AIAM

Question 1

What is AWS Directory Service?

Answer 1

It has a list of services which allows you to connect AWS resources with on-premise Microsoft Active Directory.

Question 2

What is Active Directory?

Answer 2

On-premise Microsoft Directory Service which contains list of Users, Groups, Computers & Group Policy.

Question 3

What is LDAP?

Answer 3

Lightweight Directory Access protocol

Question 4

List of AWS Directory Service?

Answer 4

AWS Managed Microsoft AD
Simple AD
AD Connector

Question 5

What is AWS Managed Microsoft AD?

Answer 5

This provide AD Domain Controller running on Windows Servers for Each AZ.
These controllers are reachable by your application on VPC.

Question 6

Default no of Domain controller available for AWS Managed Microsoft AD?

Answer 6

2

Question 7

What is AD Trust?

Answer 7

Extend existing AD to on-premises using AD Trust.

Question 8

What is Simple AD?

Answer 8

Simple AD is a standalone directory in cloud to support Windows workloads that need basic AD features.

Question 9

Which is perfect candidate for Simple AD implementation?

Answer 9

Linux workloads that need LDAP

Question 10

Managed AD vs Simple AD?

Answer 10

Simple AD does not support AD Trust.

Managed AD support AD Trust.

Question 11

What is AD Connector?

Answer 11

AD Connector is a directory gateway/proxy for your on premises directory with AWS Services.
On premises users can log in AWS using AD Connector.

Question 12

What is Cloud Directory?

Answer 12

Directory based store for developers

Question 13

What is AWS Cognito User Pools?

Answer 13

Managed user directory for SAAS application.

Question 14

What are the list of AD Compatible services?

Answer 14

AWS Managed Microsoft AD
Simple AD
AD Connector

Question 15

Non AD Compatible?

Answer 15

Cloud Directory

Cognito user pools

Question 16

What is ARN?

Answer 16

Amazon Resource Name is used to identify any resource in AWS

Question 17

ARN format?

Answer 17

“Begins with: arn : partition : service : region : account_id
End with: resource or resource_type or resource_type/resource or resource_type/resource/qualifier”

Question 18

What is inline policy?

Answer 18

Inline policy scope is limited to specific role; you cant assign inline policy to other role.

Question 19

What is AWS Resource Access Manager?

Answer 19

AWS RAM allows you to create resources centrally & allows resource sharing to other accounts.

Question 20

What is SAML?

Answer 20

Security Assertion Markup Language

Question 21

AWS responsibility for AWS managed Microsoft AD?

Answer 21

Multi AZ Deployment
Patch Monitor & recovery
Software update
backup & restore

Question 22

Customer responsibility for AWS managed Microsoft AD?

Answer 22

User ,Group & GPO
Standard AD Tools
AD Trust
Scale out Domain Controller
AD Trust
Certificate
Federation

Question 23

Simple AD Sizes?

Answer 23

Small -500 & Large -5000

Question 24

Can you connect Simple AD with on-premise AD?

Answer 24

No

Question 25

List of policy types?

Answer 25

identity policy | resource policy

Question 26

identity policy?

Answer 26

Attached to IAM user, group & role; This policy let you specify what an identity can do.

Question 27

resource policy?

Answer 27

It is attached to an resource; you can specify who has access to resource & what actions they can perform.

Question 28

AWS Single Sign on?

Answer 28

SSO service helps centrally managed access to aws accounts & business applications.

Question 29

Does simple AD support AD Trust?

Answer 29

NO

Question 30

IAM policy structure?

Answer 30

Effect/Action/Resource

Question 31

Policy Evaluation Logic?

Answer 31

Denay policy take president than Allow policy

Question 32

AWS Managed policy?

Answer 32

Created by AWS

Question 33

Customer Managed policy?

Answer 33

Created by users

Question 34

Permission boundary?

Answer 34

It control maximum permission an IAM policy can grant.

Question 35

Types of resource you can share in RAM?

Answer 35

``` App Mesh Aurora Code Build EC2 EC2 Image Builder License manager Resource Group Route 53 ```