Quiz: AWS Cloud Practitioner free practice question 5Quiz Description: questions like - Which service can be used to create steps required to automate build, test and deployments for a web application? options - AWS code pipeline Play all quizzes on this topic Start Quiz TestPlease click on the Start Quiz button to start the test. Please don't select the radio buttons or check boxes below.
FeedBack Please: × Play Quiz
Please share your feedback on C# programming quiz. Posted by Educato Academy on Monday, April 16, 2018
- AWS Config is a fully managed service that provides AWS resource inventory, configuration history, and configuration change notifications to enable security, compliance and governance.
- It provides a detailed view of the configuration of AWS resources in the AWS account.
- It
gives point-in-time and historical states and allows users to see changes visually in a timeline.
- will only record the latest configuration of that resource only, in cases where several configuration changes are made to a resource in quick succession (i.e., within a span of a few minutes); this represents the cumulative impact of that entire set of changes.
- does not cover all the AWS services and for the services unsupported the configuration management process can be automated
using API and code and used to compare current and past data.
- is a regional service.
- provides customizable, predefined rules as well as the ability to define custom rules.
- AWS Config can help with the following:
- Evaluate your AWS resource configurations for desired settings.
- Get a snapshot of the current configurations of the supported resources that are associated with your AWS account.
- Retrieve configurations of one or more resources that exist
in the account.
- Retrieve historical configurations of one or more resources.
- Receive a notification whenever a resource is created, modified, or deleted.
- View relationships between resources. For example, you might want to find all resources that use a particular security group.
AWS Config Use
Cases- Security Analysis & Resource Administration
- enables continuous monitoring and governance over resource configurations and helps evaluate them for any misconfigurations leading to security gaps or weaknesses.
- Auditing & Compliance
- helps maintain a complete inventory of all resources and their configurations attributes as well as point in time history
- helps retrieve historical configurations
that can be very useful to ensure compliance and audits with internal policies and best practices
- Change Management
- helps understand relationships between resources so that the impact of the change can be proactively assessed.
- can be configured to notify whenever resources are created, modified, or deleted without having to monitor these
changes by polling the calls made to each resource
- Troubleshooting
- helps to quickly identify and troubleshoot issues, by being able to use the historical configurations and compare the last working configuration to the one recent change causing issues.
- Discovery
- helps discover resources that exist within an account leading to better inventory and asset management.
- Get a snapshot of the current
configurations of the supported resources that are associated with the AWS account
AWS Config Concepts - AWS Resources
- AWS Resources are entities created and managed for e.g. EC2 instances, Security groups
- AWS Config Rules
- AWS Config Rules help define desired configuration settings for the resources or for the entire account
- AWS Config continuously tracks the resource configuration changes against the rules and if violated marks the resource as non-compliant.
- Resource Relationship
- AWS Config discovers
AWS resources in the account and then creates a map of relationships between AWS resources for e.g. EBS volume linked to an EC2 instance
- Configuration Items
- A configuration item represents a point-in-time view of the supported AWS resource
- Components of a configuration item include metadata, attributes, relationships, current configuration, and related events.
- Configuration Snapshot
- A configuration snapshot is a
collection of the configuration items for the supported resources that exist in your account
- Configuration History
- A configuration history is a collection of the configuration items for a given resource over any time period.
- Configuration Stream
- Configuration stream is an automatically updated list of all configuration items for the resources that AWS Config is recording.
- Configuration Recorder
- Configuration recorder
stores the configurations of the supported resources in your account as configuration items
- A configuration recorder needs to be created and started for recording and by default records, all supported services in the region
AWS Config Flow- When AWS Config is turned on, it first discovers the supported AWS resources that exist in the account and generates a configuration item for each resource.
- By default, AWS
Config creates configuration items for every supported resource in the region but can be customized to limited resource types.
- AWS Config
- generates configuration items when the configuration of a resource changes, and it maintains historical records of the configuration items of the resources from the time the configuration recorder is started.
- keeps track of all changes to the resources by invoking the Describe or the List API call for each resource as well as related
resources in the account.
- also tracks the configuration changes that were not initiated by the API. It examines the resource configurations periodically and generates configuration items for the configurations that have changed.
- Configuration items are delivered in a configuration stream to an S3 bucket.
- AWS Config rules, if configured,
- are evaluated
continuously for resource configurations for desired settings.
- resources are evaluated either in response to configuration changes or periodically, depending on the rule.
- when the resources are evaluated, it invokes the rule’s AWS Lambda function, which contains the evaluation logic for the rule.
- The function returns the compliance status of the evaluated resources.
- If a resource
violates the conditions of a rule, the resource and the rule are flagged as non-compliant and a notification is sent to the SNS topic.
AWS Config vs CloudTrail- AWS Config reports on WHAT has changed, whereas CloudTrail reports on
WHO made the change, WHEN, and from WHICH location.
- AWS Config focuses on the configuration of the AWS resources and reports with detailed snapshots on HOW the resources have changed, whereas CloudTrail focuses on the events, or API calls, that drive those changes. It focuses on the user, application, and activity performed on the system.
AWS Certification
Exam Practice Questions- Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
- AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
- AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the
question might not be updated
- Open to further feedback, discussion and correction.
- Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
- AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
- AWS exam questions are not updated to keep up the pace
with AWS updates, so even if the underlying feature has changed the question might not be updated
- Open to further feedback, discussion and correction.
- One of the challenges in managing AWS resources is to keep track of changes in the resource configuration over time. Which one of the following statements provide the best solution?
- Use strict syntax tagging on the resources
- Create a custom application to automate the
configuration management process
- Use AWS Config for supported services and use an automated process via APIs for unsupported services
- Use resource groups and tagging along with CloudTrail so that you can audit changes using the logs
- Fill the blanks: ____ helps us track AWS API calls and transitions, ____ helps to understand what resources we have now, and ____ allows auditing credentials and logins.
- AWS Config, CloudTrail, IAM Credential
Reports
- CloudTrail, IAM Credential Reports, AWS Config
- CloudTrail, AWS Config, IAM Credential Reports
- AWS Config, IAM Credential Reports, CloudTrail
ReferencesAWS_Config_Developer_Guide
Introducing AWS Config
This new AWS service captures the initial state of your AWS resources (EC2 instances and related items to start, with others planned) and the relationships between them, and then tracks creations, deletions, and property changes for analysis, visualization, and archiving.
Which AWS service can be used for configuration management as a code?
AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers.
What are actions that AWS config takes when a configuration change occurs on an Amazon Web Services?
AWS Config also generates configuration items when the configuration of a resource changes, and it maintains historical records of the configuration items of your resources from the time you start the configuration recorder. By default, AWS Config creates configuration items for every supported resource in the region.
Which AWS support service gives a report on configuration compliance with best practices?
AWS Config is a service that maintains a configuration history of your AWS resources and evaluates the configuration against best practices and your internal policies. You can use this information for operational troubleshooting, audit, and compliance use cases.
| 
