AWS Security And Compliance

Question 1

By default, Amazon S3 applies _____________ encryption to all new objects

Answer 1

Server-Side Encryption

Question 2

You can also enforce encryption through _____ _______ , ensuring that all objects uploaded to the bucket are encrypted

Answer 2

Bucket Policies

Question 3

a vulnerability management service that automatically discovers and scans your AWS workloads, such as Amazon EC2 instances, container images in Amazon ECR, and Lambda functions

Answer 3

Amazon Inspector

Question 4

This identifies software vulnerabilities and unintended network exposure, providing detailed reports to help you prioritize and remediate issues

Answer 4

Amazon Inspector

Question 5

A threat detection service that continuously monitors your AWS environment for malicious activity and unauthorized behavior.

Answer 5

Amazon GuardDuty

Question 6

This uses machine learning, anomaly detection, and threat intelligence feeds to identify potential threats, such as compromised credentials, data exfiltration, and unauthorized crypto mining

Answer 6

Amazon GuardDuty

Question 7

Helps you securely manage, retrieve, and rotate credentials, such as database passwords, API keys, etc.

Answer 7

AWS Secrets Manager

Question 8

This supports automatic rotation of secrets to enhance security

Answer 8

AWS Secrets Manager

Question 9

A security investigation service that automatically collects and analyzes log data from your AWS resources

Answer 9

Amazon Detective

Question 10

Using machine learning, statistical analysis, and graph theory, it helps you quickly identify the root cause of security issues or suspicious activities
It also provides visualizations and interactive dashboards to streamline your security investigation

Answer 10

Amazon Detective

Question 11

Service that helps you continually audit your AWS usage to simplify risk and compliance assessments

Answer 11

AWS Audit Manager

Question 12

It automates evidence collection and provides prebuilt frameworks to map your AWS resources to compliance standards and regulations.

This makes it easier to build audit-ready reports and manage stakeholder reviews

Answer 12

AWS Audit Manager

Question 13

Service that provides dedicated hardware security modules in the AWS Cloud

Answer 13

AWS Cloud HSM (Hardware Security Modules)

Question 14

These modules are used to generate, store, and manage cryptographic keys, ensuring high security and compliance with regulatory standards and offers low-latency access and complete control over your cryptographic keys

Answer 14

AWS Cloud HSM (Hardware Security Modules)

Question 15

Service that enables you to share AWS resources with other AWS accounts within your organization

Answer 15

AWS Resource Access Manager

Question 16

It simplifies resource sharing by allowing you to create resource shares and grant access to other accounts, making it easier to collaborate and manage resources across multiple account

Answer 16

AWS Resource Access Manager

Question 17

an identity management service that helps you authenticate and authorize users for your web and mobile applications.

Answer 17

Amazon Cognito

Question 18

This provides user pools for managing user sign-up and sign-in, and identity pools for granting temporary access to AWS resources. It supports various authentication methods, including social identity providers like Google and Facebook.

Answer 18

Amazon Cognito

Question 19

Security layer for your VPC (Virtual Private Cloud) that act as a firewall for controlling traffic in and out of one or more subnets.

Answer 19

Network Access Control Lists (NACLs)

Question 20

They allow or deny inbound and outbound traffic based on rules you define, providing an additional layer of security beyond security groups and are stateless

Answer 20

Network Access Control Lists (NACLs)

Question 21

Virtual firewalls that control the traffic to and from your AWS resources, such as EC2 instances.

Answer 21

Security Groups

Question 22

They define inbound and outbound rules that specify which traffic is allowed or denied and are stateful

Answer 22

Security Groups

Question 23

Type of organization policy in AWS Organizations that help you manage permissions across your accounts.

Answer 23

Service Control Policies (SCPs)

Question 24

_________________ define the maximum available permissions for IAM users and roles, ensuring that your accounts adhere to your organization’s access control guidelines and act as guardrails, restricting the actions that users and roles can perform.

Answer 24

Service Control Policies (SCPs)

Question 25

Service that enables you to assess, audit, and evaluate the configurations of your AWS resources. It provides a detailed view of the configuration of AWS resources in your account, including how they are related to one another and how they were configured in the past.

Answer 25

AWS Config

Question 26

Service that allows you to view, investigate and resolve operational issue in your AWS resources

Answer 26

AWS Systems Manager

Question 27

Service that provides recommendations to help you optimize your AWS environment via is 5 core features.
It evaluates your AWS infrastructure and offers advice on how to reduce costs, improve performance, enhance security, and ensure best practices

Answer 27

AWS Trusted Advisor

Question 28

Feature of Trusted Advisor that identifies unused or underutilized resources to help you save money

Answer 28

Cost Optimization

Question 29

Feature of Trusted Advisor that offers recommendations to improve the speed and responsiveness of your applications

Answer 29

Performance

Question 30

Feature of Trusted Advisor that provides guidance on how to secure your AWS environment and close any security gaps

Answer 30

Security

Question 31

Feature of Trusted Advisor that ensures your infrastructure is resilient and can handle failures gracefully

Answer 31

Fault Tolerance

Question 32

Feature of Trusted Advisor that alerts you when you’re approaching or exceeding thresholds

Answer 32

Service Limits