AWS Quest 1 Level 2

Question 1

what is a “Root User”?

Answer 1

a single sign-in identity that has complete access to all AWS services and resource in an account

Question 2

what are some Root User powers?

Answer 2

change your account settings
restore IAM user permissions
activate IAM access to the Billing and Cost Management console
view tax invoices
close your AWS account
change your AWS Support plan
cancel your AWS Support plan
see IAM for AWS Support
register as a seller
configure an Amazon S2 bucket Multi-Factor Authentication Delete
edit or delete an Amazon S3 bucket policy
sign up for GovCLoud

Question 3

should you use the Root User as the main account?

Answer 3

no

create an IAM user for yourself, give yourself admin rights, and don’t touch Root User for routine tasks

Question 4

can you create rotate, disable or delete access keys for your AWS account Root User?

Answer 4

yes

Question 5

how long is an Access Key?

Answer 5

20 digits, and it is alphanumeric

Question 6

how many Access Keys can you have for each IAM user?

Answer 6

2

Question 7

what does IAM stand for?

Answer 7

Identity and Access Management

Question 8

how many Access Keys can you assign to each Root User?

Answer 8

2

Question 9

how should you handle security for your IAM accounts?

Answer 9

assign permissions to groups and then assign users to groups

Question 10

what level of security should each user have?

Answer 10

the lowest level of security necessary to accomplish the task

Question 11

what kind of policies are designed to provide permissions for many common use cases?

Answer 11

AWS Managed Policies
they are created and administered by AWS
they have their own Amazon Resource Name (ARN) that includes the policy name

Question 12

who updates AWS Managed Policies?

Answer 12

only AWS

Question 13

who updates Custom Managed Policies?

Answer 13

you do, through your AWS account

Question 14

what is an Inline Policy?

Answer 14

it’s a policy that is stuck to, or embedded into, an IAM identity

Question 15

name the 5 AWS Managed Policy features

Answer 15

1. reusable: use it on any user, group, or role
2. central change management: a change on the policy will update the permission of everyone who has the policy
3. versioning and rolling back: changing a Custom Managed Policy changes the whole thing. It is not overwritten, the whole policy changes in one swipe
4. delegating permissions management: you can create admins to manage your policies, and limited admins to manage other policies
5. automatic updates for AWS Managed Policies: updates are automatically made and applied for you

Question 16

what is a feature of an Inline Policy?

Answer 16

you control the policies down to the person and the line. but if you had such a special permission, when you delete something, it goes away forever

Question 17

how can you grant permissions in AWS?

Answer 17

you can assign them individually or by groups

Question 18

how do groups receive permission?

Answer 18

by attaching a policy document

Question 19

what script are policies written in?

Answer 19

JSON JavaScript Object Notation

Question 20

what is a Role?

Answer 20

it is a job identifier

Question 21

what is an AWS Service Role?

Answer 21

it is a role that a service assumes to perform actions in your account on your behalf

Question 22

what is an AWS service role for an Elastic Cloud Computing (EC2) instance?

Answer 22

it is a role for an instance running on ECS, and the instance performs certain tasks in your account

Question 23

what is an AWS service-linked role?

Answer 23

a unique type of service role that is linked directly to an AWS service

Question 24

what does Role Chaining allow?

Answer 24

Role Chaining allows you to grant additional roles for up to one hour at a time

Question 25

how long is the permission granted for AssuemRole?

Answer 25

12 hours

Question 26

how do you grant permissions to users in a different account?

Answer 26

Delegate a role to a trusted account,

be careful, delegated users drop all their permissions while they are in the delegated role

Question 27

what is Federation?

Answer 27

it is the creation of a trust relationship between an external identity provider and AWS, like Facebook. You can link identity login to a trusted site

Question 28

how can you simplify your billing into a single payment method?

Answer 28

organize your accounts under one Root Account

Question 29

name 4 benefits of organizing accounts into Organizational Units

Answer 29

1. administer all accounts as a single unit
2. you can organize everything into a tree-like structure
3. an Organizational Unit can control other Organizational Units
4. you can set policies for parent OUs and the policy will enact on all of the child OUs

Question 30

what kind of account do you use to create the organization?

Answer 30

Management Account

Question 31

what kind of account is responsible for paying all charges that are accrued by the member accounts?

Answer 31

Management Account

Question 32

name 6 things you can do with a Management Account

Answer 32

1. create accounts in the organization
2. invite other existing accounts to the organization
3. remove accounts from the organization
4. manage invitations
5. apply policies to entities within the organization
6. enable integration with supported AWS services to provide functionality across all of the accounts in the organization

Question 33

the process of asking another account to join your organization is called what?

