Trusted Advisor

Question 1

Trusted advisor

What is Trusted Advisor?

Answer 1

Real-time guidance help follow AWS Best Practices

Question 2

Trusted advisor

What’s in the generated report?

Answer 2

ZIP file with CSV listing all filtered checks (and JSON summary)

Question 3

Trusted advisor

How do you install the Agent?

Answer 3

Don’t. No agent, it just pokes around your AWS account.

Question 4

Features and Support

Trusted Advisor w/ Basic support?

Answer 4

AWS console, only Service Limits catg + 7 basic, core checks

Question 5

Features and Support

Trusted Advisor w/ Developer support?

Answer 5

AWS console, only Service Limits catg + 7 basic, core checks

Question 6

Features and Support

Trusted Advisor w/ Business support?

Answer 6

All checks

Question 7

Features and Support

Trusted Advisor w/ Enterprise support?

Answer 7

All checks

Question 8

Features and Support

What’s special about Business or Enterprise support?

Answer 8

Get access to the support API; CloudWatch Events

Question 9

Features and Support

What can you do with the support API?

Answer 9

see and close suppport cases, react to Trusted Advisor recommendations

Question 10

Checks

What happens when a check triggers?

Answer 10

Use CloudWatch Events to trigger things

Question 11

Checks

Kinds of check results?

Answer 11

Red (action recommended), Yellow (investigation recommended)

Question 12

Checks

What is gray color all about?

Answer 12

You previously excluded some resources from the check, no recommendations

Question 13

Checks

What does AWS show when a check is red?

Answer 13

Recommended ways to fix/improve

Question 14

Checks

Why does a check show red, but the services looks ok?

Answer 14

Checks refreshed automatically only weekly

Question 15

Checks

How are Config-backed TA check refreshed?

Answer 15

Can’t refresh them

Question 16

Checks

How are Config-backed TA checks updated?

Answer 16

Config updates them based on Config triggers

Question 17

AWS Organizations

What happens when you filter on something?

Answer 17

Changes display only, doesn’t affect running checks

Question 18

AWS Organizations

Get TA to work in your Organizations?

Answer 18

Turn on from Mgmt acct, creates ServiceLinkedRoles everywhere

Question 19

AWS Organizations

Requirement for using TA with Orgs?

Answer 19

Uses the support plan in each member acct for avail checks

Question 20

TA and Other AWS Services

Relationship with AWS Config?

Answer 20

Config powers some of the TA checks

Question 21

TA and Other AWS Services

How can you exclude resources from Config-powered TA checks?

Answer 21

Can’t

Question 22

TA and Other AWS Services

How does TA and Secuirty Hub work together?

Answer 22

View security controls from SH in TA

Question 23

TA and Other AWS Services

How do you get Security Hub to send results to TA?

Answer 23

Happens automatically once you turn them on

Question 24

TA and Other AWS Services

How do Orgs, Secuirty Hub and TA interact?

Answer 24

Each member account has to turn on Security Hub to flow into TA

Question 25

TA and Other AWS Services

How do you exclude resources for Security Hub checks in TA?

Answer 25

Can’t. Exclude resources in Security Hub.

Question 26

TA and Other AWS Services

When does Security Hub send results to TA?

Answer 26

Depends on control – periodic or change-triggered like AWS Config

Question 27

TA and Other AWS Services

Refresh Security Hub checks in TA?

Answer 27

Can’t, have to refresh in Security Hub, just like AWS Config