Security Flashcards
(14 cards)
Shared responsibility model
The shared responsibility model divides into customer responsibilities (commonly referred to as “security in the cloud”) and AWS responsibilities (commonly referred to as “security of the cloud”).
AWS Identity and Access Management (IAM)
Enables you to manage access to AWS services and resources securely.
Root user
Users
Groups
Policies
Roles
AWS account root user
Access and control any resource in the account
AWS Organizations
Centralized management
Consolidated billing
Hierarchical groupings of accounts
AWS service and API actions access control
You are configuring service control policies (SCPs) in AWS Organizations. Which identities and resources can SCPs be applied to?
An individual member account
An organizational unit (OU)
Which tasks can you complete in AWS Artifact?
Access AWS compliance reports on-demand.
Review, accept, and manage agreements with AWS
Denial-of-service attacks
A deliberate attempt to make a website or application unavailable to users.
Security Groups
Only allow proper request traffic
Elastic Load Balancer (ELB)
Waits till the entire message is complete before moving it forward
Encryption
Securing a message or data in a way that only authorized parties can access it
IAM policy
A document that grants or denies permissions to AWS services and resources
IAM policies provide you with the flexibility to customize users’ levels of access to resources.
The principle of least privilege
Granting only the permissions that are needed to perform specific tasks
Which service helps protect your applications against distributed denial-of-service (DDoS) attacks?
AWS Shield
Which task can AWS Key Management Service (AWS KMS) perform?
Create cryptographic keys.
