Section 18 - Account Management, Billing & Support Flashcards by andy olk

With AWS Organizations, the main account is called the master account and all of the other accounts are called

Grogu accounts
Smaller accounts
Child accounts
Bastard stepchildren accounts

child accounts

How well did you know this?

Not at all

Perfectly

All of the following are cost benefits of AWS Organization (choose three)

A - Aggregate costs (volume discounts offered for services for combined accounts)

B - Consolidated bill (one bill to cover the multiple accounts)

C - Annual discount (only charged for 10.5 months)

D - Reserved Instance resource can be shared amongst accounts (pooling of EC2 reserved instances for optimal savings)

E - Discount on RDS and Dynamo DB services

`A, B, & D

How well did you know this?

Not at all

Perfectly

AWS Organizations can restrict account privileges usings:

Service Command Protocol (SCP)
Service Control Policy (SCP)
Service Planning Cannery (SPC)
Account Control (AC)

Service Control Policy

How well did you know this?

Not at all

Perfectly

With AWS Organization, ___ is available to automate account creation:

API
Cheap labor
JSON scripting
Account Creation Tool (ACT)

API

How well did you know this?

Not at all

Perfectly

AWS Organizations - two strategies for multiple accounts are (choose two)

One account with multiple VPCs
Rotating accounts
Slingshot account manuevers
Multiple accounts

one account with multiple VPCs
multiple accounts

How well did you know this?

Not at all

Perfectly

AWS multi account strategy (choose two)

enable CloudTrail on just the main account and send logs to central S3 account

send CloudWatch logs to all accounts

send CloudWatch logs to central account

enable Cloudtrail on all accounts and send logs to the central S3 account

send CloudWatch logs to the central account
enable CloudTrail on all accounts and send logs to S3 on just the central account

How well did you know this?

Not at all

Perfectly

True or False - When using AWS Organizations, you can nest OUs inside of other OUs

True

How well did you know this?

Not at all

Perfectly

True or False:

Service Control Policies can be used to whitelist or blacklist IAM acionts

true

How well did you know this?

Not at all

Perfectly

Service Control Policy (SCP) can be applied at the following levels (choose two)

Bottom
Account
OU
Top

Account, OU

How well did you know this?

Not at all

Perfectly

Service Control Policy is applied to:

Only the root user
Only the non root users and some roles
all the Users and Roles (including Root)
all the kings horses and all the kings men

all the Users and Roles (including Root)

How well did you know this?

Not at all

Perfectly

SCP (Service Control Protocol) (does/does not) affect service-linked roles

does not

How well did you know this?

Not at all

Perfectly

Service-linked roles:

enable other AWS services to integrate with AWS Organizations
enable other AWS roles to integrate with bagels and butter
prevent other AWS services from integrating with AWS Organizations
are made of chain metal

enable other AWS services to integrate with AWS Organizations

How well did you know this?

Not at all

Perfectly

SCP (Service Control Protocol) (does/does not) apply to the Master Account

does not

How well did you know this?

Not at all

Perfectly

What is a typical use case for SCP (Service Control Protocol) - choose two

Enforce PCI compliance by explicitly disabling services
allow access to all services
restrict access to certain services (for example, can’t use EMR)
restrict access to accessing restrictions

enforce PCI compliance by explicitly disabling services
restrict access to certain services (for example, can’t use EMR)

How well did you know this?

Not at all

Perfectly

with Service Control Policy, how many levels OU can be created

three
five
two
ten

five

How well did you know this?

Not at all

Perfectly

Deny List
Allow List

A - Most restrictive. actions are prohibited by default, and you specify what services and actions are allowed

B - Default setting. which is actions are allowed by default, and you specify what services and actions are prohibited

Deny - B
Allow - A

How well did you know this?

Not at all

Perfectly

Deny List
Allow List

A - Most restrictive. actions are prohibited by default, and you specify what services and actions are allowed

B - Default setting. which is actions are allowed by default, and you specify what services and actions are prohibited

Deny - B
Allow - A

How well did you know this?

Not at all

Perfectly

Service Control Policies (SCP) apply

apply to internal users and roles and external users
apply to external users only
apply to external users and internal users named Fred
apply to internal users only, not to external users

apply to internal users only, not to external users

How well did you know this?

Not at all

Perfectly

By default, AWS Organizations attaches an AWS managed policy called ____ to all roots, OUs, and accounts.

ManagedAll
FullAWSAccess
AWSAccess
ManagedAWSAccess

FullAWSAccess

How well did you know this?

