Security

Question 1

Explain the shared responsibility model?

Answer 1

Customers are responsible for security IN the cloud, aws responsible for security of the cloud

Question 2

What is a root user?

Answer 2

A root user is the owner, gives permission to other users

Question 3

What is the default for an IAM user?

Answer 3

No permissions

Question 4

Do you need to grant permissions to an IAM user?

Answer 4

Yes

Question 5

What are policies?

Answer 5

Documents that allow and deny permissions

Question 6

What are a collection of IAM users known as?

Answer 6

A collection of IAM users are known as an IAM group

Question 7

When should an IAM user be assigned an IAM role?

Answer 7

An IAM user be assigned an IAM role when they need TEMPORARY permissions

Question 8

What is the name given to a combination of multiple AWS groups?

Answer 8

An organization is a combination of multiple AWS groups

Question 9

In an Organization, who is the root user?

Answer 9

In an organization the root user is automatically generated as the parent container of the AWS groups

Question 10

What is the name given to groups of accounts that are created to make it easier to manage permissions?

Answer 10

Organizational units

Question 11

What is Artifact?

Answer 11

Artifact lets you:
1. Access compliance reports
2. Select online agreements

Question 12

What is the Customer Compliance Centre?

Answer 12

the Customer Compliance Centre is where you learn about compliance
ie., overview of risk, auditing security checklist

Question 13

Customers are responsible for security IN the cloud. Give some examples:

Answer 13

• Customer data
• Platforms, apps, identity and access management
• Operating systems, network and firewall config
• client-side data encryption
• server side encryption
• network traffic protection

ie., selecting, configuring and patching operating systems that will run on EC2 instances, configuring security groups and managing user accounts

Question 14

AWS are responsible for security “OF” the cloud. Give some examples:

Answer 14

• Software
• Compute, Storage, Database, Networking
• Hardware / AWS global infrastructure
• Regions, availability zones, edge locations

ie.,
physical security of data centers
hardware and software infrastructure
network infrastructure
virtualization infrastructure

Question 15

What real life example could you compare the shared responsibility model to?

Answer 15

AWS - responsible for constructing the house
Customer - responsible for ensuing the house is secure by locking the doors

Question 16

What do you use to manage access to AWS services and resources securely?

Answer 16

Identity and Access Management

Question 17

What is Organizations used for?

Answer 17

Organizations is used to consolidate and manage multiple AWS accounts within a central location

Question 18

What are Service Control Policies (SCPs)

Answer 18

Service control policies allow you to centrally control permissions for the accounts in your organization

Question 19

What are organizational units (OU)?

Answer 19

You can group accounts into organizational units to make it easier to manage accounts with similar business and security requirements

ie., companies that can only access services that meet regulatory requirements could be one OU

Question 20

What is used to protect against Denial-of-service attacks?

Answer 20

Shield

Question 21

What does Key Management Service (KMS) do?

Answer 21

allows you to create, manage and use cryptographic keys

Question 22

What does WAF do?

Answer 22

WAF lets you monitor network requests that come into your web apps by using a web access control list (ACL) which will not allow access to block IP addresses

Question 23

What does Inspector do?

Answer 23

Inspector performs automated security assessments