Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Test > Governance > Flashcards

Governance Flashcards

1
Q

What Is AWS Organizations?

A

AWS Organizations is a free governance tool that allows you to create and manage multiple AWS accounts. With it, you can control your
accounts from a single location rather than jumping from account to account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Key Features of AWS Organizations

A
  • Logging Accounts: It’s best practice to create a specific
    account dedicated to logging. CloudTrail supports logs aggregation.
  • Programmatic Creation: Easily create and destroy new AWS
    accounts.
  • Reserved Instances: RIs can be shared across all accounts.
  • Consolidated Billing: The primary account pays the bills.
  • Service Control Policies: SCPs can limit users’ permissions.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is SCP?

A

Service Control Policies: Once implemented, these policies will be applied to every single resource inside an account. They are the ultimate way to restrict permissions and even apply to the root account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What Is AWS RAM?

A

AWS Resource Access Manager (RAM) is a free service that allows you to share AWS resources with other accounts and within your organization. AWS RAM allows you to easily share resources rather than having to
create duplicate copies in your different accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

RAM vs. VPC Peering

A

When should you use VPC peering or RAM?
Are you sharing resources within the same region? Use RAM.
Are you sharing across regions? Use VPC peering.
If RAM isn’t available and VPC peering is, that’s still a great option!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Cross-Account
Role Access?

A

As the number of AWS accounts you manage
increases, you’ll need to set up cross-account
access. Duplicating IAM accounts creates a security
vulnerability. Cross-account role access gives you
the ability to set up temporary access you can easily
control.

it is preferred to create cross-account roles
rather than additional IAM users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What Is Config?

A

Config is an inventory management and control tool. It allows you to show
the history of your infrastructure along with creating rules to make sure it
conforms to the best practices you’ve laid out.

Config = Standards

For example, you’d use Config to ensure your S3 buckets aren’t publicly
readable or your users are using the approved AMI in their EC2 instances.

You can use Automation documents or Lambda to enforce your standards.

You can track previously deleted AWS resources using Config.

You can roll up all your results to a single region.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What Is Directory
Service?

A

AWS Directory Service is a fully managed version of Active Directory. It allows you to offload the painful parts of keeping AD online to AWS while still giving you the full control and flexibility AD provides.

It runs inside a VPC(private service).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the 3 types of Directory Service?

A
  • Simple AD: Standalone directory powered by Linux Samba Active Directory compatible server.
  • Managed Microsoft AD: This is the entire AD suite. You can easily
    build out AD in AWS.
  • AD Connector: Creates a tunnel between AWS and your on-premises AD. It is simply a proxy back to your on-premises AD. For example, you could have a service in AWS(fx AWS Workspaces) that needs to connect to an AD that you already have on-premises.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What Is Cost
Explorer?

A

AWS Cost Explorer is an easy-to-use tool that allows you to visualize your cloud costs. You can generate reports based on a variety of
factors, including resource tags.

Cost Explorer lets you build reports

Tags are one of the most important ways to track your
spend

Cost Explorer can estimate your spend for the upcoming month.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What Is AWS
Budgets?

A

AWS Budgets allow organizations to easily plan and set expectations around cloud costs. You can easily track your ongoing spend and
create alerts to let users know when they’re close to exceeding their allotted spend.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the 4 different types
of budgets?

A
  • Saving Plans Budgets: “Is what we’re doing covered
    by our savings plan?”
  • Reservation Budgets: “Are we being efficient with our RIs?”
  • Usage Budgets: “How much are we using?”
  • Cost Budgets: “How much are we spending?”

2 free every month.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is AWS CUR?

A

AWS Cost and Usage Reports (CUR):

  • Comprehensive: The most comprehensive set of cost and usage data
    available for AWS spending.
  • Publish: Publish billing reports to Amazon S3 for centralized collection.
  • Breakdown: Break costs down by the time span (hour, day, and
    month), service and resource, or by tags.
  • Daily CSV: AWS CUR updates reports in Amazon S3 buckets once a day using CSV formats.
  • Integrations: Easily integrate with AmazonAthena, Amazon Redshift, or Amazon QuickSight.

Use within Organizations at organization level, OU level, or member account level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What Is AWS Compute Optimizer?

A
  • Optimizes: Analyzes configurations and utilization metrics of your AWS resources
  • Reporting: Reports current usage optimizations and potential recommendations
  • Graphs: Provides graphical history data and projected utilization metrics
  • Informed Decisions: Use graphs, metric data, and recommendations for moving or resizing resources
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which resources does AWS Compute Optimizer work with?

