Cloud Security

Question 1

What are the AWS Assurance/Compliance 3 Major Categories?

Answer 1

Certifications/Attestations

Laws, Regulations, and Privacy

Alignments/Frameworks

Question 2

What are the major AWS Compliance Certifications to be aware of?

Answer 2

ISO 27001

PCI DSS Level 1

SOC 1

SOC 2

SOC 3

Question 3

A _____ _____ is a check to see if your AWS infrastructure meets a given compliance standard. (I;E - even though AWS itself might, your infrastructure or application may not)

Answer 3

Gap Audit

Question 4

What are the Important Compliance Laws, Regulations and Privacies (AWS adheres to these)?

Answer 4

HIPAA - Standard required to store health information

Question 5

What are the most importan Compliance Alignments and Frameworks (AWS adheres to these)?

Answer 5

G-Cloud UK - Required for hosting government customers

Question 6

What does “AWS Manages security of the cloud, security in the cloud is the responsibility of the customer.” mean?

Answer 6

Customers retain control of what security they choose to implement to protect their own content, platform, applications, systems and networks, no differently than they would in an on-site datacenter.

Question 7

What does the AWS Shared Responsibility Model Look Like (Graphic)?

Answer 7

Question 8

When the Shared Responsibility Topic Comes up, what is the easy way to remember who is responsible for what?

Answer 8

Think about the things you would actually be able to control yourself

Question 9

What is WAF?

Answer 9

Web Application Firewall

Protects from common web exploits that could

affect availability

compromise security

consume excessive resources

Question 10

What is the difference between using Elastic Load Balancers with security groups as security vs using a WAF?

Answer 10

ELB/Security Groups secure protocols and ports (Layer 4)

WAF - Can actually read the data being sent (Layer 7)

Question 11

What is AWS Shield?

Answer 11

Managed DDoS protection

safeguards web apps

always-on detection

enacts inline mitigations

Question 12

What are the two tiers of AWS Shield?

Answer 12

Standard - free and comes by default

Advanced $3K/month

Question 13

What is AWS Inspector?

Answer 13

Automated Security Assessment

Audits for vulnerabilities or deviation from best practices

Produces a lined report ordered by criticality

Installed on your EC2 instances

Question 14

What is AWS Trusted Advisor?

Answer 14

Optimization guidance for your environment for

cost optimization

performance

security

fault tolerance

Question 15

What are the two levels of AWS Trusted Advisor?

Answer 15

Core Checks and Recommendations (free)

Full Trusted Advisor - Business and Enterprise only

Question 16

What do roles do?

Answer 16

Allows you to delegate access to users, applications, and services so they can connect to other AWS resources.

E;G Create a role -> add a policy -> apply role to EC2 instance -> anything connected to the instance has access to the services identified in the role policy

Question 17

When are you allowed to apply roles to an EC2 instance?

Answer 17

Any time and it will take effect immediately