WORKING TO ENSURE COMPLANCE Flashcards

1
Q

What does AWS engage with external certifying bodies and auditors for?

A

To provide customers with information about AWS’s policies, processes, and controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is compliance, and what does it specify?

A

Compliance specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is certification, and what does it require?

A

Certification requires the development and implementation of a rigorous security program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is AWS Config, and how does it help?

A

AWS Config is a service to assess, audit, and evaluate the configuration of AWS resources, helping automate evaluation against set rules and maintain configuration history.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How does AWS Config simplify compliance auditing?

A

It allows for automated evaluation against rules, review of configuration changes, and assessment of compliance against internal guidelines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What happens to non-compliant resources in AWS Config?

A

Non-compliant resources are flagged, alerting users to configuration issues that need addressing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Is AWS Config a regional service, and what does that mean for tracking resources?

A

Yes, AWS Config is a regional service, and to track resources across regions, it needs to be enabled in each region used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does AWS Artifact provide?

A

AWS Artifact provides on-demand downloads of AWS security and compliance documents for auditing, evaluating cloud architecture, and assessing internal controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Can AWS Artifact provide documents for customer applications’ security and compliance?

A

No, AWS Artifact only provides documents about AWS; customers are responsible for their applications’ security and compliance documents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a Business Associate Agreement (BAA), and when is it required?

A

A BAA is required for companies subject to HIPAA to ensure protected health information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly