Question Review 3 Flashcards
data encryption
Under the AWS Shared Responsibility Model, customers are responsible for managing their data, including _________
AWS Config
With _________, you can do the following: 1. Evaluate your AWS resource configurations for desired settings. 2. Get a snapshot of the current configurations of the supported resources that are associated with your AWS account. 3. Retrieve configurations of one or more resources that exist in your account. 4. Retrieve historical configurations of one or more resources. 5. Receive a notification whenever a resource is created, modified, or deleted. 6.View relationships between resources. For example, you might want to find all resources that use a particular security group.
AWS Web Application Firewall (AWS WAF)
An SQL injection attack works by exploiting any one of the known SQL vulnerabilities that allow the SQL server to run malicious code. For example, if a SQL server is vulnerable to an injection attack, it may be possible for an attacker to go to a website’s search box and type in code that would force the site’s SQL server to dump all of its stored usernames and passwords for the site.
Similar to an SQL injection attack, a cross-site scripting attack also involves injecting malicious code into a website, but in this case, the website itself is not being attacked. Instead, the malicious code the attacker has injected only runs in the user’s browser when they visit the attacked website, and it goes after the visitor directly, not the website.
Which of the following AWS services can be used to address this use-case?
____________ helps ensure that your cloud services are delivered at a level that meets the needs of your business. Performance and capacity management under the Operations perspective is part of the AWS Cloud Adoption Framework (AWS CAF)
Operations perspective
_____________ is a foundational capability under the Platform perspective for the AWS Cloud Adoption Framework (AWS CAF).
Platform engineering
_____________ is a foundational capability under the Governance perspective for the AWS Cloud Adoption Framework (AWS CAF).
Application Portfolio Management
_____________ allows organizations to create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures.
AWS Service Catalog
An_____________ is an instance that you use on-demand. You have full control over its lifecycle — you decide when to launch, stop, hibernate, start, reboot, or terminate it. There is no long-term commitment required when you purchase On-Demand Instances. There is no upfront payment and you pay only for the seconds that your On-Demand Instances are running. The price per second for running an On-Demand Instance is fixed. On-demand instances cannot be interrupted.
On-Demand Instance
____________ service provides three different types of gateways – Tape Gateway, File Gateway, and Volume Gateway – that seamlessly connect on-premises applications to cloud storage, caching data locally for low-latency access.
AWS Storage Gateway provides what 3 types of gateways?
AWS Identity and Access Management (AWS IAM), Amazon CloudFront, Amazon Route 53 and AWS Web Application Firewall (AWS WAF) are some of the global services.
Which AWS services are global in scope?
AWS Management Console, AWS Command Line Interface (AWS CLI), AWS Software Development Kit (SDK)
What are the different ways to access and manage all AWS services
AWS Auto Scaling
____________ is helpful during a DDoS attack, as it can scale out resources fast. But, it cannot automatically deploy AWS Shield service onto its group of resources.
____________ can be used to store, manage, and deploy Docker container images. Amazon Elastic Container Registry (Amazon ECR) eliminates the need to operate your container repositories. You can then pull your docker images from Amazon Elastic Container Registry (Amazon ECR) and run those on Amazon Elastic Container Service (Amazon ECS).
Amazon Elastic Container Registry (Amazon ECR)
compute, storage, and outbound data transfer
There are three fundamental drivers of cost with AWS: _____________. In most cases, there is no charge for inbound data transfer or data transfer between other AWS services within the same region. Outbound data transfer is aggregated across services and then charged at the outbound data transfer rate.
______________ enables you to manage access to AWS services and resources securely. Using _________, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. _______ enables security best practices by allowing you to grant unique security credentials to users and groups to specify which AWS service APIs and resources they can access. These features make ______ an important service for the overall security of AWS resources in your account. _______ is secure by default; users have no access to AWS resources until permissions are explicitly granted.
AWS Identity and Access Management (IAM)
