AWS certification ACTUAL QUESTIONS
AND CORRECT ANSWERS
A new employee has just started work, and it is your job to give her
administrator access to the AWS console. You have given her a user name, an
access key ID, a secret access key, and you have generated a password for her.
She is now able to log in to the AWS console, but she is unable to interact with
any AWS services. What should you do next? - CORRECT ANSWERS
Grant her Administrator access by adding her to the Administrators'
group.
What is the default level of access a newly created IAM User is granted? -
CORRECT ANSWERS No access to any AWS services.
You are a solutions architect working for a large engineering company who are
moving from a legacy infrastructure to AWS. You have configured the
company's first AWS account and you have set up IAM. Your company is based
in Andorra, but there will be a small subsidiary operating out of South Korea, so
that office will need its own AWS environment. Which of the following
statements is true? - CORRECT ANSWERS You will need to configure
Users and Policy Documents only once, as these are applied globally.
Which statement best describes IAM? - CORRECT ANSWERS IAM
allows you to manage users, groups, roles, and their corresponding level of
access to the AWS Platform.
You have created a new AWS account for your company, and you have also
configured multi-factor authentication on the root account. You are about to
create your new users. What strategy should you consider in order to ensure that
there is good security on this account. - CORRECT ANSWERS Enact a
strong password policy: user passwords must be changed every 45 days, with
each password containing a combination of capital letters, lower case letters,
numbers, and special symbols.
,Which of the following is not a component of IAM? - CORRECT ANSWERS
Organizational Units
What is an additional way to secure the AWS accounts of both the root account
and new users alike? - CORRECT ANSWERS Implement Multi-Factor
Authentication for all accounts.
In what language are policy documents written? - CORRECT ANSWERS
JSON
You have a client who is considering a move to AWS. In establishing a new
account, what is the first thing the company should do? - CORRECT
ANSWERS Set up an account using their company email address.
What level of access does the "root" account have? - CORRECT ANSWERS
Administrator Access
When you create a new user, that user ________. - CORRECT ANSWERS
Will be able to interact with AWS using their access key ID and secret
access key using the API, CLI, or the AWS SDKs.
Which of the following is not a feature of IAM? - CORRECT ANSWERS
IAM allows you to setup biometric authentication, so that no passwords
are required.
You are a security administrator working for a hotel chain. You have a new
member of staff who has started as a systems administrator, and she will need
full access to the AWS console. You have created the user account and
generated the access key id and the secret access key. You have moved this user
into the group where the other administrators are, and you have provided the
new user with their secret access key and their access key id. However, when
she tries to log in to the AWS console, she cannot. Why might that be? -
, CORRECT ANSWERS You cannot log in to the AWS console using the
Access Key ID / Secret Access Key pair. Instead, you must generate a password
for the user, and supply the user with this password and your organization's
unique AWS console login URL.
Power User Access allows ________. - CORRECT ANSWERS Access
to all AWS services except the management of groups and users within IAM.
You are a developer at a fast growing start up. Until now, you have used the root
account to log in to the AWS console. However, as you have taken on more
staff, you will now need to stop sharing the root account to prevent accidental
damage to your AWS infrastructure. What should you do so that everyone can
access the AWS resources they need to do their jobs? (Select 2) - CORRECT
ANSWERS Create individual user accounts with minimum necessary
rights and tell the staff to log in to the console using the credentials provided.
Create a customized sign in link such as
"yourcompany.signin.aws.amazon.com/console" for your new users to use to
sign in with.
What is an AWS region? - CORRECT ANSWERS A region is a
geographical area divided into Availability Zones. Each region contains at least
two Availability Zones.
What is a VPC? - CORRECT ANSWERS Virtual Private Cloud
You need to supply auditors with logs showing which Users provisioned given
resources on your AWS infrastructure. Which service would best satisfy this
need? - CORRECT ANSWERS CloudTrail
Which AWS service offers durable storage for flat files? - CORRECT
ANSWERS S3
AND CORRECT ANSWERS
A new employee has just started work, and it is your job to give her
administrator access to the AWS console. You have given her a user name, an
access key ID, a secret access key, and you have generated a password for her.
