AWS Cloud Security Flashcards

1
Q

What is AWS Artifact

A

A comprehensive list of access controlled documents relevance to compliance and security within AWS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Compliance on AWS and AWS Artifact

A

Global Compliance Programs at AWS

      - ISO 27001 
      - SOC1
      - SOC2
      - SOC3
      - PCI DSS Level 1
      - CSA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Shared Responsibility Model

A
  • AWS manages security of the cloud, while
    customer manages security in the cloud
    • Customers control what security
    those choose to implement their
    own content, platform, applications,
    and networks
  • AWS is responsible for protecting the infrastructure that runs all of AWS’s Cloud services allowing customers to cut back their own internal cost and focus on internal matters (like their client data)
  • Customers responsible for customer data, platform, IAM, applications, guest operating system, firewall, network
  • AWS responsible for software, compute, storage, database, networking, global infrastructure (regions, availability zones, edge locations)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Customer is responsible for

A

security groups (firewall for inbound/outbound traffic), IAM users, patching EC2 Operating Systems, patching databases

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

AWS is responsible for

A

management of data centers, security cameras, cabling, patching RDS operating systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

If you think you’re responsible

A

then chances are you probably are

  • Encryption is a shared responsibility
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Data Classification

A

A process of organizing data into categories for specific purpose. Each category has a security policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Tenets ensure you’re making the right decision at the right for both customer and company data

A

o Strike right balance between delivering value to customers and protecting customer and company data

o Business needs to be established in every decision to access or share data

o AWS Clear Desk and Clear Screen policy contains guidelines for all employees handling data that may be heard by unintended audiences

o Amazon Legal provides instructions for storage, retention, and dissemination of data (confidential INFO and NDA guideline, document record retention and destruction, communication policy)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Customer Account Info

A

Customer Account Information – name, username, email, phone #, billing info

Handling policy – you can only access customer account info to support customers, but cannot provide it for them. They can reach out to AWS billing and account support for that

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Customer Content

A

Customer Account Information – name, username, email, phone #, billing info

Handling policy – you can only access customer account info to support customers, but cannot provide it for them. They can reach out to AWS billing and account support for that

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Service Attributes

A

any of the service usage data related to a customer’s account

ex: Security controls and access

Handling policy – may use it to support customer only to help improve AWS services or growing business relationship. May not use to compete with customer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Business Contracts

A

Handling policy – may use it to support customer only to help improve AWS services or growing business relationship. May not use to compete with customer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Business Data

A

any type of data that is created, stored, or shared with or by an AWS employee such as ticketing info or roadmap details

Handling policy – data can only be shared following the confidential information policy which requires AWS legal and director level approval as well as permission from the customer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

AWS Data

A

AWS content for AWS services such as website, API, documentation, templates which can be used to assist customer

Handling Policy – may be shared to support a valid business need – review AWS customer agreement for more info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Employee Data

A

employee data such as personal email or address

Handling policy – this cannot be shared internally or externally unless consulting with HR first

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Business Partner Data

A

any info provided to AWS by a business partner including info about AWS marketplace offerings

Handling policy – can be found in agreements and NDA between AWS and partner

Security.a2z.com