Governance

Question 1

What is Organizations?

Answer 1

A free governance tool that allows you to create and manage multiple AWS accounts. With it, you can control your accounts from a single location rather than jumping from account to account.

Question 2

What is a Logging Account?

Answer 2

This is a best practice around setting up an account that is specifically dedicated to logging by using cloud trail for logging aggrigation

Question 3

What is AWS RAM?

Answer 3

Resource Access Manager

Is a free resource that lets multiple accounts in an organization share resources.

Question 4

What resources can you share using RAM?

Answer 4

1) Transit gateways
2) Li

Question 5

What is Cross-Account Role Access?

Answer 5

Set up an AWS account to give users across the organization access to multiple accounts.

Question 6

Where is the account ID placed when setting up cross-account role access?

Answer 6

In the role trust policy.

Question 7

Which tool allows you to visualize your AWS spend?

Answer 7

Cost Explorer

Question 8

Which tool allows developers to deploy full application stacks using approved Infrastructure as Code deployments for their container-based and serverless applications?

Answer 8

AWS Proton

Question 9

What AWS service allows you to consolidate CloudTrail Logs from multiple accounts?

Answer 9

Organizations

Question 10

Which of the following statements is the most accurate statement about AWS Config’s abilities?

A) Config can be used to terminate old RDS databases and shut down public S3 bucket replication to SQS.

B) Config can be used to track AWS resources and enforce best practices.

C) Config can be used to audit IAM usage and message admins if violations are found.

D) Config can be used to scale EC2 instances and turn up the tunes.

Answer 10

B) Config can be used to track AWS resources and enforce best practices.

Question 11

You need to generate daily reports with a detailed breakdown of your AWS Organizations costs and then store them as CSV files in Amazon S3. Which service would be the best fit?

Answer 11

AWS Cost and Usage Reports

Question 12

Which service provides an abstracted means of leveraging AWS services to automate the deployment and governance of new AWS accounts within a multi-account AWS organization?

Answer 12

AWS Control Tower

Question 13

Where should AWS SSO NOT be used?

A) For internal users signing in to a 3rd party application that supports SAML.

B) For handling AWS Console logins.

C) For external users authenticating to a mobile application.

D) For internal users authenticating to an internal application.

Answer 13

C) For external users authenticating to a mobile application.

Question 14

Which of the following is NOT a version of Directory Service?

A) Managed Microsoft AD

B) Simple AD

C) AD Connector

D) Microsoft AD Replicator

Answer 14

D) Microsoft AD Replicator

Question 15

Which tool allows you to easily document your architectural decisions and see how they measure against established AWS best practices?

Answer 15

AWS Well-Architected Tool

Question 16

What AWS service should be used to assist with managing Active Directory?

Answer 16

Directory Service

Question 17

How can you consolidate the AWS bill for your organization?

Answer 17

Enable consolidated billing.

Question 18

True or False? Config offers real-time evaluation of rule violations.

Answer 18

False

Question 19

You think that your EC2 instances are not accurately sized for your application workloads. Which AWS service can be used to generate recommendations on better sizing estimates?

Answer 19

AWS Compute Optimizer

Question 20

How can you stop a root user from terminating EC2 instances?

Answer 20

Apply a service control policy (SCP) to the account to deny this action.