Logging

Question 1

What are the 4 services in AWS that are based on logging:

Answer 1

CloudTrail
Config
CloudWatch
VPC Flow Logs

Question 2

What does CloudTrail log?

Answer 2

API calls

Question 3

What does Config log?

Answer 3

Configurations - The state of your environment

Question 4

What does CloudWatch log?

Answer 4

Performance metrics

Question 5

What do VPC Flow Logs log?

Answer 5

Network traffic across the VPC?

Question 6

What AWS whitepaper can you read for logging?

Answer 6

Security at Scale: Logging in AWS

https://d0.awsstatic.com/whitepapers/compliance/AWS_Security_at_Scale_Logging_in_AWS_Whitepaper.pdf

Question 7

True or False: You should always prevent unauthorized access to your logs?

Answer 7

True

Question 8

What three methods are used to control access?

Answer 8

IAM users, groups, roles, and policies
Amazon S3 bucket policies
Multifactor Authentication

Question 9

True or false: Your organization should be defined by roles to ensure only those who need access to resources are.

Answer 9

True

Question 10

What 2 ways can you be notified when logs are created, or fail?

Answer 10

CloudTrail notifications

AWS Config rules

Question 11

True or false, alerts should only be an alert, and not contain details?

Answer 11

True. For example, SNS that points to a log file, but does not divulge specifics about the log.