AWS Config

Question 1

What is AWS Config?

Answer 1

Managed service that provides you with AWS resource inventory, configuration history, and configuration change notifications that enable security and governance.

Question 2

What does AWS Config enable for compliance requirements?

Answer 2

• Compliance auditing
• Security Analysis
• Resource Tracking

Question 3

What does AWS Config provide for compliance and governance?

Answer 3

• Configuration snapshots

- Automated compliance checking

Question 4

True or false: AWS Config provides automated compliance checking through notifications when changes occur?

Answer 4

True.

Question 5

AWS Config is region specific; true or false?

Answer 5

True. AWS Config must be set up for each region as of 2019.

Question 6

in AWS Config, what is a Configuration item?

Answer 6

Point-in-time attributes of a resource

Question 7

in AWS Config, what is a configuration snapshot?

Answer 7

A collection of config items

Question 8

in AWS Config, what is a configuration stream?

Answer 8

A stream of changed config items

Question 9

in AWS Config, what is a configuration history

Answer 9

A collection of config items for a resource over time

Question 10

in AWS Config, what is a configuration recorder

Answer 10

The configuration of Config that records and stores config items

Question 11

Where are AWS Config Recorder logs stored?

Answer 11

S3

Question 12

True or false: When AWS Config detects a change, AWS Config Recorder sends notifications through SES?

Answer 12

False: Config changes are sent via SNS.

Question 13

Does AWS Config allows you to see resource types?

Answer 13

Yes

Question 14

True or false, AWS Config displays resource IDs?

Answer 14

True

Question 15

True or false, AWS Config cannot show compliance status?

Answer 15

False. AWS Config is used for compliance monitoring

Question 16

True or False: AWS Config Timeline displays Configuration details

Answer 16

True

Question 17

True or False: AWS Config Timeline displays relationships?

Answer 17

True

Question 18

True or False: AWS Config Timeline displays CloudWatch events?

Answer 18

False

Question 19

True or False: AWS Config Timeline displays changes made?

Answer 19

True

Question 20

True or False: AWS Config Timeline displays website performance metrics?

Answer 20

False

Question 21

True or False: AWS Config Timeline displays CloudTrail Events?

Answer 21

True

Question 22

True or False: AWS Config compliance checks have two kinds of triggers?

Answer 22

True

Question 23

What are the two types of AWS Config compliance triggers?

Answer 23

• Periodic

- Configuration snapshop delivery

Question 24

How many AWS managed rules exist

Answer 24

About 40

Question 25

Permission settings for AWS Config

Answer 25

• An IAM role with:
• • Read-only permissions to recorded resources,
• • Write access to S3 logging bucket
• • Publish access to SNS

Question 26

Should you give all users with monitor roles admin access to AWS Config?

Answer 26

No. Provide read-only access for day-to-day monitoring.

Question 27

Should AWS Config administrators be given read-only access to AWS Config?

Answer 27

No. Provide administrative access for AWS Config administrators.

Question 28

Should you check out the AWS Config FAQ?

Answer 28

Yes. https://aws.amazon.com/config/faq/