AWS Certified SysOps Administrator Official Study Guide. Cole Stephen
in your default region.
Review Questions
1. Which of the following is a dependency of the AWS CLI for Mac and Linux?
A. C++
B. Python
C. Java
D.NET SDK
2. Which of the following AWS CLI output formats is best geared toward human viewing?
A. Table
B. JSON
C. Text
3. How can one split apart a long AWS CLI command line to make it more easily readable by the operator?
A. Use the semi-colon (;) between statements, with a newline after each backslash.
B. Press Enter after every three words, followed by the Enter key twice at the end of the statement.
C. Use backslashes (\) every few words, with a newline after each backslash.
D. Use the tab key between each word.
4. For which languages are AWS SDKs available? (Choose all that apply.)
A. Ruby
B. Basic
C. Perl
D. Python
E. Pascal
5. Which command can you run to find more information about the proper syntax and options for AWS IoT commands from the CLI?
A. aws help
B. aws-iot list-commands
C. aws iot help
D. aws – help
6. What does the waiter allow you to do in Boto?
A. Order a pool of Amazon EC2 instances to be delivered to your Auto Scaling group.
B. Delete all unused Security Groups in your Amazon Virtual Private Cloud (Amazon VPC).
C. Wait for ordered infrastructure to become available before continuing.
D. Automatically distribute Amazon S3 data across regions.
7. In which situation would you use the AWS IoT Device SDK?
A. To order AWS IoT Buttons
B. To create a new AWS account to use for IoT
C. As a dashboard for performing analytics upon your IoT messages
D. To simplify the process of connecting things to the AWS IoT service
8. For the CLI commands that accept formatted files as input, the input file must be in which of the following formats?
A. Text format
B. JSON
C. Comma Separated Values (CSV)
D. XML
E. HTML
9. Which option allows you to filter output?
A. – filter
B. – find
C. – sort
D. – query
10. In what file are your Access Key and Secret Key stored after executing the aws configure command?
A. config
B. credentials
C. profile
D. awskeys
Chapter 3
Security and AWS Identity and Access Management (IAM)
THE AWS CERTIFIED SYSOPS ADMINISTRATOR – ASSOCIATE EXAM TOPICS COVERED IN THIS CHAPTER MAY INCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING:
Domain 1.0: Monitoring and Metrics
✔ 1.1 Demonstrate ability to monitor availability and performance
Domain 6.0: Security
✔ 6.1 Implement and manage security policies
✔ 6.2 Ensure data integrity and access controls when using the AWS platform
✔ 6.3 Demonstrate understanding of the shared responsibility model
✔ 6.4 Demonstrate ability to prepare for security assessment use of AWS
Content may include the following:
■ AWS platform compliance
■ AWS security attributes (customer workloads down to physical layer)
■ AWS administration and security services
■ AWS Identity and Access Management (IAM)
■ Amazon Virtual Private Cloud (Amazon VPC)
■ AWS CloudTrail
■ Amazon CloudWatch
■ AWS Config
■ Amazon Inspector
■ Ingress vs. egress filtering and which AWS Cloud services and features fit
■ Core Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Simple Storage Service (Amazon S3) security feature sets
■ Incorporating common conventional security products (firewall, Virtual Private Network [VPN])
■ Distributed Denial of Service (DDoS) mitigation
■ Encryption solutions (e.g., key services)
■ Complex access controls (e.g., sophisticated security groups, Access Control Lists [ACLs])
Security on AWS
AWS delivers a scalable cloud computing platform with high availability and dependability that provides the tools to enable you to run a wide range of applications. These tools assist you in protecting the confidentiality, integrity, and availability of your systems and data.
The AWS Certified SysOps Administrator – Associate exam focuses on how to use the AWS tool set to secure your account and your environment. The Security domain is 15 percent of this exam!
Before we go into the details of how AWS secures its resources, we talk about how security in the cloud is different than security in your on-premises datacenters. When you move computer systems and data to the cloud, security responsibilities become shared between you and your Cloud Services Provider (CSP). In this case, AWS is responsible for securing the underlying infrastructure that supports the cloud, and you’re responsible for anything that you put on the cloud or connect to the cloud. This shared responsibility model can reduce your operational burden in many ways, and in some cases, it may even improve your default security posture without any additional action on your part.
The amount of security configuration work you have to do varies depending on which services you select and how you evaluate the sensitivity of your data. However, there are certain security features – such as individual user accounts and credentials, Secure Sockets Layer (SSL)/Transport Layer Security (TLS) for data transmissions to encrypt data in transit, encryption of data at rest, and user activity logging – that you should configure no matter which AWS service you use.
AWS is responsible for protecting the global infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services. Protecting this infrastructure is AWS number one priority. Although you can’t visit our datacenters or offices to see this protection firsthand, we provide several reports from third-party auditors, which have verified our compliance with a variety of relevant computer security standards and regulations.