Lec 2nd

Q-11 A company is defining its AWS multi-account

strategy. The company needs to control access to AWS
services and needs to consolidate billing across accounts.
Which AWS service should the company use to meet
these requirements?
A. AWS organizations
B. AWS Identity and Access Management(IAM)
C. AWS Billing and cost Management
D. Amazon Cognito

A. AWS organizations:-
Introducing AWS Organizations: AWS Organizations offers policy-based
management for multiple AWS accounts. Learn how Organizations helps you
more easily manage policies for groups of accounts and automate account
creation.
How it works: AWS Organizations lets you create new AWS accounts at no
additional charge. With accounts in an organization, you can easily allocate
resources, group accounts, and apply governance policies to accounts or
groups.

Benefits of AWS Organizations:-

 1. Quickly scale your environment by programmatically creating new AWS
accounts for your resources and teams at no additional charge.
2. Simplify user-based permission management to give teams the
freedom to build while staying within targeted governance boundaries
3. Manage and optimize costs across yours AWS accounts and resources
4. Centrally secure and audit your environment across all of your AWS
accounts

Use Cases:
1. Automate AWS account creation
2. Enable proactive protection with a dedicated security group
3. Ensure user access to designated resources
4. Share common resources across accounts

B. AWS Identity and Access Management(IAM):-

Why use IAM?
Use AWS Identity and Access Management (IAM) to manage and scale
workload and workforce access securely supporting your agility and innovation
in AWS.
How it works:- With AWS Identity and Access Management (IAM), you can
specify who or what can access services and resources in AWS, centrally
manage fine-grained permissions, and analyze access to refine permissions
across AWS.

Benefits of IAM:-
1. Set permission guardrails and fine-grained access
2. Manage workload and workforce identities across your AWS accounts
 3. Use temporary security credentials and permission sets to access your
AWS resources
4. Analyze access and validate IAM policies as you move toward least
privilege

Use cases:-
1. Apply fine-grained permissions and scale with attribute-based access
control
2. Manage per-account access or scale access across AWS accounts and
applications
3. Establish organization-wide and preventative guardrails on AWS
4. Set, verify, and right-size permissions toward least privilege

C. AWS Billing and cost Management:-

AWS Billing and Cost Management is a web service that provides features
that helps you pay your bills and optimize your costs. Amazon Web
Services bills your account for usage, which ensures that you pay only for
what you use.

D. Amazon Cognito:-
Introduction to Amazon Cognito:- Amazon Cognito processes more than
100 billion authentications per month. The service helps you implement
customer identity and access management (CIAM) into your web and mobile
applications. You can quickly add user authentication and access control to
your applications in minutes.

Benefits of Amazon Cognito:-

1. Frictionless, customizable customer IAM
2. Advanced security features for sign-up and sign-in
3. High- performing, scalable user directory .
4. Standards-based ,federated sign-in capabilities
How it works:- With Amazon Cognito, you can add user sign-up and sign-in
features and control access to your web and mobile applications. Amazon
Cognito provides an identity store that scales to millions of users, supports
social and enterprise identity federation, and offers advanced security features
to protect your consumers and business. Built on open identity standards,
Amazon Cognito supports various compliance regulations and integrates with
frontend and backend development resources.

Use cases:-
1. Engage customers with flexible authentication
2. Managa B2B identities
3. Secure machine-to-machine authentication
4. Get role-based access to AWS resources
Q13. A company wants to migrate to the AWS Cloud. The
company needs the ability to acquire resources when the
resources are necessary. The company also needs the ability
to release those resources when the resources are no longer
necessary. Which architecture concepts of the AWS Cloud
meets these requirements.
A. Elasticity
B. Availability
C. Reliability
D. Durability

A. Elasticity:- The ability to acquire resources as you need them and release
resources when you no longer need them. In the cloud, you want to do this
automatically.
B. Availability:- The percentage of time that a workload is available for use
where “available for use” means that it performs its agreed function when
required. Availability (also known as service availability ) is a commonly
used metric to quantitatively measure reliability
C. Reliability:- The ability of a workload to perform its intended function
correctly and consistently when it’s expected to. This includes the ability to
operate and test the workload through its total lifecycle.
D. Durability:- The ability of a system to remain functional when faced with
the challenges of normal operation over its lifetime.

Q14. An ecommerce company wants to provide relevant

product recommendations to its customers. The
recommendations will include products that are frequently
purchased with other products that the customer has already
purchased. The recommendations also will include products of a
specific color and products from the customer’s favorite brand.
Which AWS service or feature should the company use to meets
these requirements with the LEAST development effort?
 A. Amazon comprehend.
B. Amazon forecast.
C. Amazon personalize.

