Domain 2: Security & Compliance

Question 1

Customer - Shared Responsibility Model (RDS)

Answer 1

Customers are responsible for managing the data and configurations within the database, while AWS handles the underlying infrastructure.

Question 2

Customer - Shared Responsibility Model (Lambda)

Answer 2

Customers are responsible for the code they deploy and the security settings for their functions, while AWS manages the underlying infrastructure and scaling.

Question 3

Customer - Shared Responsibility Model (EC2)

Answer 3

Customers are responsible for the security of their EC2 instances, including applying OS updates and configuring firewalls.

Question 4

Customer - Shared Responsibility Model (General)

Answer 4

Customers are responsible for securing the data they store and process on AWS services.

Question 5

AWS - Shared Responsibility Model

Answer 5

AWS is responsible for the security of the underlying cloud infrastructure, such as data centers, networking, and hardware. AWS also provides a range of services and tools to enhance security, compliance, and monitoring.

Question 6

AWS Compliance Information

Answer 6

AWS maintains comprehensive compliance programs, and customers can find compliance information in the AWS Compliance Center. This includes recognized compliance controls, such as HIPAA, SOC reports, and more.

Question 7

Achieving Compliance on AWS

Answer 7

AWS provides various encryption options for securing data both in transit and at rest. For example, customers can use SSL/TLS for data in transit and encryption services like AWS Key Management Service (KMS) for data at rest.

Question 8

Audit and Reporting - CloudWatch

Answer 8

Provides monitoring and alerting capabilities for AWS resources.

Question 9

Audit and Reporting - Config

Answer 9

Offers configuration tracking and compliance assessment.

Question 10

Audit and Reporting - CloudTrail

Answer 10

Provides detailed logs of API activity for security, compliance, and auditing purposes

Question 11

Least Privileged Access

Answer 11

Refers to providing users and applications with the minimum level of access required to perform their tasks. By following this principle, potential security risks and unauthorized access are minimized.

Question 12

Access Keys and Password Policies:

Answer 12

Customers can manage access keys and define password policies, including rotation and complexity requirements, to enhance security.

Question 13

Multi-Factor Authentication (MFA):

Answer 13

Customers can enable MFA to add an extra layer of protection to user accounts and reduce the risk of unauthorized access.

Question 14

AWS Identity and Access Management (IAM):

Answer 14

IAM allows customers to create and manage users, groups, roles, and permissions to control access to AWS resources.

Question 15

Identify AWS access management capabilities:

Answer 15

The root account is the highest-level AWS account with full access. It’s essential to protect it with strong authentication and restrict its usage to critical tasks only.

Question 16

Native AWS Services

Answer 16

AWS offers security features like Security Groups, Network ACLs (Access Control Lists), and AWS WAF (Web Application Firewall) to protect and control network traffic.

Question 17

3rd Party Security Products:

Answer 17

Customers can find various security products from the AWS Marketplace to complement native AWS services.

Question 18

Documentation

Answer 18

Customers can access security best practices, whitepapers, official documents, and guidance from resources like the AWS Knowledge Center, Security Center, security forum, and security blogs.

Question 19

AWS Trusted Advisor

Answer 19

Customers can access security best practices, whitepapers, official documents, and guidance from resources like the AWS Knowledge Center, Security Center, security forum, and security blogs.