Question : QuickTechie.com sys admin has enabled logging on ELB. Which of the below mentioned fields will not be a part of the log file name? 1. Load Balancer IP 2. EC2 instance IP 3. S3 bucket name 4. Random string
Correct Answer : 2 Elastic Load Balancing access logs capture detailed information for all the requests made to the load balancer. Elastic Load Balancing publishes a log file from each load balancer node at the interval that the user has specified. The load balancer can deliver multiple logs for the same period. Elastic Load Balancing creates log file names in the following format: "{Bucket}/{Prefix}/AWSLogs/{AWS AccountID}/elasticloadbalancing/{Region}/{Year}/{Month}/{Day}/{AWS Account ID}_elasticloadbalancing_{Region}_{Load Balancer Name}_{End Time}_{Load Balancer IP}_{Random String}.log"
Question : HadoopExam.com sysadmin has created a queue named "awsmodule" with SQS for getting info on new learner. One of the consumers of queue is down for 3 days and then becomes available. Will that component receive message from queue? 1. Yes, since SQS by default stores message for 4 days 2. No, since SQS by default stores message for 1 day only 3. No, since SQS sends message to consumers who are available that time 4. Yes, since SQS will not delete message until it is delivered to all consumers
Correct Answer : 1
SQS allows the user to move data between distributed components of applications so they can perform different tasks without losing messages or requiring each component to be always available. Queues retain messages for a set period of time. By default, a queue retains messages for four days. However, the user can configure a queue to retain messages for up to 14 days after the message has been sent.
Question : QuickTechie.com has setup multiple IAM users. The organization wants that each IAM user accesses the IAM console only within the organization and not from outside. How can it achieve this?
1. Create an IAM policy with the security group and use that security group for AWS console login 2. Create an IAM policy with a condition which denies access when the IP address range is not from the organization 3. Configure the EC2 instance security group which allows traffic only from the organization's IP range 4. Create an IAM policy with VPC and allow a secure gateway between the organization and AWS Console
Correct Answer : 2
Explanation: AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The user can add conditions as a part of the IAM policies. The condition can be set on AWS Tags, Time, and Client IP as well as on many other parameters. If the organization wants the user to access only from a specific IP range, they should set an IAM policy condition which denies access when the IP is not in a certain range. E.g. The sample policy given below denies all traffic when the IP is not in a certain range. "Statement": [{ "Effect": "Deny", "Action": "*", "Resource": "*", "Condition": { "NotIpAddress": { "aws:SourceIp": ["10.10.10.0/24", "20.20.30.0/24"] } } }]
1. As he is not an owner, he can not delete the object from bucket. 2. He can do all the operations on the bucket 3. Access Mostly Uused Products by 50000+ Subscribers 4. The IAM user can perform all operations on the bucket using only API/SDK