Answer 33

Invitation

Question 34

what kind of account can issue an invitation?

Answer 34

Management Account

Question 35

what kind of policy specifies the services and actions that users and roles can use within accounts?

Answer 35

Service Control Policies (SCP)

Question 36

do Permissions overstep Service Control Policies (SCPs)?

Answer 36

no

Question 37

how does an Allow List work?

Answer 37

an Allow List assumes that all actions are denied except actions specified on the Allow List

Question 38

how does a Deny List work?

Answer 38

a Deny List assumes that all actions are allowed except actions specified on the Deny List

Question 39

what policy do you opt-out from in order to not share customer content with AWS

Answer 39

Artificial Intelligence (AI) services opt-out

Question 40

what policy do you use to configure and deploy backup plans for your resources?

Answer 40

Backup Policy

Question 41

what type of policy helps you standardize tags across resources across all of the accounts in your organization?

Answer 41

Tag Policy

Question 42

name 4 benefits from using the Consolidated Billing Feature

Answer 42

1. one bill for multiple accounts
2. easy tracking: track the charges across multiple accounts and download the combined cost and usage data
3. combined usage: combine the usage of all accounts in order to receive volume pricing discounts
4. no extra fee: Consolidated Billing is free to use

Question 43

what has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time?

Answer 43

AWS Cost Explorer

Question 44

name 4 ways to manage your costs with AWS Budgets.

Answer 44

1. set an alert to notify you when you meet a fixed spending target, or if you are forecasted to meet a spending target. this can be set to help you stay within a free tier of AWS services
2. set a monthly budget with a variable spending target
3. set a monthly cost budget across your entire account
4. set a daily utilization or coverage budget to track your Reserved Instances or Savings Plans

Question 45

how many times a day is AWS Budgets updated?

Answer 45

up to 3 times a day

Question 46

name 6 types of AWS Budgets

Answer 46

1. Cost budgets
2. Usage budgets
3. RI utilization budgets
4. RU coverage budgets
5. Savings Plans utilization budgets
6. Savings Plans coverage budgets

Question 47

which budget plans how much you want to spend on a service?

Answer 47

Cost budget

Question 48

which budget plans how much you want to use on one or more services?

Answer 48

Usage budget

Question 49

which budget lets you define a usage threshold and receive alerts when the usage falls below that threshold?

Answer 49

RI utilization budgets or

Savings Plans utilization budgets

Question 50

which budget lets you receive alerts when the number of instance hours falls below a certain threshold?

Answer 50

RI coverage budgets or

Savings Plans coverage budgets

Question 51

can you disable data collection after you enable billing alerts?

Answer 51

no, but you can delete any billing alarms that you created

Question 52

what is the name of a fully managed messaging service for both application-to-application (A2A) and application-to-person (A2P) communication?

Answer 52

Amazon Simple Notification Service (SNS)

Question 53

what are 4 benefits of using Amazon SNS?

Answer 53

1. send messages to millions of users
2. messages are sent and re-sent for multiple, geographically separated servers and data centers
3. SNS uses Amazon Cloud, so messages scale with you
4. messages will always be sent in the correct order

Question 54

how much does SNS cost?

Answer 54

1. $0.50 per 1 million SNS requests
2. $0.06 per 100,000 notification deliveries over HTTP
3. $2.00 per 100,000 notification deliveries over email

Question 55

what is the billing cycle for SNS?

Answer 55

the first day to the last day of the month

Question 56

do SNS prices include taxes?

Answer 56

no

Question 57

in what order are SNS messages delivered?

Answer 57

in the order they were published, unless there is a network issue

Question 58

can SNS messages be deleted?

Answer 58

no

Question 59

what can you use to explore AWS services and create an estimate for the cost of your use cases on AWS?

Answer 59

AWS Pricing Calculator

Question 60

what are 5 common oversights that customers make that can drive up their Cloud spending?

Answer 60

1. orphaned resources. These forgotten instances just keep running in the background and consume resources
2. misconfigured storage resources. Holding on to data that is useless, or putting data in the wrong type of storage (putting a low-use data into SSD instead of Glacier)
3. over-provisioned resources. Resourced do not need over-provisioning since AWS can scale with your growth
4. incorrect pricing plans. are you using a pricing plan that best aligns with your usage?
5. overlooking newer technologies. New technologies are made to improve efficiency and productivity. It is good practice to seek new, efficient tools to reduce Total Cost of Ownership (TCO)