensitive information in application code.

What is true regarding the Operational Excellence pillar?

The Operation Excellence pillar includes automation of changes and process improvement and it emphasizes effective monitoring and incident management

Mention some ideas emphasized in the Reliability pillar of the AWS Well-Architected Framework

Foundations for system resilience and recovery planning to meet demand

What is the primary purpose of the AWS Well-Architected Framework?

The purpose of the AWS Well-Architected Framework is to design and operate secure, high-performing, resilient, and efficient systems in the cloud

In the AWS Well-Architected Framework, which pillar is primarily concerned with protecting data and systems?

Security

What is a key principle emphasized in the Reliability pillar of the AWS Well-Architected Framework?

The Reliability pillar ensures the ability to recover from failures

Which concept is essential for organizations to consider when making architectural decisions in the AWS Well-Architected Framework?

Trade-offs between different pillars

What does the Continuous Improvement concept in the AWS Well-Architected Framework encourage?

Regularly reviewing and enhancing architectural practices

Which concepts are essential within the AWS Well-Architected Framework?

Context Matters highlights the need to adapt the framework to specific business requirements and continuous Improvement encourages ongoing evaluation of architecture.

Which areas are emphasized in the Performance Efficiency pillar of the AWS Well-Architected Framework?

Monitoring performance metrics to optimize resource utilization and efficient use of computing resources.

What is one of the key areas of focus in the Operational Excellence pillar of the AWS Well-Architected Framework?

Automating changes and improving processes

What is a primary goal of the Reliability pillar in the AWS Well-Architected Framework?

To recover from failures and maintain system availability

What does the Cost Optimization pillar primarily aim to achieve?

Avoiding unnecessary costs

Which principles are crucial within the AWS Well-Architected Framework?

Trade-offs involve understanding the impact of decisions across different pillars and best practices are guidelines recommended by AWS for optimal architecture.

Mention some statements of the Cost Optimization pillar of the AWS Well-Architected Framework

It focuses on avoiding unnecessary costs in resource management and encourages organizations to continually assess and adjust their spending patterns.

What does “Trade-offs” mean in the AWS Well-Architected Framework?

Understanding the impact of decisions across different pillars

What does “Continuous Improvement” mean in the AWS Well-Architected Framework?

Regularly reviewing and enhancing architecture

What does “Best Practices” mean in the AWS Well-Architected Framework?

Recommended guidelines by AWS for optimal architecture

What does “Context Matters” mean in the AWS Well-Architected Framework?

Applying the framework to specific business requirements

What is a key component of the Reliability pillar within the AWS Well-Architected Framework?

Recovery Planning

Which concept in the AWS Well-Architected Framework encourages organizations to regularly assess and improve their architecture?

Continuous Improvement

Which pillars of the AWS Well-Architected Framework focus on efficient resource management?

Performance Efficiency and Cost Optimization

What is the primary focus of the Security pillar in the AWS Well-Architected Framework?

Protecting information, systems, and assets

What is a key area of focus in the Operational Excellence pillar?

Automating changes and improving processes

What is the primary benefit of using the AWS Well-Architected Framework for cloud architects?

It provides guidelines for building secure and efficient cloud architectures.

What is a key focus area of the Security pillar in the AWS Well-Architected Framework?

Implementing identity and access management controls.

When considering Performance Efficiency, what should organizations focus on according to the AWS Well-Architected Framework?

Optimizing resource utilization based on workload demands.

What does the Cost Optimization pillar encourage organizations to do?

Regularly assess and adjust spending to avoid unnecessary costs.

Which concepts are integral to the Cost Optimization pillar of the AWS Well-Architected Framework?

Regularly reviewing and adjusting resource usage based on cost metrics and matching supply to demand as a strategy to reduce costs.

What does “Understand your impact” mean in the context of the Sustainability pillar?

“Understand your impact” means measuring the impact of your cloud workload and model the future impact of your workload.

What does “Establish sustainability goals” mean in the context of the Sustainability pillar?

“Establish sustainability goals” means that for each cloud workload, establish long-term sustainability goals such as reducing the compute and storage resources required per transaction

What does “Maximize utilization” mean in the context of the Sustainability pillar?

“Maximize utilization” means the right-size workloads and implement efficient design to verify high utilization and maximize the energy efficiency of the underlying hardware

What does “Anticipate and adopt new, more efficient hardware and software offerings” mean in the context of the Sustainability pillar?

