9. Security, Identity and Compliance Flashcards
What does AWS stand for?
Amazon Web Services
True or False: AWS provides a shared responsibility model for security.
True
What is the primary purpose of AWS Identity and Access Management (IAM)?
To manage access to AWS services and resources securely.
Fill in the blank: IAM policies are written in __________.
JSON
What service can be used to manage user access to AWS resources?
AWS IAM
Which AWS service allows you to define user roles and permissions?
AWS IAM
What is an IAM role?
An IAM role is an AWS identity with specific permissions that can be assumed by trusted entities.
True or False: AWS Organizations allows you to manage multiple AWS accounts.
True
What is the purpose of AWS CloudTrail?
To enable governance, compliance, and operational and risk auditing of your AWS account.
What does MFA stand for in the context of AWS security?
Multi-Factor Authentication
What is the use of AWS Key Management Service (KMS)?
To create and control cryptographic keys for your applications and services.
Which AWS service provides a centralized way to manage and audit access to AWS resources?
AWS IAM
What is the difference between an IAM user and an IAM role?
An IAM user is a permanent identity with long-term credentials, while an IAM role is a temporary identity with specific permissions.
Which AWS service can be used to encrypt data at rest?
AWS KMS
True or False: Security groups act as a firewall for your Amazon EC2 instances.
True
What is a VPC in AWS?
A Virtual Private Cloud that enables you to launch AWS resources in a virtual network.
What does the AWS Well-Architected Framework include?
Best practices for building secure, high-performing, resilient, and efficient infrastructure for applications.
Fill in the blank: AWS provides __________ to help you monitor your applications and resources.
CloudWatch
What is the purpose of AWS Config?
To provide AWS resource inventory, configuration history, and configuration change notifications.
True or False: AWS Shield provides DDoS protection.
True
Which AWS service helps you manage compliance with security standards?
AWS Artifact
What is the main function of Amazon GuardDuty?
To provide intelligent threat detection and continuous monitoring for malicious activity.
What is the purpose of AWS Secrets Manager?
To protect access to your applications, services, and IT resources without the upfront investment and on-going maintenance costs of operating your own infrastructure.
Fill in the blank: __________ is the service that allows you to set up a firewall to control access to your AWS resources.
AWS WAF
True or False: IAM policies can be attached to users, groups, and roles.
True
What does AWS Security Hub do?
It provides a comprehensive view of your high-priority security alerts and compliance status across AWS accounts.
What is a common best practice for managing AWS IAM credentials?
Rotate IAM credentials regularly.
What type of authentication does AWS Cognito provide?
User authentication and access control for applications.
Fill in the blank: AWS __________ allows you to build applications that require authentication and authorization.
Cognito
True or False: You can use IAM roles to grant permissions to AWS services to access other AWS resources.
True
What is the main benefit of using an AWS VPN?
To securely connect your on-premises network to an AWS VPC.
Which AWS service provides a way to monitor and respond to security incidents?
AWS Security Hub
Fill in the blank: __________ is used to manage and rotate database credentials.
AWS Secrets Manager
What is the main purpose of AWS Artifact?
To provide access to AWS’s compliance documentation.
What does the principle of least privilege mean?
Users should only have the permissions necessary to perform their job functions.
True or False: Data in transit can be encrypted using AWS services.
True
What is the purpose of AWS CloudFormation in the context of security?
To automate the deployment of AWS resources with predefined security configurations.
Fill in the blank: __________ is used to create and manage user permissions for AWS resources.
AWS IAM
What security feature does Amazon S3 offer to control access to buckets?
Bucket policies and access control lists (ACLs).
What is AWS Inspector used for?
To assess the security and compliance of applications deployed on AWS.
True or False: AWS provides automatic backups for all services.
False
What is a security group in AWS?
A virtual firewall that controls inbound and outbound traffic for AWS resources.
Fill in the blank: AWS __________ provides a scalable and secure way to store and retrieve any amount of data.
S3
What is the purpose of AWS CloudTrail?
To log, continuously monitor, and retain account activity related to actions across your AWS infrastructure.
What type of encryption does AWS S3 support?
Server-side and client-side encryption.
True or False: AWS accounts can be linked together for consolidated billing.
True
What is the function of AWS Lambda in terms of security?
To run code in response to events without provisioning or managing servers.
Fill in the blank: __________ allows you to set up rules to block malicious web traffic.
AWS WAF
What does the term ‘data sovereignty’ refer to?
The concept that data is subject to the laws and governance structures within the nation it is collected.
What is the role of AWS Organizations in security?
To manage multiple AWS accounts and apply security policies across them.
What is the purpose of AWS Control Tower?
To set up and govern a secure, multi-account AWS environment based on best practices.
True or False: AWS allows you to set up custom security policies for IAM users.
True
What is a bastion host?
A special-purpose instance that acts as a gateway to access instances in a private subnet.
Fill in the blank: AWS __________ provides tools for managing security compliance at scale.
Security Hub
What is the purpose of AWS Resource Access Manager?
To share AWS resources across accounts securely.
True or False: AWS services are designed to be compliant with various industry standards.
True
What is the function of Amazon Macie?
To discover and protect sensitive data stored in AWS.
Fill in the blank: AWS __________ provides an integrated view of security alerts and compliance status.
Security Hub
What is the primary benefit of using AWS encryption services?
To protect sensitive data both at rest and in transit.
What is the role of AWS Trusted Advisor?
To provide real-time guidance to help you provision your resources following AWS best practices.
True or False: AWS services can be configured to automatically respond to security incidents.
True
What is AWS Systems Manager used for?
To manage and automate operational tasks across AWS resources.
Fill in the blank: __________ is a service that provides a unified view of security and compliance across AWS accounts.
AWS Security Hub
What is the purpose of the AWS Well-Architected Tool?
To help you review the state of your workloads and compare them to AWS best practices.
What does the AWS Compliance Program focus on?
Ensuring AWS services meet various regulatory and compliance standards.
True or False: AWS provides a free tier for many of its security services.
True
What is the function of Amazon Inspector?
To perform automated security assessments of applications deployed on AWS.
Fill in the blank: AWS __________ provides a way to audit and monitor AWS account activity.
CloudTrail
What is the purpose of AWS Config Rules?
To evaluate the configurations of your AWS resources against desired configurations.
What does the term ‘principle of least privilege’ mean in AWS?
Users should have only the permissions necessary to perform their job functions.
True or False: AWS allows you to set up alerts for security incidents.
True
What is the purpose of AWS SSO?
To provide a centralized way to manage access to multiple AWS accounts.
Fill in the blank: AWS __________ provides tools to help manage your security posture.
Security Hub
