Week 1: Introducing Amazon Web Series (AWS)

Contents hide

Spread the love

INTRODUCTION

The AWS Cloud Technical Essentials Week 1 is all about the introduction of core terms regarding cloud computing and its value proposition. On this program, you will see the differences between workloads in the cloud and those on-premises, learn how to create an AWS account, and view, among other things, an overview of Amazon Web Services (AWS), a description of how AWS Regions and Availability Zones are structured and affect your infrastructure. All the different options for interacting with AWS services are also covered. Last but certainly not least, you will explore the best practices for using AWS Identity and Access Management (IAM) to protect those resources.

Learning Objectives:

Define cloud computing and its value proposition.
Make a distinction between workloads running on premises and those in the cloud.
Describe Amazon Web Services.
Distinguish between AWS regions and availability zones.
Indicate the different methods of accessing AWS.
Set up an AWS account.
Learn IAM best practices.

WEEK 1 QUIZ

1. What are the four main factors that a solutions architect should consider when they must choose a Region?

Latency, price, service availability, and compliance (CORRECT)
Latency, security, high availability, and resiliency
Latency, high availability, taxes, and compliance
Latency, taxes, speed, and compliance

Correct: There are four main considerations an architect should factor in to reach a decision on choosing an AWS Region for hosting applications and workloads: latency, cost, service availability, and compliance. Addresses the individual considerations for a given region in terms of application-specific needs. Find more detailed information in the first week video on the AWS Global Infrastructure.

2. True or False: Every action a user takes in AWS is an API call.

True (CORRECT)
False

Correct: In AWS, every action user takes is an API call which has to be authenticated and authorized. These API calls can be made through the AWS Management Console, AWS Command Line Interface (AWS CLI), or the AWS SDKs. To know more about it the user can refer to the Interacting with AWS video.

3. Which statement BEST describes the relationship between Regions, Availability Zones and data centers?

Data centers are cluster of Availability Zones. Regions are clusters of Availability Zones.
Regions are clusters of Availability Zones. Availability Zones are clusters of data centers. (CORRECT)
Data centers are clusters of Regions. Regions are clusters of Availability Zones.
Availability Zones are clusters of Regions. Regions are clusters of data centers.

Correct: The AWS Cloud infrastructure is basically set up in regions and availability zones. Regions in AWS actually refer to a geographic area that has multiple Availability Zones. Each such Availability Zone has one or more data centers, all of which are powered, networked, and connected redundantly, and most importantly, are housed in different physical facilities to guarantee resilience. Refer to the AWS Global Infrastructure video in week 1 for more details.

4. What is a benefit of cloud computing?

Increase time-to-market.
Overprovision for scale.
Go global in minutes. (CORRECT)
Run and maintain your own data centers.

Correct: Going global in minutes means users could deploy applications unaware of how many AWS regions around the world — just in a matter of clicks — can actually expand applications to be big and go global. For further information, view the What is AWS reading.

5. A company wants to manage AWS services by using the command line and automating them with scripts. What should the company use to accomplish this goal?

AWS Management Console

AWS Command Line Interface (AWS CLI) (CORRECT)
AWS SDKs
AWS Management Console and AWS SDKs

Correct: The AWS CLI is a unified tool that is used to manage AWS services. By downloading and configuring the AWS CLI, the company can control multiple AWS services from the command line and automate them with scripts. For more information about the correct answer, see the Interacting with AWS reading.

6. What is a best practice when securing the AWS account root user?

Activate AWS Identity and Access Management (IAM) access to the Billing and Cost Management console
Use the root user for routine administrative tasks
Change account settings
Enable multi-factor authentication (CORRECT)

Correct: Using the AWS root user access key to sign in to your AWS account is a bad idea. The root user access key allows unrestricted access to all resources in all AWS services (including billing information), and its permission cannot be restricted. In this case, access keys associated with your root user must be deleted and you must enable multi-factor authentication (MFA) for the root user account. To learn more, please refer to the Protect the AWS Root User reading.

