An organization has 500 employees. The organization wants to set up AWS access for each department. Which of the below mentioned options is a possible solution?

Create IAM groups based on the permission and assign IAM users to the groups

Create IAM roles based on the permission and assign users to each role

Create IAM users and provide individual permission to each

It is not possible to manage more than 100 IAM users with AWS

You are getting started with AWS and your manager wants things to remain simple yet secure. He wants management of engineers to be easy, and not re-invent the wheel every time someone joins your company. What will you do?

I'll create multiple IAM users and groups and assign policies to groups. New users will be added to groups

I'll create one IAM user and everyone will share the credentials

I'll create multiple IAM users, and assign each user their own policy

You have an Allow policy that grants permissions only when access is made from a specific Public IP address: 78.124.30.112 You have a Deny policy for all actions when access is not made from 85.154.120.55 What is the net effect if both these policies are attached to an IAM User and user is making a request from an EC2 instance with public IP address 85.154.120.55? There is no other policy attached to the IAM user.

Policy runs into default deny as there are no other matching Allows

User can access all services specified in Allow policy conditions

Policy runs into default allow as there is no other matching deny

You want to pass queue messages that are 1GB each. How should you achieve this?

Use the Amazon SQS Extended Client Library for Java and Amazon S3 as a storage mechanism for message bodies.

Use Kinesis as a buffer stream for message bodies. Store the checkpoint id for the placement in the Kinesis Stream in SQS.

Use SQS’s support for message partitioning and multi-part uploads on Amazon S3.

Use AWS EFS as a shared pool storage medium. Store file system pointers to the files on disk in the SQS message bodies.

Company ABCD has recently launched an online commerce site for bicycles on AWS. They have a “Product” DynamoDB table that stores details for each bicycle, such as, manufacturer, color, price, quantity and size to display in the online store. Due to customer demand, they want to include an image for each bicycle along with the existing details. Which approach below provides the least impact to provisioned throughput on the “Product” table?

Store the images in Amazon S3 and add an S3 URL pointer to the “Product” table item for each image

Serialize the image and store it in multiple DynamoDB tables

Create an “Images” DynamoDB table to store the Image with a foreign key constraint to the “Product” table

Add an image data type to the “Product” table to store the images in binary format

A new employee has just started work, and it is your job to give her administrator access to the AWS console. You have given her a user name, an access key ID, a secret access key, and you have generated a password for her. She is now able to log in to the AWS console, but she is unable to interact with any AWS services. What should you do next?

Grant her Administrator access by adding her to the Administrators' group.

Require multi-factor authentication for her user account.

Ensure she is logging in to the AWS console from your corporate network and not the normal internet.

Tell her to log out and try logging back in again.

You have developed a new web application in the US-West-2 Region that requires six Amazon Elastic Compute Cloud (EC2) instances to be running at all times. US-West-2 comprises three Availability Zones (us-west-2a, us-west-2b, and us-west-2c). You need 100 percent fault tolerance: should any single Availability Zone in us-west-2 become unavailable, the application must continue to run. How would you make sure 6 servers are ALWAYS available? NOTE: each answer has 2 possible deployment configurations. Select the answer that gives TWO satisfactory solutions to this scenario.

us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances. Solution 2: us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances.

us-west-2a with two EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances. Solution 2: us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances.

us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with no EC2 instances. Solution 2: us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances.

us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances. Solution 2: us-west-2a with four EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances.

A web application currently has four EC2 instances receiving traffic from Elastic Load Balancer. Sticky session is enabled on the load balancer. Each EC2 instance is capable of processing 1000 requests/second. Depending on the request rate, your autoscaling policy maintains enough instances. Total requests suddenly spike to 6,000 requests per second (around 1500 per server). Autoscaling group responds to the situation by adding 2 additional servers. What will happen to the client requests?

Requests from existing clients may still be routed to only four servers

New servers would receive 500 requests each and existing servers would receive 1000 requests each

Sticky session is not enforced when new instances are launched

You want to put restrictions in a S3 bucket so that only your EC2 instances can access the bucket. EC2 instances access S3 bucket using a VPC endpoint. What condition can you use in the S3 Bucket Policy to restrict access?

