A Cantrill - Security, Deployment and OPs Flashcards
What is AWS Secrets manager?
AWS Secrets manager is a product which can manage secrets within AWS. There is some overlap between it and the SSM Parameter Store but Secrets manager is specialised for secrets.
Anything to do with Secrets and Rotation ?
Secrets Manager.
What is AWS Shield?
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS.
What is difference between CloudHSM and KMS?
AWS doesnt have access to Keys in CloudHSM only in KMS.
What product should you use for a geo match condition?
AWS WAF. ALB does not support geo match.
Whats Amazon Macie?
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS.
Think - PII
What is amazon Inspector?
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices
What is guard duty?
Guard Duty is an automatic threat detection service which reviews data from supported services and attempts to identify any events outside of the ‘norm’ for a given AWS account or Accounts.
Shield Standard is automatically provided with which services?
Cloudfront and Route 53.
What layer does Shield operate at? And what does it protect against?
Layer 3. DDOS attacks
What layer does WAF operate at? And what does it protect against?
Layer 7. SQL injection and CSS
What services fore WAF integrate with?
Cloudfront, API GW, and ALB.
The main feature which Secrets Manager provides over SSM Parameter store is..
PW rotation
