AWS WAF & Shield Flashcards

1
Q

What service can I have the WAF with?

A
  • ELB
  • CloudFront
  • API GW
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Where does the WAF sit in relation to traffic?

A

It sits in front of the service (CloudFront, ELB, API GW)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

I have an EC2 instance with a public IP, I wnat to use the WAF, what would be a good option to get this to work?

A

You need to use a service in front of the EC2 as WAF dose not work with EC2 service. Yopu could use the ELB or CloudFront in fronof the EC2 and then use the WAF.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a WAF ACL condition?

A

Enable you to match incoming traffic, the condition could be XSS (cross-site scripting)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

I am using an ELB and I wnat to block XSS, what options do I have?

A

You cna use a WAF with the ELB and you can create a WAF ACL Condition to match again XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

I am using an ELB and I wnat to block attacks coming from China, what options do I have?

A

You can use a WAF with the ELB and you can create a WAF ACL Condition to match again GEO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

I am using an API Gateway and I wnat to block attacks coming from China, what options do I have?

A

You can use a WAF with the ELB and you can create a WAF ACL Condition to match again GEO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

I am using an ELB and I wnat to block attacks coming from IP (IPv4 and IPv6), what options do I have?

A

You can use a WAF with the ELB and you can create a WAF ACL Condition to match again IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

I am receiving a header from an attacker, this is a large header then normal, how cna I block it?

A

Yse a WAF ACL Condation to match on size

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a WAF ACL Rule?

A

It enables you to match again a condition, you could say dis this occurs more the 2000 times in the last 5 min, then block it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a WAF Rule Action?

A

It enables you to take and action on a WAF ACL Rule match.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What condition is available in AWS WAF?

A
  • cross site scripting xss
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

My infrastructure consists of both S3 acting as an origin for static content for CF CDN and also EC2 instances behind an LB that is using the CF CDN, I wnat to block all requests form embargoed countries as part of my WF firewall, how cna I do this?

A

You can use geo matching condition in a WAF ACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What condition is available in AWS WAF?

A
  • cross site scripting xss
  • Geo match
  • Size constraints
  • SQL INjection
  • String and regex matching.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

My infrastructure consists of both S3 acting as an origin for static content for CF CDN and also EC2 instances behind an LB that is using the CF CDN, I wnat to block all requests form embargoed countries as part of my WF firewall, how cna I do this?

A

You can use geo matching condition in a WAF ACL to create a list of countries to block. This could be automated through infrastructure as code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

I am getting a flood of suspicious requests for accessing resources, do I use an NACL to block them?

A

No, as the word flood was used this is a DDOS situation and requires a WAF.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What services does WAF work with?

A

Cloudfront
ELB (ALB)
API Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Is WAF in front of the services it is protecting?

A

Yes 100%, this enables it to filter the incoming traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

When you associate WAF with a service like ELB what are you doing?

A

You are associating a WEB ACL to be used to filter the incoming traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is WAF?

A

It is a layer 7 firewall thet you can place in front of services like,
- CloudFront
-ELB
- API GW
It enables you to use ACL -> Rules-> Conditions to filter traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

I have a global CloudFront distribution and I wnat to filter traffic so it does not come from know bad actor? region?

A

You can create a rule thet restricts to a region and apply to CF.

22
Q

Where in the traffic from the internet to you API GW endpoint is AF applied?

A

WAF is deployed so it is at the very edge infron of you API GW or the if uses CF or ELB.

23
Q

What is a WAF ACKL?

A

A WAF ACL is a set of rules applied to the traffic.

24
Q

What are the three elements thet make up WAF?

A
  • Conditions
  • Rules
  • ACL
25
Q

What is the rule?

A

A rule is a set of conditions.

26
Q

What is the condition?

A

A condition is used to match again incoming traffic?

27
Q

What is an ACL?

A

It is a collection of rules applied to incoming internet traffic.

28
Q

What types of conditions can I have?

A
  • Rate constraints
  • cross-site scripting XSS
  • Geo match
  • Size constraints
  • SQL INjection
  • String and regex matching.
29
Q

Is WAF regional or global?

A

It depends on the services it is used with>

30
Q

What is shield used for?

A

It is used to stop DDOS attacks.

31
Q

Without purchasing Shield, is there protection?

A

Yes, shield coms in two forms, standard and advanced.
Standards give you network flow monitoring, help for syn and UDP attacks.
Advanced gives you layer 7 traffic monitoring, mitigation, reporting, cost recovery, team support.

32
Q

How can I get DDOS protection on my EIP?

A

Shiels covers not just ELB, CF and API GW but also EIP.

33
Q

I have has large scale DDOS attacks in the past in my on-prem infrastructure, we recently migrated our-on prem application to AWS and I am concerned about DDOS attacks and the AWS resources cost associated with such an attack, what cna I do to mitigate this?

A

You can opt to use shield advance and this service will not just protect your resource but will recover costs associated with such an attack for the AWS resources used.

34
Q

What services does WAF work with?

A
  • CloudFront
  • API gateway
  • ELB
35
Q

How could I use AWF in front of an EC2 instance with an EIP?

A

EC2 does not support WAF, but you cna place and ELB info for the EC2 instance.

36
Q

What is the ACL?

A

An ACL is a set of Rules, with rules been a set of conditions and condition been like, block this IP.

37
Q

What are we inspecting with a WAF ACL?

A

Parts of the HTTP request, L7.

38
Q

I wnat to block HTTPS requests form a country, I am using an API Gateway, ELB or CloudFront, how can do this?

A

You can use a WAF ACL

39
Q

I wnat to allow HTTPS requests form a country, I am using an API Gateway, ELB or CloudFront, how can do this?

A

You can use ACL to just allow HTTPS requests form a country.

40
Q

I am seeing attacks form a country, how cna I block this country form my CF?

A

You can block using WAF ACL.

41
Q

I see incoming HTTPS request form what I know ot be bad actors, how cna I filter on a query string and other HTTP elements like headers, I am using CloudFront?

A

You cna use an ACL and create a rule.

42
Q

What is OWASP top 10?

A

These are the top 10 application threats.

43
Q

I want to rate-limit traffic coming from a country how cna I do this, I am using ELB?

A

I use WAF and build a rule to rate limit based on country.

44
Q

I wnat ot get an alarm when we see bad actions coming to form a country and trying to access our web-facing application behind an ELB, how cna we do this?

A

WAF integrates with the ELB and alos with CloudWatch form monitoring, you can capture a metric and have an alarm on the metric.

45
Q

Can you create a rate limit rule in WAF?

A

Yes 100%

46
Q

What are managed rules?

A

This is where you cna use AWS or 3rs parts rules sets.

47
Q

Does WAF provide the ability to do a white and blacklist?

A

Yes 100%, ability to block (blacklist) and allow (whitelist)

48
Q

I need to be able to quickly update rules in my WAF, is AWS WAF suitable?

A

No, it can take up to 45 min to push rules out to the edge locations.

49
Q

Does WAF support IPv6?

A

Yes

50
Q

I wnat to log request info from my WAF, how can I do this?

A

WAF integrated with Kinesis Firehose, you cna push the log stream where you wnat to go, like s3.

51
Q

Is logging enabled per ACL or per the WAF?

A

Per ACL, If you have 5 ACL and what logging enables you to have to enable for all 5 ACLs.

52
Q

Can you hide fields form WAF logs?

A

You can select the headers not to be included in the logs.