Not at all

Perfectly

The _______ deny is when the administrator has selected the Deny option for a permission for a user or group. This Deny takes precedence over all allowed settings

Example: If the administrator has set the Deny Read option on an object for a group, all members of that group are not able to read the object. If the administrator adds a user and gives them the Allow Read permission, if that user is a member of that group, they still are not able to read the object.

Implicit
Implied
Declined
Explicit

Explicit

How well did you know this?

Not at all

Perfectly

An _____ deny is when a user or group are not granted a specific permission in the security settings of an object, but they are not explicitly denied either.

Granting permission to an object is done by the administrator adding the user or group to the object’s Access Control List (ACL) and selecting the Allow option for the Read, Modify or Delete permissions. If the administrator does not add the user or group to the object or doesn’t select the Allow or Deny options for any of the permissions, the user or group is ____ denied the permission to the object.

if you have the Management group with Read permission to a file but you want to allow one user in the Management group to Modify the file, you can add the individual user to the files permission and select the Allow option for the Modify permission. Using this method allows the individual user to modify the file even though the group they are in only has the Read permission. An _____ deny only denies a permission until the user or group is allowed to perform the permission.

Implicit
Implied
Declined
Explicit

implicit

How well did you know this?

Not at all

Perfectly

Two benefits of Consolidated Billing (choose two)

combined usage (combine usage across all AWS accounts in AWS organization to share volume pricing, Reserved Instances, and Savings Plan discounts.

You get a 30% discount on the total bill

You get a 5% discount on the total bill

You get one bill for all AWS Accounts in the AWS Organization

combined usage (combine usage across all AWS accounts in AWS organization to share volume pricing, Reserved Instances, and Savings Plan discounts.

You get one bill for all AWS Accounts in the AWS Organization

How well did you know this?

Not at all

Perfectly

True or False

The management account can turn off Reserved Instances discount sharing for any account in the AWS Organization, including itself.

True

How well did you know this?

Not at all

Perfectly

An easy way to set up and govern a secure and compliant multi-account AWS environment based on best practices

AWS Multi
AWS Organizations
AWS Control Tower
AWS MultiAccount

AWS Control Tower

How well did you know this?

Not at all

Perfectly

Just fyi - no question involved on this AWS Control Tower benefits - automate the set up of your environment in a few clicks - automate ongoing policy management using guardrails - detect policy violations and remediate them - monitor compliance through an interactive dashboard

n/a

Lets you centrally manage your cloud resources to achieve governance at scale of your infrastructure as code (IaC) templates, written in CloudFormation or Terraform. With this service, you can meet your compliance requirements while making sure your customers can quickly deploy the cloud resources they need. AWS Configure AWS Monitor AWS Service Catalog AWS Guardrail

AWS Service Catalog

Four difference pricing models: 1 - Pay as you go 2 - Save when you reserve 3 - Pay less using more 4 - Pay less as AWS grows A - volume based discounts B - pay for what you use, remain agile, responsive, meet scale demands C - minimize risks, predictably manage budgets, comply with long-term requirements D - nothing to say here lol

1 - B 2 - C 3 - A 4 - D

Reservations are available for (no correlating question) EC2 Reserved Instances DynamoDB Reserved Capacity ElastiCaste Reserved Nodes RDS Reserved Instance Redshift Reserved Nodes

n/a

Free services where you don't pay for the service but rather, for the resources created by the services (choose three) Elastic Beanstalk EC2 CloudFormation IAM Auto Scaling Group VPC

Elastic Beanstalk CloudFormation Auto Scaling Group

Two examples of free tier service: E2 large instance S3, EBS, ELB, AWS Data transfer (up to a certain amount) VPC E2 micro instance

S3, EBS, ELB, AWS Data transfer (up to a certain amount) E2 micro instance

On-demand instances have a minimum runtime of 1 second 10 seconds 6 seconds 60 seconds

60 seconds

On demand instances of Windows/Linux are charged per every second per every minute per every hour per every last breath of your dying body

per every second

on demand instances that are not Windows/Linux are charged per every second per every minute per every hour per every last breath of your dying body

Reserved instances require a commitment of either (choose two) one year one week three months three years

one year three years

How much discount it offered on Reserved Instances in comparison to on-demand 10% 33% 75% 25%

75%

How much discount it offered on Spot Instances in comparison to on-demand 90% 33% 75% 25%

90%

This type of instance is where you bid for the instance and could lose the instance should you be outbid by someone offering a higher price. Reserved Instance Bid Instance Blink instance Spot instance

Spot

Dedicated Host instances require a commitment of either (choose two) one year one week three months three years

one year three years

This type of instance runs on hardware dedicated to you Your Instance Just4You Instance Sole instance Dedicated Host

