AWS SAA Exam (Concepts) UPDATED
ACTUAL Questions and CORRECT
Answers
Region - CORRECT ANSWER - Regions in AWS refer to geographical locations around
the world where AWS data centers are located. Each region is a separate geographic area that
consists of multiple availability zones. AWS regions allow users to deploy resources close to
their end-users or in specific geographic locations for compliance purposes.
AZ - CORRECT ANSWER - Availability Zones (AZs) in AWS are isolated locations
within a region for fault tolerance. They provide redundancy and scalability by ensuring
resources are spread across multiple data centers. AZs enable high availability, fault isolation,
load balancing, disaster recovery, and compliance with data residency requirements.
IAM - CORRECT ANSWER - IAM (Identity and Access Management) is AWS's service
for securely managing user access to resources. It controls permissions, supports auditing, and
integrates with other AWS services.
IAM Users - CORRECT ANSWER - Individuals or services granted access to AWS
resources. Managed via IAM, users have credentials and defined permissions. They can belong
to groups for easier management, and their access can be controlled and monitored through
policies for security and compliance.
IAM Groups - CORRECT ANSWER - Groups allow for easier management of
permissions by assigning policies to multiple users simultaneously. This simplifies access control
and ensures consistency across users with similar roles or responsibilities.
IAM Policies - CORRECT ANSWER - JSON documents defining permissions for IAM
users, groups, or roles. They specify what actions can be performed on which resources. Policies
can be attached to identities or resources, allowing fine-grained access control and security
management within AWS.
,IAM MFA - CORRECT ANSWER - An extra layer of security for IAM users, requiring an
additional verification step beyond username and password, typically a temporary code from a
physical or virtual device. MFA strengthens account protection against unauthorized access.
Access Keys - CORRECT ANSWER - Credentials used by applications or users to access
AWS services programmatically. Consists of an access key ID and a secret access key. Access
keys are essential for authentication in API requests and should be kept secure.
SDKs - CORRECT ANSWER - Tools and libraries provided by AWS for developing
applications that interact with AWS services. SDKs are available in multiple programming
languages, facilitating seamless integration and simplifying the process of building, deploying,
and managing applications on AWS.
CLI - CORRECT ANSWER - A unified tool for managing AWS services from the
command line. It provides a set of commands for performing tasks such as managing resources,
configuring services, and automating workflows. The AWS CLI offers flexibility and efficiency
in interacting with AWS services programmatically.
AWS Cloudshell - CORRECT ANSWER - A browser-based, interactive shell environment
provided by AWS. It offers a command-line interface pre-configured with AWS CLI and other
tools, enabling users to manage AWS resources directly from the browser without needing to
install or configure additional software.
IAM Roles for AWS Services - CORRECT ANSWER - IAM entities with temporary
credentials that AWS services assume to perform actions on your behalf. These roles enable
secure access and simplify permissions management for services like Lambda, EC2, and others,
enhancing security and reducing the need for long-term credentials.
IAM Security Tools - CORRECT ANSWER - AWS services and features used to enhance
the security of IAM (Identity and Access Management). These tools include IAM Access
Analyzer, IAM Policy Simulator, and IAM Credentials Report, providing insights, simulations,
and monitoring to help secure IAM configurations and permissions effectively.
,IAM Best Practices - CORRECT ANSWER - These practices include implementing the
principle of least privilege, regularly reviewing and auditing permissions, enabling MFA, using
IAM roles for temporary access, and leveraging IAM policies and groups for centralized
management and consistency.
EC2 - CORRECT ANSWER - A web service that provides resizable compute capacity in
the cloud. It allows users to launch virtual servers (instances) and scale capacity up or down as
needed. EC2 instances can be used for a variety of computing tasks, from hosting websites to
running complex applications.
EC2 User Data - CORRECT ANSWER - A feature allowing users to pass metadata to EC2
instances during launch. This data can be scripts, commands, or configuration files, enabling
automated setup and customization of instances. Useful for tasks such as software installation,
configuration, and bootstrapping.
EC2 instance types - CORRECT ANSWER - t3.micro: Entry-level instance suitable for
low-traffic applications and testing.
m5.large: General-purpose instance offering balanced compute, memory, and networking
resources.
c5.xlarge: Compute-optimized instance designed for CPU-intensive workloads.
r5.large: Memory-optimized instance optimized for memory-intensive applications and
databases.
p3.2xlarge: GPU-accelerated instance ideal for machine learning and graphics processing tasks.
