AWS Developer

Question 1

What are the 3 types of IAM Roles?

Answer 1

1. AWS Resources (Delegation)
2. Cross Accounts (permissions to IAM users across AWS accounts)
3. Federated Identity

Question 2

What is an IAM Role Federation?

Answer 2

The use of and external IdP (Identity Provider) for authentication of the user.

Question 3

What is an IdP?

Answer 3

Identity Provider - Can be used for authentication in applications.

Question 4

What is a Policy?

Answer 4

A JSON document that states the permissions that can be applied to IAM users, groups, roles, or resources.

Question 5

What are Inline Policies?

Answer 5

A policy created for a specific user, group, or role.

Question 6

What are Managed Policies?

Answer 6

Policies that are either built-in AWS policies or customer created. Any update to an existing managed policy will create a new policy.

Question 7

What is STS?

Answer 7

Security Token Service - An AWS web service that provides dynamic temporary security credentials from an IAM user or for a federated user like in Web Identity Federation (granted from IdPs).

Question 8

What is a Private Cloud?

Answer 8

Infrastructure and application services provided from secured remote facilities for IT services on-demand that is controlled by a single organization. This requires manual upgrades by the staff and data center infrastructure.

Question 9

What is a Public Cloud?

Answer 9

Infrastructure and application services provided from secured remote facilities for IT services on-demand that is accessible to the public for subscription. Services are provided in a “pay as you go” model and resources tend to be unlimited. This is what AWS is.

Question 10

What is an ARN

Answer 10

Amazon Resource Name - A formatted string to identify resources in AWS.

Question 11

What is MFA?

Answer 11

Multi-Factor Authentication - A User setting to require a 6 digit authentication code that is provided through security hardware, software, or SMS.

Question 12

What is PaaS?

Answer 12

Platform as a Service - A development environment is provided by a third party.

Question 13

What is IaaS?

Answer 13

Infrastructure as a Service - Hardware or computing services provided by a third party.

Question 14

What is Elasticity?

Answer 14

The ability to add or remove resources based on demand.

Question 15

What is Scalability?

Answer 15

The ability add resources to an existing instance (scale up) or in parallel to an existing instance (scale out).

Question 16

What is IAM?

Answer 16

Identity and Access Management.

Question 17

What is NACL?

Answer 17

Network Access Control List are inbound and outbound network traffic rules applied at the subnet level.

Question 18

What is a Security Group?

Answer 18

Inbound and outbound network traffic rules applied to EC2 instances in a VPC.

Question 19

What is VGW?

Answer 19

Virtual Private Gateway

Question 20

What is CGW?

Answer 20

Customer Gateway

Question 21

What is CIDR?

Answer 21

A set of IP standards used to create a unique identity for a network.

Question 22

What is Egress Traffic?

Answer 22

Outbound network traffic.

Question 23

What is IGW?

Answer 23

Internet Gateway - a virtual router in a VPC for EC2 instances to communicate to the internet.

Question 24

What is MAC?

Answer 24

Media Access Control address.

Question 25

What is a Route Table?

Answer 25

A set of rules for a VPC that determines how network traffic is routed within it.

Question 26

What is an Egress-Only IGW?

Answer 26

A virtual router which only works with IPv6 for EC2 instances to have access to the internet, but the EC2 instances are not available from the internet.

Question 27

What is NAT?

Answer 27

Network Access Translation - a virtual router or gateway in a VPC that enables an instance in a private subnet to interact with the internet.

Question 28

What is an AZ?

Answer 28

Availability Zone - The location of the AWS servers within a regions. Each region has 2 or more Availability Zones.

Question 29

What is DHCP?

Answer 29

Dynamic Host Configuration Protocol - dynamically assigns IP addresses to instances in a VPC

Question 30

What is DNS?

Answer 30

Domain Name Server - used to translate domain names to an IP address and provide configuration information to instances within a network

Question 31

What is VPC Peering?

Answer 31

Used to connect two different VPCs within the same region for routing traffic between them using IPv4 or IPv6 address, so that the VPCs can communicate with each other.

Question 32

What is VPC Endpoint?

Answer 32

A service that sets up a private connection between different AWS services without going through communication gateways (IGW, NAT, VPN Connection,...)

Question 33

What is Instance Store for an EC2?

Answer 33

Temporary storage, which uses ephemeral block storage, where the data gets wiped out if the EC2 is stopped or terminated.

Question 34

What is EBS?

Answer 34

Elastic Block Storage - Used to persistent storage for EC2 instances.

Question 35

What is an AMI?

Answer 35

An image or template to create EC2 instances from.

Question 36

What is Lifecycle Management?

Answer 36

A tool in S3 that provides the ability to transition an object from one storage class to another

Question 37

What is RDS?

Answer 37

Relational Database Services - A database service, which automatically handles the hardware and database patches for particular databases.

Question 38

What is ADFS?

Answer 38

Active Directory Federation Service - uses Active Directory to get temporary credentials (STS).

Question 39

What is the ADFS API call?

Answer 39

AssumeRoleWithSAML

Question 40

What is the Web Identity Federation call?

Answer 40

AssumeRoleWithWebIdentity

Question 41

What is a Global Secondary Index (GSI) in DynamoDB?

Answer 41

An Index that can contain a partition key and a sort key that are not in the primary key and can span across all table partitions.

Question 42

What is a Local Secondary Index (LSI) in DynamoDB?

Answer 42

An Index that contains the partition key of the base table, but can have a different sort key.

Question 43

What is an SNS topic?