Dedicated host

This type of instance allows you to user your existing per-socket, or per-VM software license Dedicated Host Reserved Instance Spot Instance Savings Instance

Dedicated host

Dedicated host uses what type of billing (choose two) Annual costs Monthly On-demand Reserved for 1 or 3 years

on-demand reserved for 1 or 3 years

Can both be used to launch EC2 instances onto physical servers that are dedicated for your use (choose two) Dedication Mode Dedicated Hosts Dedicated Instances Dedicated Nodes

Dedicated Hosts Dedicates Instances

What are the pay factors for Lambda? (choose TWO) Per API call Per duration Per duration x amount of RAM utilized Per RAM utilized

per API call per duration x amount of RAM utilized

What are the pay factors for Fargate? pay for vCPU and memory resources allocated to your applications pay per gate pay per SSD pay per volume

pay for vCPU and memory resources allocated to your applications

When using A-____ there is no cost but when using a B-____, there is a cost incurred private IP default gateway internet gateway public IP

A - public IP B - private IP

What are the three types of Savings Plans Bridge Savings Plan EC2 Savings Plan Compute Savings Plan Power Savings Plan Machine Learning Savings Plan

EC2 Savings Plan Compute Savings Plan Machine Learning Savings Plan

EC2 Savings Plan offers up to __% discount compared to On-Demand 25% 50% 72% 80%

72%

Commit to a certain $ amount per hour for 1 or 3 years Capacity Reserved Instance On-Demand Reserved Instance Savings Plan

Savings Plan

Compute Plan offers up to __% discount compared to On-Demand 25% 50% 66% 80%

66%

Between the EC2 and Compute Savings Plan, which is more flexible?

Compute Savings Plan

Which plan pricing is regardless of Family, Region, Size, OS, tenancy, compute options EC2 Savings Plan Compute Savings Plan Versatile Savings Plan Machine Learning Savings Plan

Compute Savings Plan

Type of savings plan for machine learning services such as SageMaker Machine Learning Savings Plan SageMaker Savings Plan Macho Savings Plan EC2 Machine Savings Plan

Machine Learning Savings Plan

You can get an estimate pricing for your savings plan at the following URL: http://awsamazon/savingsplan.com https://aws.amazon.com/savingsplans/pricing https://awsamazon/savings-plan-pricing.com https://aws.amazon.com/savingspricingplan

http://aws.amazon.com/savingsplans/pricing

The Savings Plan is setup from the AWS Budget AWS Dashboard AWS Savings Console AWS Cost Explorer console

AWS Cost Explorer Console

Reduce costs and improve performance by recommending optimal AWS resources for your workloads. Uses Machine Learning to analyze your resources configurations and their utilization CloudWatch metrics AWS Analyzer AWS Deterministic AWS Compute Optimized AWS CloudAnalyze

AWS Compute Optimized

URL for AWS Pricing Calculator https://calculatorawscom.com https://calculator.aws https//aws.com/calculator https://calculator.aws.com

https://calculator.aws/

A way to estimate your costs in the cloud. AWS Estimator AWS PricingEstimate AWS Pricing Calculator AWS PriceWise

AWS Pricing Calculator

will show you all of the costs incurred for the month, the forecast and month to date AWS Billing Dashboard AWS Free Tier Dashboard AWS Billing Site AWS Cost Explorer

AWS Billing Dashboard

will show you all of the resources used under the free tier AWS Billing Dashboard AWS Free Tier Dashboard AWS Billing Site AWS Cost Explorer

AWS Free Tier

Cost and Usage Reports can be integrated and analyzed using (choose three) Athena RDS DynamoDB Redshift QuickSight MSWord

Athena Redshift QuickSight

Provides a more granular insight into your costs and usage by running a report that can be integrated and analyzed with Athena, Redshift, or QuickSight AWS Cost Explorer AWS Billing Dashboard AWS Costs and Usage Reports AWS Free Tier

AWS Cost and Usage Reports

Two types of tags Resource Freeze Merit Cost Allocation

Resource Cost Allocation

you can edit resource tags by Going to "Resource Groups and Tag Editor" and select "Tag Editor" Go to the Tag Dashboard Go to the Editor Dashboard Go to Cost Allocation tags

Going to "Resource Groups and Tag Editor" and select "Tag Editor"

Provides a more granular insight into your costs and usage by using a more visual overlay and including forecasting AWS Cost Explorer AWS Billing Dashboard AWS Costs and Usage Reports AWS Free Tier Reports

AWS Cost Explorer

True or False AWS Cost Explorer and AWS Cost and Usage are both very similar but AWS Cost Explorer provides a more visual representation while AWS Cost and Usage allows to run of various report