Public IP Address of EC2 instances

Private IP Address of EC2 instance

Your application demand is stable, and you are not expecting any changes in demand soon. There are six EC2 instances currently handling all the requests. Given this scenario would you still use auto scaling?

Auto scaling can monitor health of your instances and replace them if they are not healthy

Auto scaling is used for scenarios where the demand changes are unpredictable

Auto scaling is used for scenarios where the demand changes are time based

Auto scaling is used for scenarios to manage large fleet of instances

Your company is using S3 for storing hundreds of thousands of images. These images are critical for company operations. Images are accessed frequently during the first 30 days and they need to be immediately accessible for the first 90 days. Images older than 90 days are rarely accessed and customers can wait several hours before they are made available. What is lowest cost solution that you would recommend for this requirement?

Store image in S3 Standard for first 30 days, then transition to S3 Standard-Infrequent Access, and for images older than 90 days, transition to Glacier

Store image in S3 Standard for first 90 days and then transition to Glacier

Use S3 Standard-Infrequent Access

Store image in S3 standard for first 30 days, then transition to S3 One Zone-Infrequent Access, and for images older than 90 days, transition to Glacier

For your EC2 instance, you have an inbound rule in a security group that allows traffic to ports 80 and 443 from 10.2.50.60/32. You have another security group that is attached to the same instance and this group contains an inbound rule that allows port 80 and 443 access from anywhere. What is the net effect of these two security groups?

Port 80 and 443 requests is allowed from anywhere

Port 80 and 443 request Access is allowed only from the 10.2.50.60

Port 80 and 443 request access is allowed only from the subnet containing 10.2.50.60

Behavior is undefined and you cannot set a policy like this Bottom of Form

Your EC2 instance security group allows all inbound traffic on port 2500. Security group does not have any outbound rules specified. Your web application running on that instance is listening on port 2500. What is the behavior you will observe?

Application can receive the request and respond back

Application can receive the request but cannot respond

You would need to update route table to allow traffic on port 2500 for your application

You have a fleet of hundreds of EC2 instances. If there are problems with AWS managed items like Physical host, network connectivity to host, and system power, how would you be able to track it?

Either System or Instance status checks can be used

Two EC2 instances are located in different availability zones in your VPC. These instances communicate with each other using private IPv4 address. How does AWS calculate data transfer charges for this scenario?

Intra region data transfer pricing applies

Inter region data transfer pricing applies

Private IP address cannot be used for communication across Availability Zones

You are a solutions architect working for a large engineering company that are moving from a legacy infrastructure to AWS. You have configured the company's first AWS account and you have set up IAM. Your company is based in Andorra, but there will be a small subsidiary operating out of South Korea, so that office will need its own AWS environment. Which of the following statements is true?

You will need to configure Users and Policy Documents only once, as these are applied globally.

You will then need to configure Users and Policy Documents for each region, respectively.

You will need to configure your users regionally, however your policy documents are global.

You will need to configure your policy documents regionally, however your users are global.

AWS Quiz - IAM_S3_EC2

Authored by Akshay Balagoni

Other

Professional Development

Used 5+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

30 questions

Show all answers

MULTIPLE CHOICE QUESTION

15 mins • 1 pt

An organization has hosted an application on the EC2 instances. There will be multiple users connecting to the instance for setup and configuration of application. The organization is planning to implement certain security best practices. Which of the below mentioned pointers will not help the organization achieve better security arrangement?

Apply the latest patch of OS and always keep it updated.

Allow only IAM users to connect with the EC2 instances with their own secret access key.

Disable the password-based login for all the users. All the users should use their own keys to connect with the instance securely.

Create a procedure to revoke the access rights of the individual user when they are not required to connect to EC2 instance anymore for the purpose of application configuration.

MULTIPLE CHOICE QUESTION

15 mins • 1 pt

An organization is planning to create a user with IAM. They are trying to understand the limitations of IAM so that they can plan accordingly. Which of the below mentioned statements is not true with respect to the limitations of IAM?