“Anticipate and adopt new, more efficient hardware and software offerings” means supporting the upstream improvements your partners and suppliers make to help you reduce the impact of your cloud workloads

What does “Use managed services” mean in the context of the Sustainability pillar?

“Use managed services” means sharing services across a broad customer base helps maximize resource utilization, which reduces the amount of infrastructure needed to support cloud workloads

What does “Reduce the downstream impact of your cloud workloads” mean in the context of the Sustainability pillar?

“Reduce the downstream impact of your cloud workloads” means reducing the amount of energy or resources required to use your services

What is the EBS?

EBS is the persistent storage that remains available when instances are stopped

What is Instance Store?

Instance store is a temporary storage lost when the instance is stopped or terminated

What is Amazon S3?

Amazon S3 is an object storage with high durability and availability

What is Amazon EFS?

Amazon EFS is a fully managed file storage for use with EC2 instances

What is FSx for Windows?

FSx is a managed Windows file system for shared storage

What is the primary role of Amazon Elastic Load Balancing (ELB) in EC2?

The main role of ELB is to distribute incoming application traffic across multiple EC2 instances for improved availability

Which statement best describes the "Terminate" operation for an EC2 instance?

Teminating an instance means that it permanently deletes the instance and associated resources, and the data on EBS volumes is retained if configured to do so

What is the advantage of using Amazon EC2 Spot Instances?

Users can bid on unused EC2 capacity, often resulting in lower costs compared to On-Demand pricing

What is a key feature of Amazon EC2 Security Groups?

EC2 Security Groups act as virtual firewalls to control inbound and outbound traffic for EC2 instances

What is the purpose of Amazon Machine Images (AMIs) when launching EC2 instances?

AMIs serve as templates that contain an operating system and applications needed to launch instances

Which Amazon EC2 feature allows you to automatically increase or decrease the number of running instances?

Auto Scaling

What is the primary function of Amazon Elastic Block Storage (EBS)?

EBS provides persistent block storage volumes that can be attached to EC2 instances

Mention some characteristics of Amazon EC2

EC2 allows for scalable computing capacity in the cloud and users can bid on unused EC2 capacity with Spot Instances. Amazon EC2 supports both Linux and Windows operating systems and can be used for web hosting, application servers, and big data processing.

What is the order of EC2 lifecycle instances?

Launch, connect, reboot, stop/start, terminate

What is the function of Auto Scaling in Amazon EC2?

Auto Scaling automatically adjusts the number of running instances based on demand

Which cases are valid for Amazon EC2?

EC2 can be used to host web applications and services and perform data analysis and big data processing

What is the primary benefit of using Reserved Instances in Amazon EC2?

Using Reserved Instances means significant discounts for long-term commitments to using EC2 capacity

What is the main characteristic of Spot Instances in Amazon EC2?

Users can bid on unused EC2 capacity at potentially lower prices

Which statement correctly describes the lifecycle of an EC2 instance?

Instances can be launched, connected, stopped, started, rebooted, and terminated

What does “S3 Versioning” mean in Amazon S3?

Keeps multiple variants of an object in the same bucket

What does “S3 Lifecycle” mean in Amazon S3?

Simplifies data access management at scale for shared datasets

What does “S3 Intelligent-Tiering” mean in Amazon S3?

S3 Intelligent-Tiering optimizes storage costs by automatically moving data based on access patterns

What does “S3 Access Points” mean in Amazon S3?

S3 Access Points configure automatic transitions of objects between storage classes

What does “S3 Object Lock” mean in Amazon S3?

S3 Object Lock prevents deletion or overwriting of objects for compliance purposes

What feature of Amazon S3 allows you to keep multiple versions of an object in the same bucket?

S3 Versioning

Which Amazon S3 storage class is optimized for frequently accessed data?

S3 Standard

What is the primary benefit of using S3 Intelligent-Tiering?

It optimizes storage costs by automatically moving data between access tiers

Which feature of Amazon S3 is specifically designed to protect data from being deleted or modified for compliance?

S3 Object Lock

What is the order of Amazon S3 storage classes from the highest cost per GB to the lowest cost per GB?

S3 Standard, S3 Standard-IA, S3 Glacier Flexible Retrieval, S3 Glacier Deep Archive

What is the main purpose of S3 Glacier in Amazon S3?

To provide low-cost archival storage for data that is rarely accessed

Which feature of Amazon S3 allows you to automate the process of transitioning objects to different storage classes based on predefined rules?

S3 Lifecycle Management

What is the primary benefit of using S3 Object Lambda?

S3 Object Lambda modifes data as it is retrieved from S3 during GET requests