True

AWS Cost & Usage Reports (and AWS Cost Explorer) can run with which granularities (choose three)? minute second daily 15 minute interval hourly monthly

hourly daily monthly

If you're looking for a service that will allow you to forecast your bill for up to 12 months ahead, you would use: Cost & Usage Reports Cost Explorer Budgets Bill and Chills

Cost Explorer

Cost and Usage Reports take about how long to generate 1 hour 10 minutes 24 hours 60 minutes

24 hours

Billing data metric is stored in which region? us-west-2 us-central-1 us-east-1 us-north-2

us-east-1

What three types of Budget can be created? Usage Cost Service Instance Savings Plan Reservation

Usage, Cost, Reservation, Savings Plan

How many SNS notifications can be sent per budget? 10 5 1 100

What is the price structure for Budgets? Free Tier Always Free 2 budgets free, then $.02/day/budget $10/month

2 budgets free, then $.02/day/budget

Continuously monitors your cost and usage using ML to detect unusual spends AWS Anomaly AWS MLAnalysis AWS Cost Anomaly Detection AWS ML Anomaly

AWS Cost Anomaly Detection

AWS Cost Anomaly Detection monitors the following (select four) AWS Services AWS EC2 instances Member accounts S3 buckets Cost Allocation tag Cost categories

AWS Services Member Accounts Cost Allocation tags Cost categories

This service monitors all your quotas across AWS, you can get quota alerts via CloudWatch, and you can request quota increases directly from the console AWS Quotas AWS Quote Alarm AWS Service Quotas AWS Quato Alert

AWS Service Quotas

Service provides high level AWS account assessment. Will analyze your accounts and provide recommendation on 5 categories AWS Account Assessment AWS Account Overview AWS Trusted Advisor AWS Account Stock

AWS Trusted Advisor

Trust Advisor provides recommendations on five categories (Basic and Developer only get 7 specific checks whereas Business and Enterprise get all five): Size Speed Cost Optimization Fault Tolerance Legality Service Limits Performance Profitability Security

Cost Optimization Fault Tolerance Service Limits Performance Security

The Basic and Developer level accounts have access to how many Trusted Advisor core checks 1 5 7 10

Choose 3 (of the 7) Trusted Advisor core checks from the list below EBS Public Snapshots EFS filesystem Service Limits RDS integrity IAM Use (one IAM user minimum)

EBS Public Snapshots Service Limits IAM Use (one IAM user minimum)

Choose 3 (of the 7) Trusted Advisor core checks from the list below Security Groups - specific ports unrestricted (i.e SSH) EFS filesystem S3 Bucket permissions RDS integrity RDS Public snapshots

Security Groups - specific ports unrestricted S3 Bucket permissions RDS public snapshots

Choose 3 (of the 7) Trusted Advisor core checks from the list below EBS Public Snapshots EFS filesystem MFA on Root Account RDS integrity IAM Use (one IAM user minimum)

EBS Public Snapshots MFA on Root Account IAM Use (one IAM user minimum)

Choose 3 (of the 7) Trusted Advisor core checks from the list below EBS Public Snapshots EFS filesystem MFA on Root Account RDS public snapshot Organization integrity

EBS Public Snapshots MFA on Root account RDS public snapshot

Business and Enterprise accounts get access to the following from Trusted Advisor (choose three) The same 7 checks as Basic and Developer accounts Full checks (200+) available on the 5 categories 12 checks (7 + 5) Ability to set CloudWatch alarms when reaching limits CloudTrail alerts Programmatic Access using AWS Support API

Full checks available on the 5 categories Ability to set CloudWatch alarms when reaching limits Programmatic Access using AWS Support API

Which two accounts have access to the AWS Support API Basic Developer Business Enterprise

Business Enterprise

How many checks are provided by Trusted Advisor 7 10 20 over 200

over 200

What are the four different AWS support plans you can choose from? Basic Standard Developer DevOps Business Corporate Enterprise

Basic Developer Business Enterprise

What type of AWS Support does this describe Free Basic Developer Business Enterprise On-Ramp Enterprise

Basic

What type of AWS Support does this describe Greater of $29 or 3% of monthly AWS charges Basic Developer Business Enterprise On-Ramp Enterprise

Developer

What type of AWS Support does this describe Greater of $100 or 10% of monthly AWS charges for the first $0 - $10K 7% of monthly AWS charges from $10k - $80k 5% of monthly AWS charges from $80k - $250k 3% of monthly AWS charges over $250k Basic Developer Business Enterprise On-Ramp Enterprise