One IAM user can be a part of a maximum of 5 groups

Organization can create 100 groups per AWS account

One AWS account can have a maximum of 5000 IAM users

One AWS account can have 250 roles

MULTIPLE CHOICE QUESTION

15 mins • 1 pt

A company needs to deploy services to an AWS region which they have not previously used. The company currently has an AWS identity and Access Management (IAM) role for the Amazon EC2 instances, which permits the instance to have access to Amazon DynamoDB. The company wants their EC2 instances in the new region to have the same privileges. How should the company achieve this?

Create a new IAM role and associated policies within the new region

Assign the existing IAM role to the Amazon EC2 instances in the new region

Copy the IAM role and associated policies to the new region and attach it to the instances

Create an Amazon Machine Image (AMI) of the instance and copy it to the desired region using the AMI Copy feature

MULTIPLE SELECT QUESTION

15 mins • 1 pt

Your organization is preparing for a security assessment of your use of AWS. In preparation for this assessment, which two IAM best practices should you consider implementing? Choose 2 answers

Create individual IAM users for everyone in your organization

Configure MFA on the root account and for privileged IAM users

Assign IAM users and groups configured with policies granting least privilege access

Ensure all users have been assigned and are frequently rotating a password, access ID/secret key, and X.509 certificate

MULTIPLE CHOICE QUESTION

15 mins • 1 pt

An organization has created 50 IAM users. The organization has introduced a new policy which will change the access of an IAM user. How can the organization implement this effectively so that there is no need to apply the policy at the individual user level?

Use the IAM groups and add users as per their role to different groups and apply policy to group

The user can create a policy and apply it to multiple users in a single go with the AWS CLI

Add each user to the IAM role as per their organization role to achieve effective policy setup

Use the IAM role and implement access at the role level

MULTIPLE SELECT QUESTION

15 mins • 1 pt

When assessing an organization AWS use of AWS API access credentials which of the following three credentials should be evaluated? Choose 3 answers

Key pairs

Console passwords

Access keys

Signing certificates

Security Group memberships (required for EC2 instance access)

MULTIPLE SELECT QUESTION

15 mins • 1 pt

Your organization’s security policy requires that all privileged users either use frequently rotated passwords or one-time access credentials in addition to username/password. Which two of the following options would allow an organization to enforce this policy for AWS users? Choose 2 answers

Configure multi-factor authentication for privileged IAM users

Create IAM users for privileged accounts

Implement identity federation between your organization’s Identity provider leveraging the IAM Security Token Service

Enable the IAM single-use password policy option for privileged users

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

25 questions

Vigilance Awareness Week 2022- Quiz

Quiz

•

Professional Development

25 questions

PPDHS : MODUL 4 PERSEKITARAN PEMBELAJARAN PROFESIONAL

Quiz

•

Professional Development

25 questions

Safety

Quiz

•

Professional Development

25 questions

Identifying kitchen tools and equipment

Quiz

•

KG - Professional Dev...

25 questions

0303 INVENTORY MANAGEMENT OPERATIONS IMAC

Quiz

•

Professional Development

25 questions

Kuiz Around The World

Quiz

•

Professional Development

25 questions

Lili’s Bible Quiz

Quiz

•

Professional Development

31 questions

SJFC Euro 2020 Quiz

Quiz

•

KG - Professional Dev...

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

29 questions

Alg. 1 Section 5.1 Coordinate Plane

Quiz

•

9th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

11 questions

FOREST Effective communication

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Other

15 questions

LOTE_SPN2 5WEEK3 Day 2 Itinerary

Quiz

•

Professional Development

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

20 questions

90s Cartoons

Quiz

•

Professional Development

42 questions

LOTE_SPN2 5WEEK2 Day 4 We They Actividad 3

Quiz

•

Professional Development

6 questions

Copy of G5_U6_L3_22-23

Lesson

•

KG - Professional Dev...

20 questions

Employability Skills

Quiz

•

Professional Development