Governance

Question 1

What is needed for creating AWS Organizations

Answer 1

Logging Account (which will hold S3 buckets for logging to Cloudtrail)

Primary Account for using for consolidated billing

Question 2

How to create Global Policy for accounts in AWS Organizations and only way to restrict what root account can do

Answer 2

Service Control Policy (SCP)

Question 3

How to Share RIs across multiple accounts

Answer 3

AWS Organizations
&
AWS RAM

Question 4

Free service that allows you to share AWS resources with other accounts such as VPC and Transit Gateways

Answer 4

AWS RAM

Question 5

TRUE or FALSE AWS RAM can only share resources with accounts in your AWS Organization

Answer 5

False, can also do it with accounts that are outside your org

Question 6

If you need to share resources in the same region which AWS service should you use?

Answer 6

AWS RAM

Question 7

If you need to share VPC resources cross-regionally what should you use?

Answer 7

VPC Peering

Question 8

If I have a temp employee that needs access across my AWS accounts what can I do?

Answer 8

Give them temporary Role access

Question 9

Inventory Management and control tool to see what you have in your AWS account, enforce standards, and notify you when state of architecture changes

Answer 9

AWS Config

Question 10

3 Key functionalities of AWS Config

Answer 10

Query resources

Create Rules to enforce what is happening (prevent public S3 buckets) for compliance

Can tell history of env

Question 11

TRUE or FALSE AWS Config Rules can have remediation steps taken automatically

Answer 11

True, can setup Automation Documents or use Lambda

Question 12

Fully managed AD service for when we want to migrate everything to AWS for AD management

Answer 12

Microsoft AD

Question 13

Fully managed AD for when we want to leave AD on-prem

Answer 13

AD Connector

Question 14

Easy to use tool that allows us to visualize our cost in reports and can allocate costs on resource tags

Answer 14

AWS Cost Explorer

Question 15

Service I can use to forcast how much I will spend based on my billing history.

Answer 15

AWS Cost Explorer

Question 16

Allows Organizations to easily plan and set expectations across cost, allocate spend, and can set alerts when getting close to budget.

Answer 16

AWS Budgets

Question 17

4 types of budgets that can be used with AWS Budgets

Answer 17

Cost Budgets
Usage Budgets
Reservations Budget
Savings Plan Budgets

Question 18

Where does AWS CUR publish billing reports as CSV

Answer 18

To centralized S3 bucket

Question 19

How can costs be broken down in AWS CUR

Answer 19

time span,
service and resource
tag

Question 20

AWS service that has most comprehensive set of cost and usage data

Answer 20

AWS CUR (Cost and Usage Reports)

Question 21

What services does AWS CUR integrate with?

Answer 21

Athena
Redshift
Quicksight

Question 22

Services that work with AWS Compute Optimizer Resources

Answer 22

EC2
ASG
EBS
Lambda

Question 23

Supported Account types with AWS Compute Optimizer Resources

Answer 23

Standalone
Member Account
Management Account in an Organization

Question 24

Compatibile service with AWS Compute Savings Plans

Answer 24

EC2, Lambda, and Fargate

Question 25

How to get higher savings plan if just want to save with EC2 instances not necessarily other Compute resources

Answer 25

EC2 Instance Savings

Question 26

Save $$ on Sage Maker

Answer 26

SageMaker Savings

Question 27

What does AWS Compute Optimizer offer?

Answer 27

Recommendations based on usage metrics in your account

Question 28

What are 5 things Trusted Advisor checks for

Answer 28

cost optimization, preformance security, fault tolerance service limit checks

Question 29

Is Trusted Advisor a Paid service?

Answer 29

No, although you get some checks out of the box for free some are paid

Question 30

How to set up alerts with Trusted Advisor?

Answer 30

SNS, and can use Eventbridge and Lambda to address problems

Question 31

Orchastration service that automates account creation and security controls and monitor account usage which is an extension of AWS Organizations

Answer 31

AWS Control Tower

Question 32

High level rules provide continous governance of AWS ENV created with Control Tower

Answer 32

Guardrails

Question 33

Automated deployments of templates in either Org unit or Org using config rules can be done with which AWS Service

Answer 33

AWS Control Tower

Question 34

How to manage Licenses in AWS in a centralized way and control visibility and usage of licenses across services

Answer 34

AWS License Manager

Question 35

Provides visibility of resources, preformance, and availability of AWS services in AWS Accounts and attempts to give you timely alerts for preventions of potential problems

Answer 35

AWS Health

Question 36

Dashboard showing all public health events going on in AWS

Answer 36

AWS Health Dashboard

Question 37

Allows orgs to create managed catalogs of approved IT services that can be centralized managed with Orgs

Answer 37

AWS Managed Catalogs

Question 38

What is a Catalog Template behind the scenes (which AWS Service)

Answer 38

CloudFormation Template

Question 39

AWS Service that manages infrastructure and deployment tooling of applications IaC of serverless and container architectures

Answer 39

AWS Proton

Question 40

Which template are supported with AWS Proton

Answer 40

Cloudformation Teraform

Question 41

6 Pillars of Well-Architected Framework

Answer 41

Operational Excellence Reliability Security Preformance Efficency Cost Optimization Sustainability

Question 42

Service that provides a consistent process that measures cloud architecture against 6 pillars

Answer 42

AWS Well-Architected Tool

Question 43

What Service can be used to preform vulnerability scans on EC2 servers?

Answer 43

AWS Inspector