7. A solutions architect is consulting for a company. When users in the company authenticate to a corporate network, they want to be able to use AWS without needing to sign in again. Which AWS identity should the solutions architect recommend for this use case?

IAM Group
IAM Role (CORRECT)
AWS account root user
AWS Identity and Access Management (IAM) user

Correct: So actually, in IAM role, we do not attach any credentials such as passwords or access keys with it. This means the role is not tied to any one particular user and can be assumed by anyone needing it. An IAM user can assume a role temporarily for different permissions used solely for that particular action. Also, a role can be assigned to a federated user who has signed on with an external identity provider (IdP) and not by IAM. More information can be found in the Role Based Access in AWS video.

8. Which of the following can be found in an AWS Identity and Access Management (IAM) policy?

Effect
Action
Object
A and B (CORRECT)
B and C

Correct: There are multiple components that make up an IAM policy. They include Version, Statement, Sid, Effect, Principal, Action, Resource, and Condition. More about this can be found in the “Introduction to Amazon Identity and Access Management” document.

9. True or False: AWS Identity and Access Management (IAM) policies can restrict the actions of the AWS account root user.

True
False (CORRECT)

Correct: The root user of the account has complete access to all services and resources in AWS and, naturally, also to billing and personal data. It is advisable, therefore, to store the root user credentials securely and to use this user for daily tasks. For more information see: “Protect the AWS Root User”.

10. According to the AWS shared responsibility model, which of the following is the responsibility of AWS?

Controlling the operating system and application platform, as well as encrypting, protecting, and managing customer data.
Managing customer data, encrypting that data, and protecting the data through network firewalls and backups.
Managing the hardware, software, and networking components that run AWS services, such as the physical servers, host operating systems, virtualization layers, and AWS networking components. (CORRECT)
Managing customer data, encrypting that data, and protecting the data through client-side encryption.

Correct: AWS is accountable for the safeguarding and security of the AWS Regions, Availability Zones, and data centers, as well as the physical security of their buildings. Furthermore, AWS is responsible for the entire stack that makes AWS services run-from the ground up, hardware to software to the networking components.

11. Which of the following is recommended if a company has a single AWS account, and multiple people who work with AWS services in that account?

All people must use the root user to work with AWS services on a daily basis.
The company should create an AWS Identity and Access Management (IAM) group, grant the group permissions to perform specific job functions, and assign users to a group, or use IAM roles. (CORRECT)
The company must create AWS Identity and Access Management (IAM) users, and grant users the permissions to perform specific job functions.
The company must create an AWS Identity and Access Management (IAM) user and grant the user the permissions to access all AWS resources.

Correct: The creation of an IAM user group in a company will be followed by assigning such group with specific permissions depending on a job profile which would therein add up users. This set up makes it quite easy for the company to provide what resources an employee can access. Alternatively, the company can use IAM roles. Granular policies might then be applied to those roles. Refer to the “Introduction to AWS Identity and Access Management” documentation for more information.

12. True or False: According to the AWS shared responsibility model, a customer is responsible for security in the cloud.

True (CORRECT)
False

Correct: Redefining Responsibility Contours for Different Servers. Security in the cloud is the business of the customers while AWS does security of the cloud. Check out the “Security and the AWS Shared Responsibility” for more information.

13. Which of the following provides temporary credentials (that expire after a defined period of time) to AWS services?

Principle of least privilege
IAM role (CORRECT)
Identity provider (IdP)
AWS IAM Identity Center (successor to AWS Single Sign-On)

Correct: These temporary credentials will be available for use over a period of time within the range of 15 minutes to 36 hours when an individual user assumes the role with Amazon Web Services Identity and Access Management (IAM). For further information, kindly see the “Role Based Access in AWS” document.

14. A user is hosting a solution on Amazon Elastic Compute Cloud (Amazon EC2). Which networking component is needed to create a private network for their AWS resources?

Virtual private cloud (VPC) (CORRECT)
Instance
Tags
Amazon Machine Image (AMI)

Correct: A VPC is a personal network through which only the AWS resources traverse. Refer to the document “Hosting the Employee Directory Application on AWS” for more details.

CONCLUSION

TWB