1. Amazon comprehend:- Derive and understand valuable insights from text

within documents.

How it works:- Amazon Comprehend is a natural-language processing (NLP)

service that uses machine learning to uncover valuable insights and
connections in text.

Use cases:-
1. Mine business and call center analytics
2. Index and search product reviews
3. Legal briefs management
4. Process financial documents

2. Amazon forecast:- Forecast business outcomes easily and accurately using

machine learning.

How it works:- Amazon Forecast is a time-series forecasting service based

on machine learning (ML) and built for business metrics analysis.
Use cases:-
1. Retail and inventory forecasting
2. Workforce planning
3. Travel demand forecasting

3. Amazon personalize:-

Why Amazon Personalize?

Amazon Personalize accelerates your digital transformation with ML,
making it easier to integrate personalized recommendations into existing
websites, applications, email marketing systems, and more.
How it works:
Amazon personalize allows developer to quickly build and deploy curated
recommendation and intelligent user segmentation at scale using machine
learning (ML). because Amazon Personalize can be tailored to your
individual needs, you can deliver the right customer experience at the right
time and in the right place. You can now use Amazon Personalize and
generative AI powered capabilities to quickly create hyper-personalization
experiences for your users.
Use cases:-
1. Optimize recommendations
2. Target customers more accurately
3. Maximize your data’s value
4. Promote items using business rules

Q15. Which AWS services provide encryption at rest for

Amazon RDS and for amazon Elastic Block
Store(Amazon EBS) volumes?
A. AWS Lambda
B. AWS key Management Service (AWS KMS)
C. AWS WAF

1. AWS Lambda:- Run code without thinking about servers or clusters

Why Lambda?
AWS Lambda is a compute service that runs your code in response to events
and automatically manages the compute resources, making it the fastest way
to turn an idea into a modern, production, serverless applications.
How it works:- AWS Lambda is a serverless, event-driven compute service that
lets you run code for virtually any type of application or backend service
without provisioning or managing servers. You can trigger Lambda from over
200 AWS services and software as a service (SaaS) applications, and only pay
for what you use.

AWS for every application:- AWS Lambda, a serverless compute service,

executes your code in response to events, handling compute resources for you.
Discover how AWS's comprehensive set of infrastructure capabilities and
services enables rapid and cost-effective modern applications development.
Use cases:-
1. Quickly process data at scale
2. Run interactive web and mobile backends
3. Enable powerful ML insights
4. Create event-driven applications

B. AWS key Management Service (AWS KMS):- Create and control keys used
to encrypt or digitally sign your data.
How it works:- AWS Key Management Service (AWS KMS) lets you create,
manage, and control cryptographic keys across your applications and AWS
services.
 What is AWS KMS?
Use AWS KMS to encrypt data across your AWS workloads, digitally sign data,
encrypt within your applications using AWS Encryption SDK, and generate and
verify message authentication codes (MACs).
AWS Key Management Service features:-
Overview:- AWS Key Management Service (KMS) gives you centralized control
over the cryptographic keys used to protect your data. The service is integrated
with other AWS services making it easier to encrypt data you store in these
services and control access to the keys that decrypt it. AWS KMS is also
integrated with AWS CloudTrail, which helps you audit who used which keys, on
which resources, and when. AWS KMS helps developers to more easily add
encryption or digital signature functionality to their application code either
directly or by using the AWS SDK. The AWS Encryption SDK supports AWS KMS
as a key provider for developers who need to encrypt/decrypt data locally
within their applications. इसके आगे और भी है website से दे ख लेना gandu
…

Use cases:-
1. Protect your data at rest
2. Encrypt and decrypt data
3. Sign and verify digital signatures
4. Build secure multi-tenant databases

C. AWS WAF:- Protect your web applications from common exploits

How it works:- AWS WAF helps you protect against common web exploits and
bots that can affect availability, compromise security, or consume excessive
resources.
Why AWS WAF?
With AWS WAF, you can create security rules that control bot traffic and block
common attack patterns such as SQL injection or cross-site scripting (XSS).

Q16. Which AWS service is deployed to VPCs and

provides protection from common network threats?
A. AWS shield
B. AWS WAF – हो चुका है ऊपर वाले question मे
C. AWS network firewall
D. AWS firewall manager

A. AWS shield:-
Maximize application availability and responsiveness with managed
DDoS protection
How it works:- AWS Shield is a managed DDoS protection service that
safeguards applications running on AWS.
Why AWS Shield?
AWS Shield Advanced is a tailored protection program that identifies threats
using exabyte-scale detection to aggregate data across AWS.