Security Groups (EC2) - CORRECT ANSWER - Virtual firewalls controlling inbound and
outbound traffic for EC2 instances and other AWS resources. They act as a fundamental layer of
security, allowing users to define rules that permit or deny specific types of traffic based on
protocols, ports, and IP ranges.
, Common EC2 Ports - CORRECT ANSWER - SSH (Secure Shell): Port 22
FTP (File Transfer Protocol): Port 21
SFTP (SSH File Transfer Protocol): Port 22 (uses SSH)
HTTP (Hypertext Transfer Protocol): Port 80
EC2 Instance Connect - CORRECT ANSWER - A feature allowing users to securely
access EC2 instances using the AWS Management Console or CLI without needing to manage
SSH keys manually. It leverages IAM policies for fine-grained control over who can access
instances, enhancing security and simplifying access management.
EC2 Instance Purchasing Options - CORRECT ANSWER - Users can choose between On-
Demand Instances (pay-as-you-go), Reserved Instances (discounted for long-term
commitments), Spot Instances (bid-based pricing), and Dedicated Hosts (physical servers for
compliance). Each option offers different pricing models and flexibility based on workload
requirements and budget constraints.
Spot Instances - CORRECT ANSWER - AWS EC2 instances available at significantly
reduced prices compared to On-Demand instances. Users bid for spare capacity, and if the bid
price exceeds the Spot price, instances are terminated with a two-minute notice. Spot Instances
are suitable for fault-tolerant, flexible, and cost-effective workloads.
Spot Fleet - CORRECT ANSWER - A feature allowing users to provision a collection of
Spot Instances, On-Demand Instances, and optionally Reserved Instances or Scheduled
Instances, within a single request. Spot Fleets help optimize costs and availability by combining
various instance types and pricing models to meet workload requirements efficiently.
EC2 Launch Types - CORRECT ANSWER - On-Demand Instances: Pay-as-you-go
pricing with no long-term commitments.
Reserved Instances: Discounted pricing for 1- or 3-year commitments.
Spot Instances: Bid-based pricing for spare AWS capacity, offering potential cost savings.
Dedicated Hosts: Physical servers dedicated to your use, offering compliance and licensing
benefits.
ACTUAL Questions and CORRECT
Answers
Region - CORRECT ANSWER - Regions in AWS refer to geographical locations around
the world where AWS data centers are located. Each region is a separate geographic area that
consists of multiple availability zones. AWS regions allow users to deploy resources close to
their end-users or in specific geographic locations for compliance purposes.
AZ - CORRECT ANSWER - Availability Zones (AZs) in AWS are isolated locations
within a region for fault tolerance. They provide redundancy and scalability by ensuring
resources are spread across multiple data centers. AZs enable high availability, fault isolation,
load balancing, disaster recovery, and compliance with data residency requirements.
IAM - CORRECT ANSWER - IAM (Identity and Access Management) is AWS's service
for securely managing user access to resources. It controls permissions, supports auditing, and
integrates with other AWS services.
IAM Users - CORRECT ANSWER - Individuals or services granted access to AWS
resources. Managed via IAM, users have credentials and defined permissions. They can belong
to groups for easier management, and their access can be controlled and monitored through
policies for security and compliance.
IAM Groups - CORRECT ANSWER - Groups allow for easier management of
permissions by assigning policies to multiple users simultaneously. This simplifies access control
and ensures consistency across users with similar roles or responsibilities.
IAM Policies - CORRECT ANSWER - JSON documents defining permissions for IAM
users, groups, or roles. They specify what actions can be performed on which resources. Policies
can be attached to identities or resources, allowing fine-grained access control and security
management within AWS.
,IAM MFA - CORRECT ANSWER - An extra layer of security for IAM users, requiring an
additional verification step beyond username and password, typically a temporary code from a
physical or virtual device. MFA strengthens account protection against unauthorized access.
Access Keys - CORRECT ANSWER - Credentials used by applications or users to access
AWS services programmatically. Consists of an access key ID and a secret access key. Access
keys are essential for authentication in API requests and should be kept secure.
SDKs - CORRECT ANSWER - Tools and libraries provided by AWS for developing
applications that interact with AWS services. SDKs are available in multiple programming
languages, facilitating seamless integration and simplifying the process of building, deploying,
and managing applications on AWS.
