Auditing, monitoring, logging

Question 1

What are the 6 pillars of the well architected framework?

Answer 1

1. Security
2. Cost Optimization
3. Performance Efficiency
4. Operational Excellence
5. Reliability
6. Sustainability

Question 2

What is the purpose of CloudWatch?

Answer 2

• Giving visibility to cloud resources and applications (number EC2 instances, S3 buckets etc)
• tracking metrics in dashboards
• storing logs from many sources
• Can trigger events with cloudWatchAlarms

Question 3

What is the purpose of CloudTrail?

Answer 3

• Giving insights about accountability for action taken in your account.
• Centralizes activity logs in an S3 bucket
• Tracks only APO activity in your AWS account
• is like a trail of breadcrumbs about who, did what into your account.

Question 4

What is the benefit of using tags on your AWS resources?

Answer 4

for example you can easily track what resource (Lambda, EC2, Bucket) is part of your production environment. So you can use this tags in CloudWatch to filter

Question 5

What is Systems Manager?

Answer 5

• A tool that is able to group resources on:
• AWS
• On-premises
• or on other cloud platforms
• You can take automated action on resource groups
• You can view aggregated operation data

Question 6

What does Systems Manager Parameter Store do?

Answer 6

Securely store sensitive data like:
- passwords
- database strings

Question 7

What does AWS health Dashboard show?

Answer 7

It show what AWS services and regions are doing good / have issues.

Besides the dashboard there is also a API so you can build own dashboards

Question 8

On what topics can Trusted Advisor give recommendations?

Answer 8

• performance
• Cost optimization
• Service Limits
• Fault tolerance
• Operational Excellence

Question 9

What are 7 free trusted advisor checks?

Answer 9

• Are there open security groups?
• Are you using IAM Users? (not only root user)
• MFA Enabled
• Service getting close to there limits
• no public RDS snapshots
• No publics EBS volume snapshots
• Check if S3 buckets don’t have open access

Question 10

Which 6 topics should you audit in AWS?

Answer 10

1. Data encrypted (in rest or transit)
2. secure CloudTrail logs
3. public access configured correctly
4. Resource provisioning
5. Network security
6. protected (log-in credentials)

Question 11

What does AWS Config do for you?

Answer 11

Backbone of all auditing configurations in AWS
- Leveraging pre-defined recommendations
- Detect non-compliant resources and alerts admin
- does not enforce standards but audits adherence

Question 12

What does Audit Manager do for you?

Answer 12

• Centralizes audit data
• Find root causes and generate reports
• Provides pre-built auditing frameworks (like HIPAA - NIST Cyber security, AWS best practices and many more)

Question 13

What does the AWS Well-architected Tool do?

Answer 13

Assess workloads, generate action plans to apply the AWS well-architected framework.

Question 14

What is Amazon Connect?

Answer 14

Creates a call center - cloud based contact center

Question 15

What is Amazon Workspaces?

Answer 15

create secured desktops for remote employees

Question 16

What is Amazon AppStream?

Answer 16

Converts application to SaaS for employees/ end-users