Governance

Question 1

Service is a free governance tool that allows you to create and manage multiple AWS accounts

Answer 1

AWS Organizations

Question 2

Service allows you to control your accounts from a single location instead of having to jump from account to account

Answer 2

AWS Organizations

Question 3

Account within AWS Organizations is also called the payer account. Is the primary account that hosts and manages the organization

Answer 3

Management Account

Question 4

Can there be more than one Management account within AWS Organizations

Answer 4

No

Question 5

Accounts within AWS Organizations that belong to everyone in the organization such as test, dev accounts

Answer 5

Member Account

Question 6

Feature in AWS Organizations that rolls all bills up to the payer account. Simplifies that process by having a single payment method

Answer 6

Consolidated Billing

Question 7

Feature in AWS Organizations that allows for aggregate discounts

Answer 7

Usage Discounts

Question 8

Can you easily share reserved instances and savings plans across the organizations in AWS Organizations

Answer 8

Yes

Question 9

Service allows you to easily achieve a multi-account design while maintaining centralized management

Answer 9

AWS Organizations

Question 10

Logical grouping of multiple accounts to allow for easy management and separation within AWS Organizations

Answer 10

Organizational Unit (OU)

Question 11

Policies within AWS Organizations that get applied to OUs or accounts to restrict actions

Answer 11

Service Control Policies (SCP)

Question 12

Free service that allows you to share AWS resources with other accounts inside or outside your organization

Answer 12

Resource Access Manager (RAM)

Question 13

Free service that allows you to easily share resources rather than having to create duplicate copies in your different accounts

Answer 13

Resource Access Manager (RAM)

Question 14

Gives you the ability to set up temporary access you can easily control. Has temporary credentials that can be revoked as needed

Answer 14

Cross-account role access

Question 15

Service is an inventory management and control tool that shows the configuration history of your infrastructure over time. Monitoring and assessment tool. Track AWS architecture and check for best practice violations

Answer 15

AWS Config

Question 16

Service offers the ability to create rules to make sure resources conform to your requirements. Monitoring and assessment tool. Track AWS architecture and check for best practice violations

Answer 16

AWS Config

Question 17

Can Config receive alerts via SNS?

Answer 17

Yes

Question 18

Can AWS Config be configured cross-region?

Answer 18

No

Question 19

Does AWS Config have to be configured per region?

Answer 19

Yes

Question 20

Can the results of Config be aggregated across Regions and AWS Accounts?

Answer 20

Yes

Question 21

Service that is used to gain a view of your infrastructure’s overall compliance at an entire organizational level. Track AWS architecture and check for best practice violations

Answer 21

AWS Config

Question 22

Represent your ideal configuration settings in AWS Config. AWS-managed and custom. Evaluated by a schedule or trigger

Answer 22

Rules

Question 23

Is AWS Config free?

Answer 23

No

Question 24

Does AWS Config offer automatic remediation of non-compliant configurations?

Answer 24

Yes

Question 25

AWS Config feature used for automatic remediation. Can be aws-managed or custom

Answer 25

SSM Automation Documents

Question 26

Automation Documents that can leverage Lambda functions for custom logic

Answer 26

Custom

Question 27

Can you enable a retry if auto-remediation fails in AWS Config

Answer 27

Yes

Question 28

Can EventBridge send events from AWS Config to other AWS services like SQS and Lambda?

Answer 28

Yes

Question 29

Service is a fully managed version of Active Directory. Allows you to offload the painful parts of keeping AD online and run AD inside of AWS

Answer 29

AWS Directory Service

Question 30

Type of Directory Service that allows you to easily build out AD in AWS. Entire AD suit

Answer 30

Managed Microsoft AD

Question 31

Type of Directory Service that creates a tunnel between AWS and your on-premises AD

Answer 31

AD Connector

Question 32

Type of Directory Service that is a simple authentication service

Answer 32

Simple AD

Question 33

Service is an easy-to-use tool that allows you to visualize and analyze your cloud costs

Answer 33

Cost Explorer

Question 34

Can you generate custom reports based on resource tags in Cost Explorer

Answer 34

Yes

Question 35

Service that allows organizations to easily plan and set expectations around cloud costs

Answer 35

AWS Budgets

Question 36

Service that can create alerts to let users know when they’re close to exceeding their allotted spend

Answer 36

AWS Budgets

Question 37

Service is the most comprehensive set of cost and usage data available for AWS spending

Answer 37

AWS Cost and Usage Reports (CUR)

Question 38

Can AWS CUR publish billing reports to EC2?

Answer 38

No

Question 39

Can AWS CUR publish billing reports to S3?

Answer 39

Yes

Question 40

Do AWS CUR reports immediately update?