Answer 43

An access point between the publishing server and the subscribers to push messages to.

Question 44

What is CloudFormation?

Answer 44

The service provides the ability to script through code the creation of a cloud infrastructure.

Question 45

What is a CloudFormation Template (CFT)

Answer 45

The scripted program in JSON or YAML that is used to setup a new cloud infrastructure.

Question 46

What is Elastic Beanstalk?

Answer 46

A service for web applications that handles the creation of the appropriate infrastructure.

Question 47

What is Lambda?

Answer 47

A serverless compute service for running code or functions.

Question 48

What is the required section in a Template of Cloud Formation?

Answer 48

Resources

Question 49

How many days can an RDS instance be stopped.

Answer 49

7

Question 50

What is the maximum size of an item in a Dynamo DB table?

Answer 50

400 KB

Question 51

What is CORS?

Answer 51

Cross Origin Resource Sharing - Allows access from a client web application to resources hosted on a another domain, mainly to access S3 files. By default this access is prevented by web browsers, but this can be addressed through an XML document on the S3 bucket.

Question 52

What is an IAM Role?

Answer 52

An IAM entity that enforces one or more Policies.

Question 53

What is an ELB?

Answer 53

Elastic Load Balancer - An AWS Service to automatically distribute incoming network or application traffic to be processed accross multiple EC2 instances.

Question 54

What is a Sticky Session or Session Affinity in an ELB?

Answer 54

A setting to consistently route traffic from a particular user to the same target instance.

Question 55

What is the largest object size supported by S3?

Answer 55

5 TB

Question 56

What is the billing unit for running a Lambda function?

Answer 56

100 milliseconds

Question 57

What is AWS Storage Gateway?

Answer 57

A service to connect on-premise environments with cloud storage through software.

Question 58

What is CloudFront?

Answer 58

A content delivery network across the globe that caches data in different locations for speeding up transfer of data.

Question 59

What is EFS?

Answer 59

Elastic File System - A file storage service which can be used with multiple EC2 instances through NFS mounts, but it is not accessible through Windows based EC2 instances.

Question 60

How many S3 buckets can an AWS account have?

Answer 60

100, but Amazon can be contacted to increase the limit.

Question 61

What is the S3 Data Consistency policy.

Answer 61

For puts of new objects Read After Write Consistency. For overwrite puts and deletes, Eventual Consistency.

Question 62

What is Route 53?

Answer 62

An AWS DNS for routing user to AWS services or non-AWS infrastructure.

Question 63

What is SWF?

Answer 63

Simple Workflow Service - A workflow management service for building applications that can handle work through multiple resources.

Question 64

What Amazon Services are offered at no cost.

Answer 64

Auto Scaling, Amazon VPC

Question 65

How many DynamoDB tables are initially allowed for an account?

Answer 65

256

Question 66

What is the default Visibility Timeout set to in SQS?

Answer 66

30 seconds

Question 67

How large are the data chunks are SQS messages billed at?

Answer 67

64 KB

Question 68

How long can a SWF workflow task live?

Answer 68

1 year

Question 69

How long can a SQS message remain in the queue?

Answer 69

14 days

Question 70

How long can a message be made invisible to workers in SQS?

Answer 70

12 hours

Question 71

Name 4 supported languages by the AWS SDK.

Answer 71

``` Java .Net Node.js PHP Python Ruby Go C++ ```

Question 72

What is Server-Side Encryption?

Answer 72

Use the Amazon server to encrypt an object or data before saving it and then decrypting it when downloading.

Question 73

What is Client-Side Encryption?

Answer 73

Encrypting data or object client-side and uploading the encrypted data or object to AWS (S3). This requires manual management of the encryption process and encryption keys.

Question 74

What is the default timeout for a Lambda function?

Answer 74

3 seconds

Question 75

What is long polling in SQS?

Answer 75

Long polling is a setting through ReceiveMessageWaitTimeSeconds where a response returned when a message arrives in the SQS queue or it has timed out. This is done to save money over immediate return or short polling.

Question 76

How many SQS messages are available per month in the free tier?

Answer 76

1 million

Question 77

What is the general primary key strategy for Dynamo DB tables?

Answer 77

Many to few principle.

Question 78

How many secondary indexes are allowed on a Dynamo DB table?

Answer 78

10 - 5 local secondary and 5 global secondary

Question 79

What is the EC2 API call to retrieve a list of AMIs.

Answer 79

DescribeImages

Question 80

Can SWF Tasks be assigned more than once?

Answer 80

No

Question 81

What is the maximum number of Topics allowed per account for SNS?

Answer 81

100,000

Question 82

What is the maximum size limit for a EC2 Instance Store?

Answer 82

10 GB

Question 83

What is the AWS Direct Connect service?

Answer 83

Provides a dedicated private connection from a remote network to your PC.

Question 84

What is the maximum number of SWF activity types?

Answer 84

10,000

Question 85

What is SES?

Answer 85

Simple Email Service

Question 86

What is the max limit of parameters for a Cloud Formation Template?

Answer 86

60

Question 87

What is the maximum number of open SWF activity tasks?

Answer 87

1000

Question 88

What is the maximum number of subnets for a VPC?

Answer 88

200

Question 89

What is the maximum number parameters allowed in a CloudFormation Template?

Answer 89

60

Question 90

What is a Placement Group?

Answer 90

Determines how instances are deployed on the underlying hardware (hypervisor) as Cluster or Spread.

Question 91

What is Spot Pricing for instances?

Answer 91

Instances are deployed when the pricing for the instance type reaches an agreed pricing.