What are the valid methodologies for encrypting data on S3?
- x SSE-S3, SSE-C, SSE-KMS, Client Library such as S3 Encryption Client
- SSE-S3, SSE-A, SSE-KMS, Client Library such as S3 Encryption Client
- SSE-S3, SSE-C, SSE-SSL, Client Library such as S3 Encryption Client
- SSE-S3, SSE-C, SSE-SSL, Server Library such as S3 Encryption Client
In Identity and Access Management, when you first create a new user, certain security credentials are automatically generated. Which of the below are valid security credentials?
- Access Key ID, Authorized Key
- Private Key, Secret Access Key
- Private Key, Authorized Key
- x Access Key ID, Secret Access Key
Amazon Web Services offer 3 different levels of support, which of the below are valid support levels.
- Corporate, Business, Developer
- x Enterprise, Business, Developer
- Enterprise, Business, Free-Tier
- Enterprise, Company, Free-Tier
You are a solutions architect working for a large digital media company. Your company is migrating their production estate to AWS and you are in the process of setting up access to the AWS console using Identity Access Management (IAM). You have created 5 users for your system administrators. What further steps do you need to take to enable your system administrators to get access to the AWS console?
- Generate an access key and Secret Access Key and give to them
- Enable MFA on their accounts and define a password policy
- x Generate a password for each user and give to them
- Give the admins the secret access key and access key id, and tell them to use these when logging in.
Amazon S3 buckets in all Regions provide which of the following?
- Read-After-Write consistency for PUTS of New Objects and Strongly Consistent for POST and DELETES
- Read-After-Write consistency for POST of New Objects and Eventually Consistent for overwrite PUTS and DELETES
- x Read-After-Write consistency for PUTS of New Objects and Eventually Consistent for overwrite PUTS and DELETES
- Read-After-Write consistency for POST of New Objects and Strongly Consistent for POST and DELETES
What function of an AWS VPC is stateless?
- Security Groups
- ELBs
- x Network ACLs
- EC2
Which of the following services allows you root access (ie you can login using SSH)?
- ELB
- x EMR
- ElastiCache
- RDS
When trying to grant an amazon account access to S3 using access control lists what method of identification should you use to identify that account with?
- x The email address of the account or canonical user id
- The AWS account number
- The ARN
- An email address with a 2FA Token
You are a solutions architect working for a large oil and gas company. Your company runs their production environment on AWS and has a custom VPC. The VPC contains 3 subnets, 1 of which is public and the other 2 are private. Inside the public subnet is a fleet of EC2 instances which are the result of an autoscaling group. All EC2 instances are in the same security group. Your company has created a new custom application which connects to mobile devices using a custom port. This application has been rolled out to production and you need to open this port globally to the internet. What steps should you take to do this, and how quickly will the change occur?
- Open the port on the ACL, will work after reboot
- Open the port on the ACL, will work after immediately
- x Open the port on the Security Group, will work after immediately
- Open the port on the ACL, will work after TTL
Which of the following is not supported by AWS Import/Export?
- Import to S3
- Export from S3
- Import to EBS
- Import to Glacier
- x Export to Glacier
Which of the following is not a service of the security category of the AWS trusted advisor service?
- Security Groups – specify ports unrestricted
- MFA on root account
- IAM use
- x Vulnerability scans on existing VPCs
You work for a market analysis firm who are designing a new environment. They will ingest large amounts of market data via Kinesis and then analyse this data using Elastic Map Reduce. The data is then imported in to a high performance NoSQL Cassandra database which will run on EC2 and then be accessed by traders from around the world. The database volume itself will sit on 2 EBS volumes that will be grouped into a RAID 0 volume. They are expecting very high demand during peak times, with an IOPS performance level of approximately 15,000. Which EBS volume should you recommend?
- Magnetic
- General Purpose SSD
- x Provisioned IOPs
- Turbo IOPs
What are the different types of virtualization available on EC2?
- Psudeo-Virtual (PS) and Hardware Virtual Module (HSM)
- x Para-Virtual (PS) and Hardware Virtual Machine (HSM)
- Psudeo-Virtual (PS) and Hardware Virtual Machine (HSM)
- Para-Virtual (PS) and Hardware Virtual Module (HSM)
Which of the following is not a valid configuration type for AWS Storage gateway.
- x Gateway-accessed volumes
- Gateway-cached volumes
- Gateway-stored volumes
- Gateway-Virtual Tape Library
You have started a new role as a solutions architect for an architectural firm that designs large sky scrapers in the Middle East. Your company hosts large volumes of data and has about 250Tb of data on internal servers. They have decided to store this data on S3 due to the redundancy offered by it. The company currently has a telecoms line of 2Mbps connecting their head office to the internet. What method should they use to import this data on to S3 in the fastest manner possible.
- Upload directly to S3
- Purchase AWS Direct Connect and xfer after install
- AWS DataPipe line
- AWS Import/Export
You are designing a site for a new start up which generates cartoon images for people automatically. Customers will log on to the site, upload an image which is stored in S3. The application then passes a job to AWS SQS and a fleet of EC2 instances poll the queue to receive new processing jobs. These EC2 instances will then turn the picture in to a cartoon and will then need to store the processed job somewhere. Users will typically download the image once (immediately), and then never download the image again. What is the most commercially feasible method to store the processed images?
- Rather than S3, store the images as blobs on RDS with Multi-AZ configured for redundancy
- x S3 RRS and create a lifecycle policy to delete the image after 24 hours.
- Glacier
- EBS
You are hosting a website in Ireland called aloud.guru and you decide to have a static DR site available on S3 in the event that your primary site would go down. Your bucket name is also called “acloudguru”. What would be the S3 URL of the static website?
- x https://acloudguru.s3-website-eu-west-1.amazonaws.com
- https://s3-eu-east-1.amazonaws.com/acloudguru
- https://acloudguru.s3-website-us-east-1.amazonaws.com
- https://s3-eu-central-1.amazonaws.com/acloudguru
Which of the following is NOT a valid SNS subscribers?
- Lambda
- x SWF
- SQS
- HTTPS
- SMS
You are appointed as your company’s Chief Security Officer and you want to be able to tack all changes made to your AWS environment, by all users and at all times, in all regions. What AWS service should you use to achieve this?
- CloudAudit
- CloudWatch
- x CloudTrail
- CloudDetective
What you should review
- You are a solutions architect working for a large digital media company. Your company is migrating their production estate to AWS and you are in the process of setting up access to the AWS console using Identity Access Management (IAM). You have created 5 users for your system administrators. What further steps do you need to take to enable your system administrators to get access to the AWS console?
- Amazon S3 buckets in all Regions provide which of the following?
- Which of the following services allows you root access (ie you can login using SSH)?
- When trying to grant an amazon account access to S3 using access control lists what method of identification should you use to identify that account with?
- Which of the following is not supported by AWS Import/Export?
- Which of the following is not a service of the security category of the AWS trusted advisor service?
- Which of the following is NOT a valid SNS subscribers?