AWS Chapter 6

Question 1

Shared Responsibility Model

Answer 1

shares responsibility between AWS and the customer

Question 2

Customer Responsibilities

Answer 2

Data/Server side encryption, network traffic protection

Question 3

AWS Responsibilities

Answer 3

storage, hardware, regions, security of the cloud

Question 4

AWS Identity and Access Management (IAM)

Answer 4

manage AWS services securely, create users policies etc

Question 5

AWS Account Root User

Answer 5

user who creates the AWS account

Question 6

IAM Users

Answer 6

identity created in AWS, default no permissions but assign permissions over time

Question 7

IAM Policy

Answer 7

document that allows/denies permissions to AWS services and resources, least privilege

Question 8

IAM Group

Answer 8

collection of IAM users, shared permissions

Question 9

IAM Roles

Answer 9

identity that you can assume to give temp access to permissions

Question 10

AWS Organizations

Answer 10

used to consolidate and manage multiple AWS accounts centrally

Question 11

Service Control Policies (SCP)

Answer 11

restrictions on AWS services, resources, and individual API actions

Question 12

Organizational Units

Answer 12

similar to a group, all policies to the OU apply to all accounts

Question 13

AWS Artifact

Answer 13

services that provides on demand access to AWS security/compliance reports

Question 14

AWS Shield

Answer 14

protects against DDoS attacks, Standard (free) and Advanced (paid) protections

Question 15

AWS Key Management Service (AWS KMS)

Answer 15

perform encryption through crypto keys, manage/use/create

Question 16

AWS WAF

Answer 16

Web app firewall, works with cloudfront and the app load balancer

Question 17

Amazon Inspector

Answer 17

automated security assessments on applications

Question 18

Amazon GuardDuty

Answer 18

intelligent threat detection for your AWS infrastructure and resources