AWS Mgt Tools

Question 1

AWS GuardDuty

Answer 1

• Intelligent Threat Detection
• Continuous Monitoring for Malicious Activity
• Delivers detailed findings

Question 2

AWS Inspector

Answer 2

• Vulnerability Scanning
• EC2 and ECR
• Continually scans AWS workloads for vulns / unintended Network Exposure

Question 3

AWS Trusted Advisor

Answer 3

• AWS Best Practices
• Evaluates your account to optimize your AWS infra
• Base and Dev support - Core checks
• Business and Enterprise support - All checks

Question 4

AWS Config

Answer 4

• Evaluates AWS configs for desired settings
• Active and Historical
• Notifications when ever resources are created or modified

Question 5

AWS Certificate Manager (ACM)

Answer 5

• Create, Store, and Renew SSL/TLS Certs

Question 6

AWS Secrets Manager

Answer 6

• Stores and Rotates secrets without the need for code
• Auto Rotate for
  
  • RDS (MySQL, Postgress, Aurora)
  • Redshift
  • Document DB

Question 7

AWS Resource Account Manager (RAM)

Answer 7

• Sharing of resources
• Across AWS accounts
• Within Orgs and OUs
• IAM Roles and Users

Question 8

AWS Personal Health Dashboard

Answer 8

• Provides Alerts and Remediation

- AWS outages

Question 9

AWS CloudHSM

Answer 9

• Generate and Use your own encryption keys on AWS
• In your vpc
• Protects private keys from issuing CA

Question 10

AWS Shield

Answer 10

• Managed DDOS Protection
• Integrated with CloudFront
• Standard - No Cost
• Advanced - 3k a month / 1 year commitment

Question 11

AWS SAM (Serverless Application Model)

Answer 11

• Extension of CloudFormation for Serverless

Question 12

AWS Systems Manager

Answer 12

• Centralized console and toolset for a wide variety of system management tasks
• centralize operation data from multiple AWS services
• ## automate tasks across your aws resources

Question 13

AWS CloudFormation

Answer 13

• IaaS provisioning
• Creates Stacks
• Uses Templates

Question 14

CloudFormation Stacksets

Answer 14

• Create, Update, or delete stacks across multiple accounts and regions with a single operation

Question 15

AWS Athena supports SSE and Client Side encryption on S3

Answer 15

Yes… you can read and write using encryption

Question 16

Run single jobs that span multiple EC2 instances. Can run large scale, tightly coupled, HPC, app and distributed GPU model.

Answer 16

AWS Batch

Question 17

AWS Tool to display current service limits?

Answer 17

AWS Trusted Advisor

Question 18

Can you use CloudHSM to distribute encryption keys?

Answer 18

No. Used for mgt and storage not for distribution

Question 19

How can you Connect ec2 app in private subnet to API gateway and ensure no traffic goes over inet

Answer 19

Use an interface endpoint with private link. “Private API”

Question 20

Does aws allow pen testing?

Answer 20

Yes. For some resources without prior approval

Question 21

SCPs do not affect service linked role

Answer 21

True

Question 22

SCPs affect all users and roles in attached accounts including the root user?

Answer 22

True

Question 23

Can you attach identity based policies to resources

Answer 23

No

Question 24

AWS service that allows rules to filter web traffic based on conditions that include IP addy, http headers and body, custom urls, or location

Answer 24

AWS WAF

Question 25

AWS IOT Core

Answer 25

allows IOT devices to securely connect to cloud

Question 26

Do you need to enable rate based rules in shield?

Answer 26

No. It’s always on and running

Question 27

An ec2 instance is querying IP addresses used for crypto mining and it does not host any authorized app related to mining. What service can protect ec2 from such unauthorized use

Answer 27

GuardDuty

Question 28

AWS cost resource optimization

Answer 28

Reports ec2 instances that are idle or have low utilization

Question 29

AWS cloud optimization

Answer 29

Instance type recommendations