SECURING DATA ON AWS Flashcards
What is the AWS root account, and why should it not be used for day-to-day interactions?
The AWS root account is the initial identity with complete access. It should not be used daily to avoid security risks; instead, use IAM for user creation and permissions.
What is MFA, and why is it recommended for the AWS root account?
Multi-Factor Authentication (MFA) adds an extra layer of security by requiring additional verification besides the password, crucial for protecting the root account.
How can you create a new administrator account and disable root account access keys?
Create a new IAM user with admin access, disable and remove root account access keys, ensuring secure access management.
What is AWS CloudTrail, and how does it enhance security?
AWS CloudTrail logs API requests, aiding in operational auditing, security investigations, and compliance documentation, providing insights into API interactions.
What are AWS billing reports, and why are they important for security?
AWS billing reports, like the Cost and Usage Report, provide insights into resource usage and costs, aiding in monitoring and ensuring financial security.
What is AWS Organizations, and how does it help in managing multiple AWS accounts?
AWS Organizations consolidates multiple AWS accounts, enabling centralized management, grouping accounts into organizational units (OUs), and applying Service Control Policies (SCPs) for access control.
What are Service Control Policies (SCPs) in AWS Organizations?
SCPs are policies applied to OUs in AWS Organizations, defining maximum permissions and access control rules across multiple accounts within the organization.
How does AWS KMS help in data encryption?
AWS Key Management Service (KMS) enables creating and managing encryption keys, controlling encryption across various AWS services and applications, enhancing data security.
What is AWS Certificate Manager used for, and how does it enhance security?
AWS Certificate Manager provisions SSL/TLS certificates for securing network communications, establishing website identities, and ensuring encrypted data transmission, enhancing overall security.
How does AWS Shield protect against DDoS attacks, and what are its features?
AWS Shield is a managed DDoS protection service safeguarding applications on AWS by providing automatic mitigation, minimizing downtime, and offering protection against various types of DDoS attacks.
What are the differences between HTTP and HTTPS, and why is HTTPS recommended for security?
HTTPS encrypts data in transit using TLS/SSL, protecting against eavesdropping and man-in-the-middle attacks, unlike HTTP, which sends data in plain text.
How can you control access to Amazon S3 buckets, and what security features are recommended?
Use IAM policies, bucket policies, and AWS tools like Amazon S3 Block Public Access to control access to S3 buckets, ensuring secure data storage and access management.
How can Access Control Lists (ACLs) be used to protect Amazon S3 buckets, and what precautions should be taken?
ACLs can be used to set access permissions on S3 buckets. However, they are less commonly used compared to IAM policies and bucket policies. When using ACLs, it’s important not to set overly open or permissive access levels to maintain security.