Answer 40

No, once a day

Question 41

Service easily integrates with Athena, Redshift, or Quicksight to develop cost and usage billing reports

Answer 41

AWS Cost and Usage Reports (CUR)

Question 42

Service used to monitor On-Demand capacity reservations

Answer 42

AWS Cost and Usage Reports (CUR)

Question 43

Service used to track Savings Plans utilizations, charges, and allocations

Answer 43

AWS Cost and Usage Reports (CUR)

Question 44

Service used to break down your AWS data transfer charges

Answer 44

AWS Cost and Usage Reports (CUR)

Question 45

Service that analyzes configurations and utilization metrics of your AWS resources

Answer 45

AWS Compute Optimizer

Question 46

Service that reports current usage optimizations and potential recommendations

Answer 46

AWS Compute Optimizer

Question 47

Service that provides a graphical history data and projected utilization metrics

Answer 47

AWS Compute Optimizer

Question 48

Service that works with EC2, ASGs, EBS, Lambda that analyzes configuration and utilization metics of your AWS resources

Answer 48

AWS Compute Optimizer

Question 49

Is AWS Compute Optimizer enabled by default

Answer 49

No

Question 50

Pricing model that offers flexible pricing for up to 72% savings on compute

Answer 50

Savings Plans

Question 51

Pricing model that offers lower prices for EC2 instances regardless of instance family, size, os, tenancy, or regions

Answer 51

Savings Plans

Question 52

Can the pricing model Savings Plans apply to Lambda or Fargate usage?

Answer 52

Yes

Question 53

Can the pricing model Savings Plans apply to Sagemaker for lowering instance pricing?

Answer 53

Yes

Question 54

Pricing model provides savings for long-term commitments in one-year or three-year pricing options. All upfront, Partial upfront, or No upfront.

Answer 54

Savings Plans

Question 55

Type of Saving Plans that applies to any EC2 compute, Lambda, or Fargate usage. Up to 66% savings on compute

Answer 55

Compute Savings

Question 56

Type of Savings Plans that applies only to EC2 instances of a specific instance family in specific regions. Offers 72% savings

Answer 56

EC2 Instance Savings

Question 57

Type of Savings Plans that apply to SageMaker instances regardless of instance family or sizing. Up to 64% savings

Answer 57

SageMaker savings

Question 58

Service is an easy way to set up and govern an AWS multi-account environment by automating account creation and security controls via other AWS services

Answer 58

AWS Control Tower

Question 59

Service extends AWS Organizations to prevent governance drift and leverages different guardrails

Answer 59

AWS Control Tower

Question 60

Service where users can provision new AWS accounts quickly using central admin-established compliance policies

Answer 60

AWS Control Tower

Question 61

Service is the quickest way to create and manage a secure, compliant, multi-account environment based on best practices

Answer 61

AWS Control Tower

Question 62

Feature of AWS Control tower that are high-level rules in plain language providing ongoing governance

Answer 62

Guardrails

Question 63

Type of rules in Guardrails that ensure account maintain governance by disallowing violating actions

Answer 63

Preventive

Question 64

Type of rules in Guardrails that detect and alert on non-compliant resources within all accounts from AWS Config

Answer 64

Detective

Question 65

Shared accounts within the AWS Control Tower

Answer 65

Management, log archive, audit account

Question 66

Service that simplifies managing software licenses with different vendors by centrally managing licenses across AWS accounts and on-premises environments

Answer 66

AWS License Manager

Question 67

Service that provides visibility of resource performance and availability of AWS services or accounts. Provides visibility into service and resource health

Answer 67

AWS Health

Question 68

Service that has near-instant delivery of notifications and alerts to speed up troubleshooting or prevention

Answer 68

AWS Health

Question 69

Automate certain actions based on incoming events using

Answer 69

Amazon Eventbridge

Question 70

Service is a fully managed best-practice auditing tool. It inspects your AWS environment and then makes recommendations when opportunities exist to save money.

Answer 70

AWS Trusted Advisor

Question 71

Does AWS Trusted Advisor make recommendations based on the entire account?

Answer 71

Yes

Question 72

One of the only ways to limit a root account

Answer 72

Service Control Policies (SCP)

Question 73

Service used to simplify access management to multiple AWS accounts, AWS applications, and other SAML-enabled cloud applications.

Answer 73

AWS Identity Center

Question 74

Service that allows organizations to create and centrally manage catalogs of approved IT services as CloudFormation templates

Answer 74

AWS Service Catalog

Question 75

Service that creates and manages infrastructure (IaC) and deployment tooling for users as well as serverless and container-based applications

Answer 75

AWS Proton

Question 76

Service is a tool for measuring current workload against established AWS best practices. Documents workload and architecture decisions

Answer 76

AWS Well-Architected Tool