AWS Mgt Tools Flashcards

1
Q

AWS GuardDuty

A
  • Intelligent Threat Detection
  • Continuous Monitoring for Malicious Activity
  • Delivers detailed findings
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

AWS Inspector

A
  • Vulnerability Scanning
  • EC2 and ECR
  • Continually scans AWS workloads for vulns / unintended Network Exposure
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

AWS Trusted Advisor

A
  • AWS Best Practices
  • Evaluates your account to optimize your AWS infra
  • Base and Dev support - Core checks
  • Business and Enterprise support - All checks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

AWS Config

A
  • Evaluates AWS configs for desired settings
  • Active and Historical
  • Notifications when ever resources are created or modified
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

AWS Certificate Manager (ACM)

A
  • Create, Store, and Renew SSL/TLS Certs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AWS Secrets Manager

A
  • Stores and Rotates secrets without the need for code
  • Auto Rotate for
    • RDS (MySQL, Postgress, Aurora)
    • Redshift
    • Document DB
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

AWS Resource Account Manager (RAM)

A
  • Sharing of resources
  • Across AWS accounts
  • Within Orgs and OUs
  • IAM Roles and Users
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

AWS Personal Health Dashboard

A
  • Provides Alerts and Remediation

- AWS outages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

AWS CloudHSM

A
  • Generate and Use your own encryption keys on AWS
  • In your vpc
  • Protects private keys from issuing CA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

AWS Shield

A
  • Managed DDOS Protection
  • Integrated with CloudFront
  • Standard - No Cost
  • Advanced - 3k a month / 1 year commitment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

AWS SAM (Serverless Application Model)

A
  • Extension of CloudFormation for Serverless
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

AWS Systems Manager

A
  • Centralized console and toolset for a wide variety of system management tasks
  • centralize operation data from multiple AWS services
  • ## automate tasks across your aws resources
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

AWS CloudFormation

A
  • IaaS provisioning
  • Creates Stacks
  • Uses Templates
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

CloudFormation Stacksets

A
  • Create, Update, or delete stacks across multiple accounts and regions with a single operation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

AWS Athena supports SSE and Client Side encryption on S3

A

Yes… you can read and write using encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Run single jobs that span multiple EC2 instances. Can run large scale, tightly coupled, HPC, app and distributed GPU model.

A

AWS Batch

17
Q

AWS Tool to display current service limits?

A

AWS Trusted Advisor

18
Q

Can you use CloudHSM to distribute encryption keys?

A

No. Used for mgt and storage not for distribution

19
Q

How can you Connect ec2 app in private subnet to API gateway and ensure no traffic goes over inet

A

Use an interface endpoint with private link. “Private API”

20
Q

Does aws allow pen testing?

A

Yes. For some resources without prior approval

21
Q

SCPs do not affect service linked role

A

True

22
Q

SCPs affect all users and roles in attached accounts including the root user?

A

True

23
Q

Can you attach identity based policies to resources

A

No

24
Q

AWS service that allows rules to filter web traffic based on conditions that include IP addy, http headers and body, custom urls, or location

A

AWS WAF

25
Q

AWS IOT Core

A

allows IOT devices to securely connect to cloud

26
Q

Do you need to enable rate based rules in shield?

A

No. It’s always on and running

27
Q

An ec2 instance is querying IP addresses used for crypto mining and it does not host any authorized app related to mining. What service can protect ec2 from such unauthorized use

A

GuardDuty

28
Q

AWS cost resource optimization

A

Reports ec2 instances that are idle or have low utilization

29
Q

AWS cloud optimization

A

Instance type recommendations