❎
TutorialsDojo Wrong Answers
  • Points to remember for the exam
  • Jon Bonso (TutorialsDojo) Test Scores
  • Test 1 (70%)
    • Tracking Policies
    • Run an ECS Task When a File is Uploaded to an S3 Bucket using CloudWatch Events
    • Choosing the right Partition Key
    • Choosing the right EBS volume type
    • Throttle API requests for better throughput
    • Optimizing high availability with CloudFront origin failover
    • Storage Gateway vs FSx
    • RDS Read Replicas vs Multi-AZ Deployments
    • RDS Enhanced Monitoring & CloudWatch
    • Lifecycle Policies
    • Redshift enhanced VPC routing
    • Querying external data using Amazon Redshift Spectrum
    • How to Connect Your On-Premises Active Directory to AWS Using AD Connector
    • NAT Gateways
    • EC2 Auto Scaling
    • IAM database authentication for MySQL and PostgreSQL
    • SUMMARY
  • Test 2 (69%)
    • Synchronous & Asynchronous Lambda
    • S3 Static Website Hosting & CloudFront
    • Shard Iterator Expires Unexpectedly
    • Bastion Host Architecture
    • CodeDeploy deployment types
    • Route 53 Geolocation vs Route 53 Geopriximity vs CloudFront geo-restriction
    • VPC IP Addresses
    • SQS Message Retention
    • Routing traffic to a website that is hosted in a S3 bucket
    • Choosing the right EBS volume type
    • EBS Volumes Facts
    • Auto Scaling Group Cooldown Period
    • Monitoring memory and disk metrics for EC2 instances
    • Geoproximity vs Geolocation
    • VPC Endpoints
    • Edge to edge routing
    • Temporary security credentials in IAM
    • Configuring instances in different subnets to communicate to each other
    • SUMMARY
  • Test 3 (66%)
    • S3 Consistency
    • Selling in the Reserved Instance Marketplace
    • DDoS Mitigation
    • Managing Throughput Capacity Automatically with DynamoDB Auto Scaling
    • Kinesis Data Streams
    • S3 Single PUT Limit
    • CloudFormation Resource Attributes
    • Redshift
    • S3 Glacier Provisioned Capcity
    • Launch Configurations
    • Active-active and active-passive failover
    • File Gateway vs Volume Gateway
    • EC2 Instance Store Lifetime
    • RDS Backups for over 35 days
    • Simple Workflow Service (SWF)
    • EC2 Service Limits
    • Restricting Access to S3 Content by using an Origin Access Identity (OAI)
    • NACL Rules
    • Cross-account access to objects that are stored in S3 buckets
    • S3 Encryption
    • SUMMARY
  • Test 4 (82%)
    • Importing an SSL/TLS Certificate
    • S3 Network Costs
    • Step Functions vs SWF
    • EBS Performance vs S3
    • Global Accelerator
    • Provisioned IOPS SSD Volumes
    • SWF
    • RAID 0 vs RAID 1
    • RDS Enhanced Monitoring
    • AWS X-Ray
    • VPC Security Groups
    • Federating users by creating a custom identity broker application
    • SUMMARY
  • Test 5 (72%)
    • AWS Storage Gateway Hardware Appliance
    • General Purpose SSD volumes (gp2)
    • SQS short and long polling
    • EFA vs ENA vs ENI vs ParallelCluster
    • Auto Scaling lifecycle hooks
    • High availability for Aurora
    • Redshift vs Aurora
    • CloudFormation Outputs
    • Setting Up Route 53 Zone Apex Support with a Load Balancer
    • What is encrypted in EBS?
    • Systems Manager Run Command
    • Establish a connection to your EC2 instance
    • IAM
    • Amazon WorkSpaces
    • Usability of EBS Volumes while Snapshots are being created
    • Access logs for your ELBs
    • API Gateway HTTPS Endpoint
    • "Server refused our key" error
    • SUMMARY
  • Test 6 (78%)
    • Managing how long content stays in the cache (expiration)
    • Troubleshooting instance launch issues
    • Enhanced networking on Linux Instances
    • Best practices for working with MySQL storage engines
    • Replication with Aurora
    • Using Lambda with Kinesis
    • Inter-Region VPC Peering
    • Multi-AZ Cost Optimization
    • RDS Multi-AZ Deployments
    • RDS encryption in-transit (SSL)
    • Require that objects grant the bucket owner full control
    • Identity Federation
    • Enabling internet access in a VPC
    • Endpoint groups for standard accelerators in Global Accelerator
    • SUMMARY
  • Final Test
    • SQS FIFO + SWF
    • Bastion Host Login
    • Redshift Cross-Region Snapshots
    • Default VPC vs Non-default VPC DNS
    • Customer Gateway
    • Bucket owner granting cross-account bucket permissions
Powered by GitBook
On this page

Was this helpful?

  1. Test 6 (78%)

Identity Federation

  • SAML 2.0 - An open federation standard that allows an identity provider (IdP) to authenticate users and pass identity and security information about them to a service provider (SP). Users authenticate with the IdP once using a single set of credentials, and then get access to multiple applications and services without additional sign-ins.

  • Active Directory Federation Services (AD FS) - It authenticates the user against Active Directory and temporary credentials are returned using STS AssumeRoleWithSAML.

  • Custom Identity Broker - Write code to create a URL that lets users who sign in to your organization's network securely access the AWS Management Console. Used if your identity store is not compatible with SAML 2.0.

  • Web Identity Federation - Users of your app can sign in using a well-known external identity provider (IdP), such as Login with Amazon, Facebook, Google, or any other OpenID Connect (OIDC)-compatible IdP.

  • Cognito - Preferred way to use web identity federation.

PreviousRequire that objects grant the bucket owner full controlNextEnabling internet access in a VPC

Last updated 4 years ago

Was this helpful?