CLI - CORRECT ANSWER - A unified tool for managing AWS services from the
command line. It provides a set of commands for performing tasks such as managing resources,
configuring services, and automating workflows. The AWS CLI offers flexibility and efficiency
in interacting with AWS services programmatically.
AWS Cloudshell - CORRECT ANSWER - A browser-based, interactive shell environment
provided by AWS. It offers a command-line interface pre-configured with AWS CLI and other
tools, enabling users to manage AWS resources directly from the browser without needing to
install or configure additional software.
IAM Roles for AWS Services - CORRECT ANSWER - IAM entities with temporary
credentials that AWS services assume to perform actions on your behalf. These roles enable
secure access and simplify permissions management for services like Lambda, EC2, and others,
enhancing security and reducing the need for long-term credentials.
IAM Security Tools - CORRECT ANSWER - AWS services and features used to enhance
the security of IAM (Identity and Access Management). These tools include IAM Access
Analyzer, IAM Policy Simulator, and IAM Credentials Report, providing insights, simulations,
and monitoring to help secure IAM configurations and permissions effectively.
,IAM Best Practices - CORRECT ANSWER - These practices include implementing the
principle of least privilege, regularly reviewing and auditing permissions, enabling MFA, using
IAM roles for temporary access, and leveraging IAM policies and groups for centralized
management and consistency.
EC2 - CORRECT ANSWER - A web service that provides resizable compute capacity in
the cloud. It allows users to launch virtual servers (instances) and scale capacity up or down as
needed. EC2 instances can be used for a variety of computing tasks, from hosting websites to
running complex applications.
EC2 User Data - CORRECT ANSWER - A feature allowing users to pass metadata to EC2
instances during launch. This data can be scripts, commands, or configuration files, enabling
automated setup and customization of instances. Useful for tasks such as software installation,
configuration, and bootstrapping.
EC2 instance types - CORRECT ANSWER - t3.micro: Entry-level instance suitable for
low-traffic applications and testing.
m5.large: General-purpose instance offering balanced compute, memory, and networking
resources.
c5.xlarge: Compute-optimized instance designed for CPU-intensive workloads.
r5.large: Memory-optimized instance optimized for memory-intensive applications and
databases.
p3.2xlarge: GPU-accelerated instance ideal for machine learning and graphics processing tasks.
Security Groups (EC2) - CORRECT ANSWER - Virtual firewalls controlling inbound and
outbound traffic for EC2 instances and other AWS resources. They act as a fundamental layer of
security, allowing users to define rules that permit or deny specific types of traffic based on
protocols, ports, and IP ranges.
, Common EC2 Ports - CORRECT ANSWER - SSH (Secure Shell): Port 22
FTP (File Transfer Protocol): Port 21
SFTP (SSH File Transfer Protocol): Port 22 (uses SSH)
HTTP (Hypertext Transfer Protocol): Port 80
EC2 Instance Connect - CORRECT ANSWER - A feature allowing users to securely
access EC2 instances using the AWS Management Console or CLI without needing to manage
SSH keys manually. It leverages IAM policies for fine-grained control over who can access
instances, enhancing security and simplifying access management.
EC2 Instance Purchasing Options - CORRECT ANSWER - Users can choose between On-
Demand Instances (pay-as-you-go), Reserved Instances (discounted for long-term
commitments), Spot Instances (bid-based pricing), and Dedicated Hosts (physical servers for
compliance). Each option offers different pricing models and flexibility based on workload
requirements and budget constraints.
Spot Instances - CORRECT ANSWER - AWS EC2 instances available at significantly
reduced prices compared to On-Demand instances. Users bid for spare capacity, and if the bid
price exceeds the Spot price, instances are terminated with a two-minute notice. Spot Instances
are suitable for fault-tolerant, flexible, and cost-effective workloads.
Spot Fleet - CORRECT ANSWER - A feature allowing users to provision a collection of
Spot Instances, On-Demand Instances, and optionally Reserved Instances or Scheduled
Instances, within a single request. Spot Fleets help optimize costs and availability by combining
various instance types and pricing models to meet workload requirements efficiently.
EC2 Launch Types - CORRECT ANSWER - On-Demand Instances: Pay-as-you-go
pricing with no long-term commitments.
Reserved Instances: Discounted pricing for 1- or 3-year commitments.
Spot Instances: Bid-based pricing for spare AWS capacity, offering potential cost savings.
Dedicated Hosts: Physical servers dedicated to your use, offering compliance and licensing
benefits.
