- Why is using access key pair (Access Key ID and Secret Access Key) a bad practice?
- What are the mitigation strategies and alternatives?
- Access Keys Risks in AWS - Checkred
- Using temporary credentials with AWS resources - AWS Identity and Access Management
- Requesting temporary security credentials - AWS Identity and Access Management
- Draw a diagram which shows the following:
- Region with e.g. 3 Availability Zones
- 2VPCs with 2 subnets, 1 public and 1 private, in each VPC
- Internet Gateway, NAT and routing tables
- EC2 instances and security groups
- Example: VPC for web and database servers - Amazon Virtual Private Cloud
- Explain how to implement and execute (temporary) authentication from one AWS account into another via roles (cross-account API access)?
- AWS DNS
- What is Amazon DNS server?
- VPC - Virtual Private Cloud
- Can VPC span multiple AZs?
- Can VPC span multiple regions?
- VPC Settings contain DHCP settings section where we can select DHCP option set. What does DHCP option set define? (3)
- VPC Settings contain DNS settings section where we can enable DNS resolution and DNS hostnames. What is the meaning of these 2 options?
- VPC - Subnets
- What is the purpose of subnets?
- Can a subnet span multiple AZs?
- What does it mean when some AWS resource e.g. an RDS DB instance is associated with multiple subnets? [amazon web services - why is rds in 3 subnets in aws - Stack Overflow]
- VPC - Routing Tables
- What does route table contain? What are destinations and what are targets. Name a few possible destinations and targets.
- What is a main route table? Can it be modified? Can it be deleted?
- What are subnet route tables? Can one subnet route table be associated by multiple subnets? How many route tables can subnet be associated with?
- VPC - Security Groups
- What are Security Groups?
- Does every VPC (default and custom) come with a security group? Is that a default security group and what is its name?
- Which AWS resources can be associated to security group(s)?
- What is the minimum & maximum number of security groups that AWS Lambda can be associated with?
- Is it recommended to use the default security group?
- Do resources have any security group if they are not assigned one during their creation?
- Can rules of the default security group be changed (edited)?
- Can default security group be deleted?
- What are the default inbound and outbound rules of the default security group?
- Default security groups for your VPCs - Amazon Virtual Private Cloud
- If security group has no outbound rules, does it mean that it prevents any outbound traffic?
- How to block all outbound traffic?
- How to specify deny-all outbound rule?
- Why are Security groups stateful firewalls?
- VPC - Peering Connections
- What are VPC Peering Connections?
- Where can peering VPCs reside? (account, region)
- What are requester and accepter?
- How is peering requested in AWS console and how is it accepted?
- Is connection fully bi-directional? (Can resources in each VPC initiate a connection?)
- RDS
- Describe the difference between 3 types of deployment options (readability of standby instances):
- Single DB instance
- Multi-AZ DB instance
- Multi-AZ DB cluster
- What does DB subnet group define?
- What does it mean when public access to RDS instance is enabled? Who can access the instance and how is this controlled?
- What is the purpose of VPC security groups associated to RDS instance?
- Is it possible to copy snapshots from one to another region? [Cross-Region Snapshot Copy for Amazon RDS | AWS News Blog]
Further reading:
No comments:
Post a Comment