Security

Question 1

What is the AWS shared responsibility model

Answer 1

AWS controls security of the cloud and customers control security in the cloud

Question 2

What is AWS Identity and Access Management (IAM)

Answer 2

enables you to manage access to AWS services and resources securely.

Question 3

What is the AWS account root user

Answer 3

It has complete access to all the AWS services and resources in the account

Question 4

What are the best practices for using the Root User account

Answer 4

-Do not use the root user for everyday tasks
-use the root user to create your first IAM user and assign it permissions to create other users.
-continue to create other IAM users, and access those identities for performing regular tasks throughout AWS
-Only use the root user when you need to perform a limited number of tasks that are only available to the root user

Question 5

What is an IAM user

Answer 5

an identity that you create in AWS

Question 6

What are the permissions associated by default when you create a new IAM user in AWS

Answer 6

no permissions associated with it.

Question 7

What is the best practice when creating IAM users in AWS

Answer 7

create individual IAM users for each person who needs to access AWS

Question 8

What is an IAM policy

Answer 8

a document that allows or denies permissions to AWS services and resources

Question 9

What do IAM policies enable you to do

Answer 9

customize users’ levels of access to resources

Question 10

What is the best practice when creating IAM policies

Answer 10

Follow the security principle of least privilege when granting permissions

Question 11

What is an IAM group

Answer 11

a collection of IAM users

Question 12

What occurs when you assign an IAM Policy to an IAM Group

Answer 12

all users in the group are granted permissions specified by the policy

Question 13

What are IAM roles

Answer 13

an identity that you can assume to gain temporary access to permissions

Question 14

What occurs when a user assumes an IAM role

Answer 14

they abandon all previous permissions that they had under a previous role and assume the permissions of the new role

Question 15

What is the best practice when creating IAM Roles

Answer 15

ideal for situations in which access to services or resources needs to be granted temporarily, instead of long-term

Question 16

What does multi-factor authentication (MFA) in IAM provide

Answer 16

an extra layer of security for your AWS account

Question 17

What is the best practice for using MFA

Answer 17

enable MFA for the root user and all IAM users in your account

Question 18

What is AWS Organizations

Answer 18

consolidate and manage multiple AWS accounts within a central location

Question 19

What are service control policies (SCPs)

Answer 19

enable you to place restrictions on the AWS services, resources, and individual API actions that users and roles in each account can access.

Question 20

What are Organizational units in AWS

Answer 20

accounts with similar business or security requirements

Question 21

What happens whe you apply a policy to an OU

Answer 21

all the accounts in the OU automatically inherit the permissions specified in the policy

Question 22

Which identities and resources can SCPs be applied to

Answer 22

-An individual member account
-An Organizational Unit (OU)

Question 23

What is AWS Artifact

Answer 23

a service that provides on-demand access to AWS security and compliance reports and select online agreements

Question 24

AWS Artifact consists of 2 main sections

Answer 24

-AWS Artifact Agreement
-AWS Artifact Reports

Question 25

What are AWS Artifact Agreements

Answer 25

review, accept, and manage agreements for an individual account and for all your accounts in AWS Organizations. Different types of agreements are offered to address the needs of customers who are subject to specific regulations

Question 26

What are AWS Artifact Reports

Answer 26

provide compliance reports from third-party auditors. These auditors have tested and verified that AWS is compliant with a variety of global, regional, and industry-specific security standards and regulations.

Question 27

What is the Customer Compliance Center

Answer 27

contains resources to help you learn more about AWS compliance

Question 28

What is available in the Customer Compliance Center

Answer 28

-Read customer compliance stories -access compliance whitepapers and documentation -auditor learning path

Question 29

What is a Denial-of-service (DoS) attacks

Answer 29

a deliberate attempt to make a website or application unavailable to users

Question 30

What is a Distributed denial-of-service (DDoS) attacks

Answer 30

multiple sources are used to start an attack that aims to make a website or application unavailable

Question 31

What AWS service can you use to help minimize the effect of DoS and DDoS attacks

Answer 31

AWS Shield

Question 32

What is AWS Shield

Answer 32

a service that protects applications against DDoS attacks

Question 33

AWS Shield provides two levels of protection

Answer 33

-Standard -Advanced

Question 34

What is AWS Shield Standard

Answer 34

automatically protects all AWS customers at no cost. It protects your AWS resources from the most common, frequently occurring types of DDoS attacks

Question 35

What is AWS Shield Advanced

Answer 35

a paid service that provides detailed attack diagnostics and the ability to detect and mitigate sophisticated DDoS attacks

Question 36

What are the advantages of using AWS Shield Advanced

Answer 36

-Integrates with other AWS services such as Amazon CloudFront, Amazon Route 53, and Elastic Load Balancing -can integrate AWS Shield with AWS WAF by writing custom rules to mitigate complex DDoS attacks

Question 37

What is AWS Key Management Service (AWS KMS)

Answer 37

enables you to perform encryption operations through the use of cryptographic keys

Question 38

What is a cryptographic key

Answer 38

a random string of digits used for locking (encrypting) and unlocking (decrypting) data

Question 39

What is AWS WAF

Answer 39

a web application firewall that lets you monitor network requests that come into your web applications

Question 40

What does AWS WAF use to protect from network attacks

Answer 40

web access control list (ACL)

Question 41

What is Amazon Inspector

Answer 41

a service that checks applications for security vulnerabilities and deviations from security best practices

Question 42

What is Amazon GuardDuty

Answer 42

a service that provides intelligent threat detection for your AWS infrastructure and resources

Question 43

How does Amazon GuardDuty work

Answer 43

Identifies threats by continuously monitoring the network activity and account behavior within your AWS environment

Question 44

What can you configure to automatically take remediation steps in response to GuardDuty’s security findings

Answer 44

AWS Lambda functions