Governance

Question 1

What is AWS Audit Manager?

Answer 1

A tool that produces reports for PCI compliance, GDPR, etc.

Question 2

When would you use AWS Artifact?

Answer 2

To get AWS security and compliance-related info, e.g. compliance reports.

Question 3

TRUE or FALSE:
SCPs don’t apply to the management account.

Answer 3

TRUE

Question 4

When it comes to billing, what advantages does AWS Organizations provide?

Answer 4

• Only one bill for all accounts
• Take advantage of savings plans and discounts across accounts

Question 5

What is the best practice for where to store CloudTrail logs?

Answer 5

In one single account.

Question 6

What does AWS RAM do?

Answer 6

Allows you to share resources in one account with other accounts inside or outside your organisation.

No need to create duplicate copies in different accounts.

Question 7

What is the pricing model of AWS RAM?

Answer 7

It’s free

Question 8

Which AWS service would you use to check if your Reserved Instances or Savings Plans are under-utilized?

Answer 8

AWS Budgets

Question 9

Which AWS service would you use to let employees know that they are close to overspending?

Answer 9

AWS Budgets

Question 10

What simple method can you use to create very specific budgets?

Answer 10

Tags

Question 11

What does the Well-Architected Tool do?

Answer 11

Measures your architecture against AWS best practices.

Question 12

Which service provides guides for making your workloads more reliable, secure, efficient, and cost-optimised?

Answer 12

AWS Well-Architected Tool

Question 12

TRUE or FALSE:
The AWS Well-Architected Tool assists in documenting your architecture decisions.

Answer 12

TRUE

Question 13

What tool would you use to monitor the state of your infrastructure?

Answer 13

AWS Config

Question 14

TRUE or FALSE:
AWS Config can prevent non-compliant changes being made to your infrastructure.

Answer 14

FALSE
It’s only a monitoring tool, but it can integrate with EventBridge to make changes.

Question 15

TRUE or FALSE:
AWS Config is multi-region by default.

Answer 15

FALSE
You need to enable it in every region where you have resources you want to track.

Question 16

What’s the difference between Trusted Advisor and the Well-Architected Tool?

Answer 16

Trusted Advisor:
- Real-time operational insights
- Specific resource-level recommendations.
Well-Architected Tool
- Architectural reviews
- Strategic improvements

Question 17

What’s the only way to restrict what the root account can do?

Answer 17

By using a Service Control Policy

Question 18

TRUE or FALSE?
Trusted Advisor is strictly an auditing tool, it won’t make changes for you.

Answer 18

TRUE

Question 19

What’s the difference between AWS Artifact and Audit Manager?

Answer 19

Audit manager: For managing audits of your own AWS environment.

Artifact: A static repository of AWS’s own compliance reports.

Question 20

What is AWS Config?

Answer 20

An inventory management and control tool. Allows you to track your resources.