AWS Certified Solutions Architect –
Associate 2022 Latest Questions And
Answers
Account and Services Layer - Answer- Represents how users create,
... [Show More] access, and
manage an AWS account and its services.
root user - Answer- The login created when an AWS account is first created and that
has full administrative rights and access to every part of the account.
IAM user - Answer- A login created in IAM with varying degrees of access to the
AWS account controlled with IAM Policies.
application programming interface (API) - Answer- A set of subroutine definitions,
communication protocols, and tools for interacting with a service.
What are the account connection tools? - Answer- AWS Management Console, AWS
CLI, AWS SDK
AWS Management Console - Answer- A web-based graphical user interface, which
uses API calls, for accessing and administering AWS resources.
AWS Command Line Interface (CLI) - Answer- A text-based interface for accessing
and administering AWS resources through API calls.
AWS Software Development Kit (SDK) - Answer- Integrates AWS Services with
custom applications through API calls written in a variety of languages.
Physical and Networking Layer - Answer- Represents the global infrastructure of
AWS in terms of where resources are physically located and how data flows through
the network.
Region - Answer- An autonomous collection of Availability Zones that are in
geographical proximity and share high-speed connections between each other.
What influences the choice of region? - Answer- Proximity to users or administrators
for low latency, data sovereignty regulations, service availability, and price.
Availability Zone - Answer- The foundation of AWS's approach to high availability
and fault tolerance consisting of groups of data centers that are linked together but
physically isolated so that an outage impacting one data center does not impact
another.
data center - Answer- The physical building housing the servers and other hardware
running AWS.
Edge Location - Answer- One of over 100 data centers located around the world
designed to provide low latency access to content hosted on AWS.
Which services are available at an Edge Location? - Answer- Route 53, CloudFront,
AWS Shield, AWS WAF, Lambda@Edge, S3 Transfer, API Gateway.
Regional Edge Cache - Answer- Where CloudFront stores content that has been
ejected from an Edge Location so that it does not have to go back to the origin for it.
high availability - Answer- Architecture that continues to remain available to end
users in the event of a component or systems failure.
fault tolerance - Answer- Architecture that not only remains available during an
outage but suffers no degradation in performance.
scalability - Answer- The ability of a system to easily increase in size and capacity in
a cost-effective way.
vertical scaling - Answer- Increasing the capacity of a single instance or server.
horizontal scaling - Answer- Increasing the number of instances or servers.
elasticity - Answer- The ease of a system's ability to change or adapt not only scaling
up but scaling down.
cost efficient - Answer- Making the trade-offs required to make a system as
inexpensive as possible while meeting all functional requirements.
secure - Answer- Following the proper guidelines and practices to protect a system
at every layer.
Shared Responsibility Model - Answer- AWS is responsible for security of the cloud
(global infrastructure and foundation services) and customers are responsible for
security in the cloud (virtual environment, data, and applications).
Identity and Access Management (IAM) - Answer- Manages AWS users, groups, and
roles and their access to AWS accounts and services.
What are common uses of IAM? - Answer- Managing users, groups, roles, IAM
Access Policies, API keys, password policies, and MFA requirements.
What access does a new IAM user have? - Answer- None. There is an implicit deny
rule set on all new IAM users.
What scope does IAM have? - Answer- Global. IAM permissions apply to all zones.
What are best practices for IAM? - Answer- Delete the root access keys. Activate
MFA on the root user. Create and use an IAM user with Admin privileges instead of
the root user. Create individual IAM users. Use groups to assign permissions. Follow
the Principle of Least Privilege. Apply an IAM password policy.
IAM policy - Answer- A JSON document that formally states one or more
permissions.
administrator access - Answer- Full access to all AWS resources.
power user access - Answer- Full access to all AWS resources except for user and
group management.
read-only access - Answer- Can only view AWS resources.
Amazon Resource Name (ARN) - Answer- The unique identifier for AWS resources.
What tools are available for creating custom policies? - Answer- Visual editor and
JSON editor.
AWS policy - Answer- A standalone policy that is created and administered by AWS.
customer managed policy - Answer- A standalone policy that is created and
administered by a user.
inline policy - Answer- A policy that is an inherent part of a user, group, or role.
IAM group - Answer- Allows for assigning IAM permission policies to more than one
user at a time.
IAM role - Answer- Something that another entity can assume and in doing so
acquire temporary permissions.
What kind of entities can assume an IAM role? - Answer- AWS services, AWS
accounts, IAM users, IAM groups, IAM roles, and federated users.
Why must roles be used? - Answer- Policies cannot be attached to AWS services.
trust policy - Answer- Defines the entities that have permission to assume an IAM
role.
How long until an IAM role's permissions expire? - Answer- Between 15 minutes and
12 hours.
cross-account access - Answer- Granting an AWS account permissions within
another AWS account through IAM roles.
API access key - Answer- Used to sign programmatic requests to AWS from AWS
CLI, Tools for Windows PowerShell, AWS SDKs, and direct HTTP calls using the
APIs for individual AWS services.
What parts does an API access key have? - Answer- Access key ID and secret
access key.
When is the secret access key available? - Answer- Only when the access key is
first created.
IAM Security Token Service (STS) - Answer- An API endpoint that grants a
temporary set of access keys when called.
What does an STS API call return? - Answer- A credential object containing a
session token, an access key ID, a secret access key, and an expiration timestamp.
What are the STS API calls? - Answer- AssumeRole, AssumeRoleWithWebIdentity,
AssumeRoleWithSAML, GetFederationToken, GetSessionToken
AssumeRole - Answer- Cross-account delegation and federation through a custom
identity broker.
AssumeRoleWithWebIdentity - Answer- Federation through a web-based identity
provider, such as Facebook or Google.
AssumeRoleWithSAML - Answer- Federation through an enterprise identity provider
compatible with SAML 2.0.
GetFederationToken - Answer- Federation through a custom identity broker.
GetSessionToken - Answer- Temporary credentials for users in untrusted
environments.
What is the difference between AssumeRole and GetToken? - Answer- AssumeRole
grants a permissions policy associated with a particular role for up to 12 hours.
GetToken grants credentials for a specific IAM user for up to 36 hours used for
access permissions outside of AWS.
Identity Federation - Answer- Authenticate users using an Identity Broker
Application, whether a customer identity provider, LDAP/Active Directory, or web
identity, running outside of AWS.
AWS Organizations - Answer- Allows for a root/master AWS account that
consolidates billing and uses service control policies that restricts the permissions of
other AWS accounts.
What are the benefits of STS? - Answer- Not embedding long-term security
credentials in an application, the ability to grant access to AWS resources without
having to create an IAM identity for them, and not having to rotate or revoke
temporary credentials.
Elastic Compute Cloud (EC2) - Answer- A web service that provides secure, reizable
compute capacity in the cloud. Continues.... [Show Less]