AWS Cloud Practitioner Certification Exam (2023) || Questions & Answers (Graded A+)

AWS Cloud Practitioner Certification Exam (2023) || Questions & Answers (Graded A+) AWS Cloud Practitioner Certification Exam (2023) || Questions & Answers (Graded A+) Cloud benefits over on-premises - ANSWER - 1. Trade capital expense for variable expense 2. Massive economies of scale 3. Stop guessing capacity 4. Increase speed and agility 5. Stop spending money on running and maintaining data centers 6. Go global in minutes Basic benefits of the cloud - ANSWER - 1. Scalability - ability to resize your resources as necessary. 2. Agility - increasing speed (via global reach), ease of experimentation (via access to new resources) 3. Innovation - experiment quickly 4. Efficiencies of Scale - deploy system in multiple regions around the world providing lower latency, and a better experience for your customers at a minimal cost. 5. Reliability - ability to recover from infrastructure service failures AWS Shared Responsibility Model - ANSWER - 1. User Data 2. Applications 3. Guest Operating System ------------------------------ 4. Hypervisor (virtual machine monitor) 5. Network 6. Physical AWS Cloud - ANSWER - Access to servers, database, storage, higher-level application components in seconds. Treat them as temporary and disposable resources, free from the constraints of fixed and finite IT infrastructure. Reduce risks, auto scale, ensure reliable coverage even in the face of a natural disaster, and secure data. Security Compliance - Responsibility of Customer - ANSWER - Customers are responsible for configuring in secure and controlled way 1. Must review info/resources available to meet compliance requirements 2. Designs/Implements controls owned by outside parties 3. Verifies all control objectives are met Security Compliance - Responsibility of AWS - ANSWER - AWS's approach to compliance: works with 3rd party auditors/agents to provide customers compliant security. 1. Risk management = reevaluate 2x/year (at least) to identify the risk and address them 2. Control environment = internal and external assessments 3. Information security = establish framework and policies, formal progress to protect confidential data Security Best Practices - ANSWER - a. Test often, patch quickly, and respond to incidents at a lightning speed b. Data Security: resilient infrastructure, highly secure, strong safeguards c. Continual Improvement: constant evolving on IAM, logging, DDOS protection d. Advanced Security Services: address real-time emerging risk, ops management e. Network Security: built-in firewalls, encryption in transit, private/dedicated connection, DDOS mitigation f. Inventory and Configuration Tools: deployment, template management, definitive tools g. Data Encryption: encryption capabilities, key management options, hardware based key h. Access Control: IAM, multi-factor authentication, integration and federation w/corporate discretion, Amazon Cognito, SSO i. Monitoring & Logging: visibility into API calls, log aggregation, alert notification IAM - ANSWER - Identity and Access Management Groups - ANSWER - collection of users, users can be in multiple groups Users - ANSWER - permanent named operator. Credentialed or temporary. Human or machine. Automated method. Role - ANSWER - authentication method, operator, human or machine. Credentialed or temporary. Role ≠ permissions. Policy Documents - ANSWER - Permissions. Json. Attached to either a role, group, or user. Looked at from a single view. i. Deny Statements: Override any Allow statements ii. Implicit allow if there is not a deny statement iii. Every API action (successful or denied) is recorded in Cloudtrail If there are no policy documents attached to IAM, nothing happens but it gets tracked in CloudTrail Amazon Inspector - ANSWER - Automated security assessment service. Eliminates security risks - runs security benchmarks against specific EC2 instances. i. Looks for deviations from best practices or vulnerabilities ii. Findings are dependent on choices of rule packages iii. Vulnerabilities found before and after deployment iv. API driven - can be integrated in devops process v. Visibility in security testing during app development vi. Can define standards and best practices for organizational enforcement