Business

What type of AWS Support does this describe Greater of $5,500 or 10% of monthly AWS charges Basic Developer Business Enterprise On-Ramp Enterprise

Enterprise On-Ramp

What type of AWS Support does this describe Greater of $15,000 or 10% of monthly AWS charges for the first $0 - $150K 7% of monthly AWS charges from $150k - $500k 5% of monthly AWS charges from $500k - $1M 3% of monthly AWS charges over $1M Basic Developer Business Enterprise On-Ramp Enterprise

Enterprise

What type of AWS Support does this describe - Customer Service & Communities - 24x7 access to customer service, documentation, whitepapers, and support forums. - AWS Trusted Advisor - access to the 7 core checks and guidance to provision your resources following best practices to increase performance and improve security - Personal Health Dashboard Basic Developer Business Enterprise On-Ramp Enterprise

Basic

What type of AWS Support does this describe - Basic Support Plan + - Business hours email access to Cloud Support Associates - Unlimited cases / 1 primary contact - Case severity / response times ==> general guidance < 24 business hours ==> System impaired: < 12 business hours Basic Developer Business Enterprise On-Ramp Enterprise

Developer

What type of AWS Support does this describe Intended to be used for production workloads Trusted Advisor - full set of checks & API access 24x7 phone, email, and chat access to Cloud Support Engineers Unlimited cases / unlimited contacts Access to infrastructure Event Management for additional fee - Case severity / response times ==> general guidance < 24 business hours ==> System impaired: < 12 business hours ==> Production system impaired < 4 hours ==> Production system down < 1 hour Basic Developer Business Enterprise On-Ramp Enterprise

Business

What type of AWS Support does this describe Intended to be used for production or business critical workloads All of Business Support Plan + Access to a pool of Technical Account Managers (TAM) Concierge Support Team (for billing and account best practices) infrastructure Event Management, Well-Architected & Operations Reviews - Case severity / response times ==> general guidance < 24 business hours ==> System impaired: < 12 business hours ==> Production system impaired < 4 hours ==> Production system down < 1 hour ==> Business-critical system down < 30 minutes Basic Developer Business Enterprise On-Ramp Enterprise

Enterprise On-Ramp

Intended to be used for production or mission critical workloads All of Business Support Plan + Access to designatedTechnical Account Managers (TAM) Concierge Support Team (for billing and account best practices) infrastructure Event Management, Well-Architected & Operations Reviews - Case severity / response times ==> general guidance < 24 business hours ==> System impaired: < 12 business hours ==> Production system impaired < 4 hours ==> Production system down < 1 hour ==> Business-critical system down < 15 minutes Basic Developer Business Enterprise On-Ramp Enterprise

Enterprise

Operate multiple accounts using AWS Multiple AWS Accounts AWS Organizations AWS ManyAccounts

AWS Organizations

To setup guardrails and restrict power, use AWS PowerLimit AWS SCP (service control policies) AWS Services AWS Fukitall

AWS SCP (service control policies)

Easily setup multiple accounts with best-practices AWS Organizations AWS Clock Tower AWS MultiAccounts AWS Legion

AWS Clock Tower

For easy resource management and billing, you can use Taggers Allocation Costs Use Tags & Cost Allocation Tag Tags, Tags and more Tags

Use Tags & Cost Allocation Tag

Choose four that represent IAM guidelines password policy reverse enginerring MFA most privilege least privilege password rotation

password policy MFA least privilege password rotation

Use this to record all resources configuration & compliance over time Compliance Config AWS Config AWS Comply AWS Configulrate

AWS Config

A ____ is a collection of AWS resources that you can manage as a single unit. Bundle Group Set Stack

stack

use to deploy stacks across accounts and regions AWS Max AWS ManyMove AWS Stars AWS Stacks

AWS Stacks

To record API calls made within your account use API Manager CloudTrails API Clouds CloudWatch

CloudTrails

If your account is compromised (choose three) Scream change root password delete and recreate account from backup rotate all passwords/keys contact AWS Support

change root password rotate all passwords/keys contact AWS Support

allows all users to create stacks defined by admins AWS Service Catalog AWS Stack Creator AWS Stack Service AWS Service Stack

AWS Service Catalog

recommends resources configurations to reduce costs Compute Minute Resource Compute Resource Recommend Compute Optimizer

Compute Optimizer

Difference between Budget and Cloudwatch alarms - 3pm - Budget can alarm you of forecasting over Budget, Cloud Watch can only alert if actually going over - The cost to use each service - Cloudwatch can alarm you of forecasting over Budget, Budget can only alert if actually going over

Budget can alarm you of forecasting over Budget, Cloud Watch can only alert if actually going over