Cloud Computing and AWS CloudTrail Quiz

Questions and Answers

What is the default retention period for events in CloudTrail's Event History?

60 days

120 days

90 days (correct)

30 days

Which type of events does CloudTrail log by default?

Management Events (correct)

Service Events

API Events

Data Events

Which of the following services logs events globally and directs them to us-east-1?

Lambda

EC2

S3

IAM (correct)

What must be enabled for a trail to log Data Events such as S3 object uploads?

Data Events (C)

How is a trail configured to log events for all regions?

All region trail (A)

What is the approximate delay in event logging for CloudTrail?

15 minutes (D)

What format does CloudTrail use to store events in an S3 bucket?

Compressed JSON files (B)

Which statement accurately describes how CloudTrail operates with regards to AWS services?

Regional services log events in the region created. (A)

What is a characteristic of on-demand self-service in cloud computing?

Allows immediate access through a user interface or command line interface (D)

Which cloud model combines the features of both public and private clouds?

Hybrid Cloud (B)

Which cloud service model allows clients to manage everything from data to facilities?

On-Premises (C)

What distinguishes a public cloud from a private cloud?

Public cloud services can be accessed by anyone over the internet (C)

In the Infrastructure as a Service (IaaS) model, what aspects does the vendor manage?

Facilities, servers, and operating system up to the OS level (C)

What is the key benefit of resource pooling in cloud computing?

Economies of scale leading to cost reductions (A)

What defines a multi-cloud strategy in cloud computing?

Using multiple public cloud services simultaneously (B)

What is one of the primary features of rapid elasticity in cloud services?

Automatic scaling of resources based on current load (A)

What is the role of CloudFormation in the AWS infrastructure?

To synchronize logical resources with physical resources in your AWS account. (B)

Which option correctly describes a namespace in CloudWatch?

A unique container for monitoring data that can be named freely, excluding AWS service names. (C)

In CloudWatch, what is the significance of dimensions?

They separate data points for different perspectives within the same metric. (D)

What triggers an alarm in CloudWatch?

The transition of metric states, such as OK or ALARM. (A)

Which statement reflects the Shared Responsibility Model correctly?

AWS is responsible for the security of the cloud infrastructure itself, while customers manage the security of their applications. (C)

What type of data does CloudWatch collect as metrics?

Dynamic, time-ordered sets of data points, such as CPU usage. (A)

What is a characteristic of an alarm state in CloudWatch?

It can perform automated actions or send notifications based on performance thresholds. (B)

What happens to an object that is not accessed for 30 days?

It shifts to Standard-IA. (D)

How many stacks can a single template create in CloudFormation?

An unlimited number of stacks. (B)

Which action is NOT part of S3 Object Lifecycle Management?

Replicating objects to a different region. (A)

When implementing S3 replication between different accounts, what must be done?

A bucket policy must be added on the destination account. (D)

What is the default behavior regarding object ownership in S3 replication?

Ownership of objects stays with the source bucket account. (B)

What is the maximum time an object can remain in Standard-IA before transitioning to Glacier?

180 days. (D)

Which statement about Intelligent-Tiering is correct?

It is beneficial for objects with unknown access patterns. (C)

In the context of S3 replication, what is the role of the IAM policy?

It allows the S3 service to read source bucket objects. (D)

What is the earliest an object can be purged after uploading?

90 days. (C)

What is the primary purpose of a Trust Policy in an IAM Role?

To specify which identities can assume the role. (A)

Which of the following best describes Temporary Security Credentials?

They are time-limited and need to be renewed through role reassumption. (B)

In a Break Glass Situation, what is required to justify accessing restricted resources?

An established reason for the elevated access. (A)

How does Web Identity Federation primarily facilitate access for applications with numerous users?

By allowing broader access through IAM roles. (A)

What happens when the Permissions Policy of an IAM Role is updated?

The permissions of previously granted temporary security credentials are also affected. (A)

What is the main advantage of using an IAM Role over attaching a policy directly to an identity?

Roles allow for better security and flexibility in assigning permissions. (A)

What does the Secure Token Service (STS) facilitate in the context of IAM Roles?

It generates temporary security credentials when a role is assumed. (D)

Which of the following statements about IAM Users and IAM Roles is accurate?

IAM Roles are primarily intended for short-term use by other identities. (A)

What is a benefit of splitting subnets into different tiers within a VPC?

It facilitates easier management of resources by function. (B)

Which of the following statements regarding the Custom VPC is accurate?

Hybrid networking allows a Custom VPC to connect to external networks. (C)

What is the maximum size of an IPv4 CIDR block that can be allocated for a VPC?

/16 prefix (D)

What is the main function of the DNS provided by Route 53 in a VPC?

To provide DNS hostnames for instances with public IPs. (C)

Which statement correctly describes the purpose of dedicated tenancy in a Custom VPC?

It locks resources to dedicated hardware at a premium cost. (D)

How does splitting a /16 subnet into 16 parts affect the individual subnet sizes?

Each subnet becomes a /20. (C)

Which IPv6 CIDR block size can typically be assigned to a VPC?

/56 (A)

What is a consequence of not allowing explicit configuration for traffic in and out of a VPC?

Traffic is isolated, preventing external access unless configured. (C)

Study Notes

AWS Certified Solutions Architect - Associate Master Cheat Sheet Study Notes

• Cloud Computing Fundamentals:

  • On-Demand Self-Service: Provision and terminate services via a UI/CLI without human interaction.
  • Broad Network Access: Access services over any network using standard protocols.
  • Resource Pooling: Economies of scale through shared resources.
  • Rapid Elasticity: Auto-scale resources to meet demand.
  • Measured Service: Pay for what you use.

• AWS Fundamentals:

  • AWS Support Plans: Basic (free), Developer, Business, and Enterprise.
  • Public vs. Private Services:
    • Public Cloud: uses a public cloud provider like AWS, Azure, or Google Cloud.
    • Private Cloud: on-premises cloud infrastructure.
    • Multi-cloud: uses more than one public cloud in a single deployment
    • Hybrid cloud: uses both private and public clouds in one environment

• AWS Global Infrastructure:

  • Regions: Specific geographic areas for AWS infrastructure (e.g., Ohio, California, Singapore).
  • Edge Locations: Local distribution points for faster data access for customers.
  • Management: Regions are connected, and some services are global (e.g., IAM).

• Regions and AZs:

  • AWS regions are geographical areas.
  • Availability zones (AZs) are isolated within a region, offering fault tolerance.

• Cloud Service Models:

  • On-Premises: The user manages all components.
  • Hosting: Vendor managed facilities, user provides the equipment.
  • IaaS (Infrastructure as a Service): Vendor provides servers up to the operating system, user manages the application on top.
  • PaaS (Platform as a Service): Vendor manages facilities, application, and OS, user manages the configurations of the application.
  • SaaS (Software as a Service): Vendor manages everything, including software and data.

• AWS Support Plans:

  • Basic (free): One user; basic support.
  • Developer: One user, basic support, general guidance provided.
  • Business: Multiple users, support, personal guidance.
  • Enterprise: Technical account manager.

• CloudWatch Basics:

  • Metrics, logs, and event hub.
  • Used to collect and manage operational data.

• High Availability (HA), Fault-Tolerance (FT), and Disaster Recovery (DR):

  • Aims for high uptime, rapid recovery from failures, and disaster preparedness.
  • Fault tolerance ensures continoued proper working despite some components failing.
  • Disaster Recovery addresses recovery from potentially catastrophic events.

• Domain Name System (DNS):

  • DNS translates human-readable domain names to IP addresses.
  • Includes parts such as DNS clients, resolvers, zones, zone files, and nameservers.

• RDS (Relational Database Service):

  • Systems for storing and managing data.
  • Structure is defined via schemas comprised of tables.
  • SQL (Structured Query Language) is a feature used.

• Security Groups:

  • Boundaries that filter network traffic.
  • Attached to a resource.
  • Stateful rules.
  • Implicit deny.
  • Must be configured.

• Network Address Translation (NAT):

  • Changes source and destination of data packets to allow external access.
  • Requires an external public IP.

• EC2 (Elastic Compute Cloud):

  • Provides virtual machines (VMs) for compute.
  • Infrastructure as a service
  • Different instance types.
  • Bootstrapping via user data.

• IAM (Identity and Access Management):

  • Identity Policies: Statements allow or deny access to AWS resources.
  • Statement Components:
    • Statement ID (SID): Descriptive name for the statement.
    • Effect: Allow or Deny.
    • Actions: Specific operations.
    • Resources: Target resources.
  • Priority Level: Explicit Deny, Explicit Allow, and Default Deny (Implicit).
  • Policies: Inline Policies (individual) or Managed Policies (shared).
  • Users: For humans and applications accessing AWS services.
  • Groups: Logical groupings to manage permissions for multiple users.
  • Roles: Assumed roles grants permissions to other identities.

• S3 (Simple Storage Service):

  • Object storage.
  • Private by default.
  • Uses Object Keys for identification within the bucket
  • Uses Bucket Policies to control access
  • Versioning is used to keep multiple versions of any object.

• Static Hosting:

  • Enables to host static websites stored in S3.

• Encryption at Rest:

  • Data in storage is encrypted. User Data

• Encryption in Transit: Secure transmission of data over the Internet.

• Object Versioning and MFA Delete:

  • Retain historical versions of objects. Adds extra security.

• Cross-Account Access:

  • Allows access to resources in other AWS accounts through roles.

• VPC (Virtual Private Cloud):

  • Isolated network.
  • Has route tables and subnets.
  • Enables using private IP addresses or public address.

• Security Groups (and Network Access Control Lists (NACLs)):

  • Manage traffic in/out.

• Internet Gateway:

  • To connect to the internet.

• Gateway Endpoints:

  • Simplified access to public services within a VPC.

• Interface Endpoints:

  • Private access to public services.

• VPC Peering:

  • Networking connection between VPCs.

• Hybrid and Migration:

  • Site-to-Site VPN: Connects on-premises network to VPC.

• AWS Direct Connect: Direct connection to AWS network.

• Storage Gateway: Hybrid storage capabilities.

• Snowball/Snow Mobile: Physical devices to transfer large amounts of data.

• AWS Directory Service:

  • Manages on-premises directories in AWS.

• Advanced-VPC:

  • Detailed information about VPCs, including advanced features and concepts.

• CloudWatch Logs:

  • Logs data, configured per region.

• CloudWatch Events/EventBridge:

  • Orchestrates actions on other services in response to events.

• Route 53: DNS service.

  • Hosted Zones: Data structures for controlling DNS records.

Description

Test your knowledge on AWS CloudTrail and cloud computing fundamentals. This quiz covers key concepts such as event logging, cloud service models, and the characteristics of public and private clouds. Perfect for those studying cloud technologies.