A

Amazon EC2
Auto Scaling Groups
Amazon EBS
AWS Lambda

Disabled by default. You must opt in to leverage AWS Compute Optimizer.
After opting in, enhance recommendations via activation of recommendation preferences (e.g., enhanced infrastructure metrics paid feature)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What Are the Three Different Savings Plans Types?

A

Compute Savings
- Most flexible savings plan
- Applies to any EC2 compute, Lambda, or Fargate usage
- Up to 66% savings on compute

EC2 Instance Savings
- Stricter savings plan
- Applies only to EC2 instances of a specific instance family in specific Regions
- Up to 72% savings

SageMaker Savings
- Apply to SageMaker instances regardless of instance family or sizing
- Any Region and any component
- Up to 64% savings

17
Q

What Is
Trusted Advisor?

A

AWS Trusted Advisor is a fully managed best-practice auditing tool. It will scan 5 different parts of your account and look for places where you could improve your adoption of the recommended best practices provided
by AWS.

18
Q

What are the 5 Questions Trusted Advisor Asks?

A
  • Cost Optimization: Are you spending money on resources that aren’t needed?
  • Performance: Are your services configured properly?
  • Security: Is your AWS architecture full of vulnerabilities?
  • Fault Tolerance: Are you protected when something fails?
  • Service Limits: Do you have room to scale?

Will not fix the problems for you. use sns to notify

To get the most useful checks, you’ll need a Business or Enterprise Support plan.

Use EventBridge (CloudWatch Events) to kick off Lambda to solve the problem for you.

19
Q

What Is AWS Control Tower?

A
  • Governance: Easy way to set up and governan AWS multi-account environment
  • Orchestration: Automates account creation and security controls via other AWS services
  • Extension: Extends AWS Organizations to prevent governance drift, and leverages different guardrails
  • New AWS Accounts: Users can provision new AWS
    accounts quickly, using central admin-established compliance
    policies
  • Simple Terms: Quickest way to create and manage a secure, compliant, multi-account environment based on best practices
20
Q

What Are Guardrails?

A

High-level rules in plain language providing ongoing governance

Two different types: preventive and detective

PREVENTIVE
- Ensures accounts maintain governance by disallowing violating actions
- Leverages service control policies
- Statuses of enforced or not enabled
- Supported in all Regions

DETECTIVE
- Detects and alerts on non-compliant resources within all accounts
- Leverages AWS Config rules
- Statuses of clear, in violation, or not enabled
- Only apply to certain Regions

21
Q

What is AWS License Manager?

A
  • Simplifies managing software licenses with different vendors (Microsoft, SAP, and Oracle)
  • Helps centrally manage licenses across AWS accounts and on-premises environments
  • Control and visibility into usage of licenses and enabling license usage limits
  • Reduces overages and penalties via inventory tracking and rule-based
    controls for consumption
  • Supports any software based on vCPU, physical cores, sockets, and number of machines
22
Q

8 AWS Health Concepts

A
  1. AWS Health event: Notifications sent on behalf of AWS services or AWS
  2. Account-specific event: Events specific to your AWS account or AWS organization
  3. Public event: Events reported on services that are public, not specific to accounts
  4. AWS Health Dashboard: Dashboard showing account and public events, shows service health as well
  5. Event type code: Include the affected services and the specific type of event
  6. Event type category: Associated category — will be attached to every event
  7. Event status: Reports if the event is open, closed, or upcoming
  8. Affected entities: Which AWS resources are or may be affected by the event
23
Q

What is AWS Service Catalog?

A
  • Allows organizations to create and manage catalogs of approved IT services.
  • List things like AMIs, servers, software, databases, and other preconfigured components.
  • Catalog templates are written and listed using CloudFormation templates.
24
Q

What is AWS Proton?

A

AWS Proton is a service that creates and manages infrastructure and deployment tooling for users as well as serverless and container-based applications.

  1. Automate Infrastructure as Code (IaC provisioning and deployments.
  2. Define standardized infrastructure for your serverless and container-based apps.
  3. Use templates to define and manage app stacks that contain ALL components.
  4. AWS Proton automatically provisions resources, configures CI/CD, and deploys the code.
  5. Supports AWS CloudFormation and Terraform IaC providers.
25
Q

What are The Six Pillars of the AWS Well-Architected Framework?

A
  • Operational Excellence
  • Reliability
  • Security
  • Performance Efficiency
  • Cost Optimization
  • Sustainability
26
Q

What is the AWS Well-Architected Tool?

A

Tool for measuring current workload against established AWS best practices

27
Q

Is the management account affected by SCP(Service Control Policies)?

A

NO

28
Q

Can SCPs grant permissions?

A

No. SCPs act as policy guardrails that restrict or deny certain actions for member accounts within an organization.

Test (22 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions