AWS Identity and Access Management (IAM)
30 Questions
33 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What AWS service is suitable for frequently accessed data?

  • S3 Glacier Deep Archive
  • S3 Standard-IA
  • S3 Glacier
  • S3 Intelligent Tiering (correct)

Which storage class is recommended for data archival for 3 to 5 years?

  • S3 Glacier Deep Archive (correct)
  • S3 Intelligent Tiering
  • S3 Glacier
  • S3 One Zone-IA

What is the primary function of AWS Backup?

  • Data analysis and reporting
  • Data storage optimization
  • Automating and governing data backup (correct)
  • Managing AWS billing

Which storage class offers the highest durability?

<p>S3 Glacier Deep Archive (A)</p> Signup and view all the answers

When is S3 Glacier typically used?

<p>For archiving purposes (A)</p> Signup and view all the answers

What feature does AWS Backup provide to automate backups across AWS resources?

<p>Backup console (B)</p> Signup and view all the answers

How can one troubleshoot a large transfer compared to a small transfer?

<p>It is more complex to troubleshoot a large transfer (C)</p> Signup and view all the answers

What feature helps in transferring data at a faster rate with Snowball?

<p>Parallelization (A)</p> Signup and view all the answers

What functionality distinguishes Snowball Edge from regular Snowball devices?

<p>Local processing and edge-computing workloads capabilities (D)</p> Signup and view all the answers

Which category of AWS Snow family provides block storage, object storage, and 40 vCPUs?

<p>Snowball Edge Compute Optimized (D)</p> Signup and view all the answers

What is one of the main use cases of AWS Snowball according to the text?

<p>Regularly transferring large amounts of data with clients or partners (B)</p> Signup and view all the answers

How are charges applied for AWS Snow services according to the text?

<p>Service Fee per Job - region-specific (C)</p> Signup and view all the answers

What is the primary purpose of an IAM User in AWS?

<p>To represent the person or service interacting with AWS (A)</p> Signup and view all the answers

Which AWS entity is considered the first principal in an AWS account?

<p>Root User (D)</p> Signup and view all the answers

What is the difference between an IAM User and the Root User in AWS?

<p>IAM User has no credentials attached, while the Root User does (D)</p> Signup and view all the answers

What is the function of an IAM Group in AWS?

<p>To create collections of IAM users with specific permissions (A)</p> Signup and view all the answers

Which AWS entity can be assigned to a federated user from an external Identity Provider?

<p>IAM Role (B)</p> Signup and view all the answers

How do IAM users access different permissions for specific tasks in AWS?

<p>By temporarily assuming an IAM Role (B)</p> Signup and view all the answers

What does AWS Key Management Service (AWS KMS) allow users to create and control?

<p>Encryption keys (D)</p> Signup and view all the answers

How are customer master keys (CMKs) in AWS KMS described?

<p>Consist of key ID, creation date, and key material (A)</p> Signup and view all the answers

What type of key is an asymmetric CMK in AWS KMS?

<p>Public-private key pair (D)</p> Signup and view all the answers

In AWS KMS, what are symmetric CMKs primarily used for?

<p>Data encryption/decryption (C)</p> Signup and view all the answers

What does AWS KMS integrate with to provide data at rest security?

<p>Amazon EBS and Amazon S3 (B)</p> Signup and view all the answers

For which kind of key pair is an asymmetric CMK in AWS KMS similar to?

<p>RSA key pair (A)</p> Signup and view all the answers

What type of CloudTrail event is represented in the example provided?

<p>Management events (A)</p> Signup and view all the answers

Which API operation falls under the category of Data events in CloudTrail?

<p>DeleteObject (A)</p> Signup and view all the answers

What is the purpose of CloudWatch in the AWS environment?

<p>To monitor and manage AWS service and resource activity (D)</p> Signup and view all the answers

Which region's activity does the CloudTrail log in the example pertain to?

<p>ap-south-2 (D)</p> Signup and view all the answers

Which type of event signifies unusual activity in CloudTrail?

<p>CloudTrail Insights events (B)</p> Signup and view all the answers

What is the source of the event in the CloudTrail log example?

<p>AWS Management Console (D)</p> Signup and view all the answers

Study Notes

S3 Storage Classes

  • S3 Standard: accessed data frequently, 99.99% durability, no minimum storage days
  • S3 Standard-IA (Infrequent Access): accessed data infrequently, 99.90% durability, 30 days minimum storage
  • S3 Intelligent-Tiering: unknown access patterns, 100% durability, 30 days minimum storage
  • S3 One Zone-IA (Kept in a Single Zone): non-critical data, 100% durability, 30 days minimum storage
  • S3 Glacier (For Archiving Purpose): long-term data archival, 100% durability, 90 days minimum storage
  • S3 Glacier Deep Archive (For Archiving Purpose): long-term data archival, 100% durability, 180 days minimum storage
  • RRS (Reduced Redundancy Storage): non-critical data, 99% durability

AWS Backup

  • Automates and governs data backup in the AWS cloud and on-premises
  • Features: backup console, backup APIs, AWS CLI
  • Scheduled backup plans (policies) for automating backup of AWS resources across AWS accounts and regions
  • Integrated with AWS CloudTrail and Amazon SNS

AWS Snowball

  • Secure service for transferring large amounts of data to AWS
  • Features: parallelization for faster data transfer, integrated with AWS CloudTrail and Amazon SNS
  • Types: Snowball Edge (compute-optimized, storage-optimized), Snowball Edge Compute Optimized, Snowball Edge Storage Optimized
  • Use cases: transferring large amounts of data with clients or partners, collecting and analyzing data for safety, efficiency, and productivity

IAM

  • Principle: an entity that makes a call for action or operation on an AWS resource
  • Users, groups, and roles are AWS principals
  • Root User: the first principal in an AWS account, with complete access to all AWS services and resources
  • IAM User: a user created in AWS, with access permissions depending on assigned policies
  • IAM Group: a collection of IAM users, with specific permissions assigned to the group
  • IAM Role: a user with policies attached, deciding what an identity can or cannot do

AWS Key Management Service (KMS)

  • Secure service for creating and controlling encryption keys
  • Integrated with other AWS services such as Amazon EBS and Amazon S3
  • Customer master keys (CMKs): symmetric and asymmetric keys, regional, and cannot be sent outside the region
  • CMKs: metadata, key ID, creation date, description, key state, and key material

AWS CloudTrail

  • Monitors and logs AWS API calls
  • Three types of events: management events (control plane operations), data events, CloudTrail Insights events (unusual activity events)
  • Example of CloudTrail log file: IAM log file showing the actions performed by IAM users

AWS CloudWatch

  • Monitors and manages the activity of AWS services and resources, reporting on their health and performance
  • Differs from CloudTrail, which resembles logs of all actions performed inside the AWS environment

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Description

Learn about managing access to AWS services and resources securely, attaching policies to users, groups, and roles, and understanding principals in IAM. Explore the differences between IAM user and root user in AWS.

More Like This

AWS Identity and Access Management (IAM)
20 questions
AWS IAM: Identity and Access Management
216 questions
AWS IAM Overview Quiz
21 questions

AWS IAM Overview Quiz

IllustriousMothman3831 avatar
IllustriousMothman3831
Use Quizgecko on...
Browser
Browser