She is now able to log in to the AWS console, but she is unable to interact with
any AWS services. What should you do next? - CORRECT ANSWERS
Grant her Administrator access by adding her to the Administrators'
group.
What is the default level of access a newly created IAM User is granted? -
CORRECT ANSWERS No access to any AWS services.
You are a solutions architect working for a large engineering company who are
moving from a legacy infrastructure to AWS. You have configured the
company's first AWS account and you have set up IAM. Your company is based
in Andorra, but there will be a small subsidiary operating out of South Korea, so
that office will need its own AWS environment. Which of the following
statements is true? - CORRECT ANSWERS You will need to configure
Users and Policy Documents only once, as these are applied globally.
Which statement best describes IAM? - CORRECT ANSWERS IAM
allows you to manage users, groups, roles, and their corresponding level of
access to the AWS Platform.
You have created a new AWS account for your company, and you have also
configured multi-factor authentication on the root account. You are about to
create your new users. What strategy should you consider in order to ensure that
there is good security on this account. - CORRECT ANSWERS Enact a
strong password policy: user passwords must be changed every 45 days, with
each password containing a combination of capital letters, lower case letters,
numbers, and special symbols.
,Which of the following is not a component of IAM? - CORRECT ANSWERS
Organizational Units
What is an additional way to secure the AWS accounts of both the root account
and new users alike? - CORRECT ANSWERS Implement Multi-Factor
Authentication for all accounts.
In what language are policy documents written? - CORRECT ANSWERS
JSON
You have a client who is considering a move to AWS. In establishing a new
account, what is the first thing the company should do? - CORRECT
ANSWERS Set up an account using their company email address.
What level of access does the "root" account have? - CORRECT ANSWERS
Administrator Access
When you create a new user, that user ________. - CORRECT ANSWERS
Will be able to interact with AWS using their access key ID and secret
access key using the API, CLI, or the AWS SDKs.
Which of the following is not a feature of IAM? - CORRECT ANSWERS
IAM allows you to setup biometric authentication, so that no passwords
are required.
You are a security administrator working for a hotel chain. You have a new
member of staff who has started as a systems administrator, and she will need
full access to the AWS console. You have created the user account and
generated the access key id and the secret access key. You have moved this user
into the group where the other administrators are, and you have provided the
new user with their secret access key and their access key id. However, when
she tries to log in to the AWS console, she cannot. Why might that be? -
, CORRECT ANSWERS You cannot log in to the AWS console using the
Access Key ID / Secret Access Key pair. Instead, you must generate a password
for the user, and supply the user with this password and your organization's
unique AWS console login URL.
Power User Access allows ________. - CORRECT ANSWERS Access
to all AWS services except the management of groups and users within IAM.
You are a developer at a fast growing start up. Until now, you have used the root
account to log in to the AWS console. However, as you have taken on more
staff, you will now need to stop sharing the root account to prevent accidental
damage to your AWS infrastructure. What should you do so that everyone can
access the AWS resources they need to do their jobs? (Select 2) - CORRECT
ANSWERS Create individual user accounts with minimum necessary
rights and tell the staff to log in to the console using the credentials provided.
Create a customized sign in link such as
"yourcompany.signin.aws.amazon.com/console" for your new users to use to
sign in with.
What is an AWS region? - CORRECT ANSWERS A region is a
geographical area divided into Availability Zones. Each region contains at least
two Availability Zones.
What is a VPC? - CORRECT ANSWERS Virtual Private Cloud
You need to supply auditors with logs showing which Users provisioned given
resources on your AWS infrastructure. Which service would best satisfy this
need? - CORRECT ANSWERS CloudTrail
Which AWS service offers durable storage for flat files? - CORRECT
ANSWERS S3
