Section 26: AWS Security Flashcards
(22 cards)
AWS managed keys start with this name
aws/
Type of keys used with SSE-S3, SSE-SQS, SSE-DDB
aws owned keys
How to copy encrypted ebs volume across regions
Take snapshot of volume
ReEncrypt snapshot with new key
Copy to new region
Restore snapshot into a new volume
Default KMS Key Policy allows who to access it?
Everyone in the account
What must you attach to an encrypted snapshot if you plan to copy it across to another account
KMS Key Policy
With S3 replication encryption, object encrypted with this are replicated by default.
SSE-S3
With AMI sharing between accounts, what permission must be added to the image attribute
Launch permission
Secure storage for configs and secrets
SSM Parameter Store
Standard vs Advanced SSM parameter tier difference for max file size
4kb vs 8kb
Standard vs Advanced SSM parameter tier difference for policies available
No vs Yes
Which service allows you to rotate secrets every X number of days? Parameter Store or Secrets Manager?
Secrets manager
Secrets can be encrypted using what service?
KMS
The ACM process of requesting public certs
List domain names to be included
Select validation method. DNS or Email
Public cert will be enrolled for auto renewal
To integrate ACM with an API gateway, what type of domain name must be created?
Custom
What can you deploy aws WAF on?
ALB
API Gateway
Cloudfront
AppSync GraphQL API
Cognito User Pool
True or False. Web ACLs are not regional
False
What layer does WAF work on?
Layer 7
Do application load balancers have fixed IP’s?
No
What do you need to use to get a fixed IP for an ALB?
Global Accelerator
What is aws shield used for?
DDOS prevention
What service to use for automated security assessments
Amazon Inspector
