AcademyCloudSecurity-EN-ILT-M02-IntroductionToSecurity Flashcards
(39 cards)
What are the module objectives for Introduction to Security on AWS?
Identify security features and benefits of cloud computing
Identify the security principles that the AWS Cloud is structured around
Identify which part of an application the user is responsible to secure in the cloud
What are the benefits of cloud computing?
- Trade fixed expense for variable expense
- Benefit from massive economies of scale
- Stop guessing on your capacity needs
- Increase speed and agility
- Stop spending money to run and maintain data centers
- Go global in minutes
What are the three core components of security known as the CIA triad?
- Confidentiality
- Integrity
- Availability
Define confidentiality in the context of security.
Limit access and disclosure to authorized users and prevent access by unauthorized people
Define integrity in the context of security.
Maintain data consistency during its lifecycle and preserve data at rest and data in transit
Define availability in the context of security.
Have access to information resources when needed
What is AWS Identity and Access Management (IAM) primarily used for?
Controllability, including managing users and permissions
What does AWS CloudTrail provide in terms of auditability?
- Who has access to a resource?
- Who performed what action?
- When was the action performed and from where?
- Where is the evidence?
What questions does AWS Config help answer regarding visibility?
- What is in my environment?
- What impact did a particular action have?
- What has changed?
What are the key aspects of AWS Cloud security objectives?
- Controllability
- Auditability
- Visibility
- Agility
- Automation
What are the 7 security design principles for AWS?
- Apply the principle of least privilege
- Enable traceability
- Secure all layers
- Automate security
- Protect data in transit and at rest
- Prepare for security events
- Minimize the attack surface
What does the principle of least privilege entail?
Grant access as needed and enforce separation of duties
What does enabling traceability involve?
Monitoring actions and changes, using logs and metrics, and auditing cloud resources
What is meant by securing all layers in cloud security?
Using a defense-in-depth approach and different AWS services
What is the purpose of automating security in the cloud?
Automate routine security tasks with APIs and implement infrastructure as code
What methods can be used to protect data in transit and at rest?
- Use encryption and access controls
- Classify data with tags
- Use a VPN and TLS for remote connections
What should organizations do to prepare for security events?
Create processes to isolate incidents and restore operations, and enable detailed logging
What does minimizing the attack surface involve?
Reducing and safeguarding exposed resources and being ready to scale against attacks
Describe the shared responsibility model in AWS.
It delineates responsibilities between the customer and AWS for security
What are some customer responsibility examples in the shared responsibility model?
- Guest OS configuration
- Application-level security
- Security group configuration
- Client-side data encryption
True or False: AWS is responsible for managing the security of the cloud infrastructure.
True
Fill in the blank: The principle of _______ requires that access is granted only as necessary.
least privilege
What is the AWS shared responsibility model?
A framework defining the security responsibilities of AWS and the customer.
What are the responsibilities of a cloud customer?
- What to store
- Which AWS services to use
- Which Region to store data in
- What content format and structure to use
- Who has access