Use cases:-
1. Automatically scrub bad traffic at specific layers
2. Minimize application downtime and latency
3. Monitor and protect up to 1,000 resource types

C.AWS network firewall:-

Deploy network firewall security across your VPCs
Why AWS Network Firewall?
With AWS Network Firewall, you can create firewall rules that provide fine-
grained control over network traffic and easily deploy firewall security across
your VPCs.
How it works:-
With AWS Network Firewall, you can define firewall rules that provide fine-
grained control over network traffic. Network Firewall works together with
AWS Firewall Manager so you can build policies based on Network Firewall
rules and then centrally apply those policies across your virtual private clouds
(VPCs) and accounts.
Benefits of AWS Network Firewall:-
1. Automatically scale your network firewall to protect your managed
infrastructure
2. Protect your unique workloads with a flexible engine that can define
thousands of custom rules
3. Centrally manage security policies across existing accounts and VPC’s
and automatically enforce mandatory policies on new accounts
Use-cases:-
1. Inspect traffic flows using features such as inbound encrypted traffic
inspection, stateful inspection, protocol detection, and more.
2. Deploy outbound traffic filtering to prevent data loss, help meet
compliance requirements, and block known malware communications.

D. AWS firewall manager:-

Centrally configure and manage firewall rules across your accounts

How it works:-
AWS Firewall Manager is a security management service that allows you to
centrally configure and manage firewall rules across your accounts and
applications in AWS Organizations. As new applications are created, Firewall
Manager makes it easier to bring new applications and resources into
compliance by enforcing a common set of security rules.
 Use cases:-
1. Protect applications hosted on EC2 instances
2. Deploy tools at scale to protect data
3. Continually audit resources

Q17. A company has an environment that includes

Amazon EC2 instances . Amazon Lightsail , and on
premises server. The company wants to automate the
security updates for its operating system and
applications. Which solution will meet these
requirements with the LEAST operational effort?
A. Use AWS shield to identify and manage security events
B. Connect to each server by using a remote desktop connection.
Run an update script. समझ मे नह ीं आया मुझे एक बार अपने हहसाब से दे ख लेना
C. Use the AWS System Manager Patch Manager capability
D. Schedule Amazon Guad Duty to run on a nightly basis

A. Use AWS shield to identify and manage security events :-

हो चुका है no 16 मे .......

C. Use the AWS System Manager Patch Manager capability

https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager.html
इस ललींक पे जाना दे ख लेना अपने हहसाब से

D. Schedule Amazon Guad Duty to run on a nightly basis:-

 Protect your AWS accounts, workloads, and data with intelligent
threat detection

What is Guard Duty?

Amazon guard Duty combines ML and integrated threat intelligence from
AWS and leading third parties to help protect your AWS accounts, workloads,
and data from threats.

How it works:- Amazon guard Duty is a threat detection service that

continuously monitors your AWS accounts and workloads for malicious activity
and delivers detailed security findings for visibility and remediation.

Benefits of guard Duty:-

1. Keep your accounts, workloads, and data secure by continuously
monitoring for potential threats across your AWS environment.
2. Expose threats quickly using anomaly detection, machine learning (ML),
behavioural modelling, and threat intelligence feeds from AWS and
leading third parties.
3. Accurately detect and respond to threats earlier, helping you detect
them before they escalate to broader business-impacting events.
4. Scale threat detection across all accounts in your AWS environment
without requiring manual effort or third-party tooling.
5. Safeguard your accounts, data, and resources across various AWS
compute types, spanning Amazon Elastic Compute Cloud (Amazon EC2),
 serverless workloads, and container workloads—including those on AWS
Faregate.

Guard Duty for AWS workload protection:-

1. Guard Duty S3 protection

2. Guard Duty EKS protection
3. Guard Duty EKS Runtime Monitoring
4. Guard Duty ECS Runtime Monitoring
5. Guard Duty EC2 Runtime Monitoring
6. Guard Duty Malware Protection
7. Guard Duty RDS Protection
8. Guard Duty Lambda Protection

Use cases:-
1. Detect suspicious activity in your generative AI workload
2. Accelerate investigations and automate remediation
3. Protect against ransomware and other types of malwares
4. Centralize threat detection for AWS container workloads
5. More easily meet compliance requirements, like PCI DSS