AWS Trusted Advisor is a tool that performs checks on five different categories:
Cost optimization
Performance
Security
Fault tolerance
Service limits
For security and compliance, you should focus on the Security checks. When you go to the Trusted Advisor, you can click the Refresh All Checks button to see whether the Trusted Advisor has any suggestions. For example, Figure 9.9 shows a recommendation to enable MFA for the root account.
FIGURE 9.9 Trusted Advisor
The number of checks that Trusted Advisor makes is based on your support plan.
Answer these questions. The answers follow the last question. If you cannot answer these questions correctly, consider reading this section again until you can.
1. You need to provide permissions to a user account. According to AWS, which type of policy would be considered the best to use?
A. AWS-managed policies
B. Customer-managed policies
C. Inline policies
D. Scoped policies
2. Which of the following is not an MFA category?
A. Something that the user has
B. Something that the user knows
C. Something that the user does
D. Something that the user is
1. Answer: A is correct. AWS-managed policies have been vetted and reviewed by multiple individuals. Customer-managed policies are created by you and are more likely to contain errors or allow for unauthorized access. Inline policies apply to a single account and are difficult to see and manage. There is no such thing as scoped policies.
2. Answer: C is correct. Something that the user does is not an MFA category. The rest of the answers are valid categories.
If you want more practice on this chapter’s exam objectives before you move on, remember that you can access all of the Cram Quiz questions on the Pearson Test Prep software online. You can also create a custom exam by objective with the Online Practice Test. Note any objective you struggle with and go to that objective’s material in this chapter.
Acedexam Training Policies
Learning resources
Other resources
Our Training Providers
