AWS Security And Compliance Flashcards
By default, Amazon S3 applies _____________ encryption to all new objects
Server-Side Encryption
You can also enforce encryption through _____ _______ , ensuring that all objects uploaded to the bucket are encrypted
Bucket Policies
a vulnerability management service that automatically discovers and scans your AWS workloads, such as Amazon EC2 instances, container images in Amazon ECR, and Lambda functions
Amazon Inspector
This identifies software vulnerabilities and unintended network exposure, providing detailed reports to help you prioritize and remediate issues
Amazon Inspector
A threat detection service that continuously monitors your AWS environment for malicious activity and unauthorized behavior.
Amazon GuardDuty
This uses machine learning, anomaly detection, and threat intelligence feeds to identify potential threats, such as compromised credentials, data exfiltration, and unauthorized crypto mining
Amazon GuardDuty
Helps you securely manage, retrieve, and rotate credentials, such as database passwords, API keys, etc.
AWS Secrets Manager
This supports automatic rotation of secrets to enhance security
AWS Secrets Manager
A security investigation service that automatically collects and analyzes log data from your AWS resources
Amazon Detective
Using machine learning, statistical analysis, and graph theory, it helps you quickly identify the root cause of security issues or suspicious activities
It also provides visualizations and interactive dashboards to streamline your security investigation
Amazon Detective
Service that helps you continually audit your AWS usage to simplify risk and compliance assessments
AWS Audit Manager
It automates evidence collection and provides prebuilt frameworks to map your AWS resources to compliance standards and regulations.
This makes it easier to build audit-ready reports and manage stakeholder reviews
AWS Audit Manager
Service that provides dedicated hardware security modules in the AWS Cloud
AWS Cloud HSM (Hardware Security Modules)
These modules are used to generate, store, and manage cryptographic keys, ensuring high security and compliance with regulatory standards and offers low-latency access and complete control over your cryptographic keys
AWS Cloud HSM (Hardware Security Modules)
Service that enables you to share AWS resources with other AWS accounts within your organization
AWS Resource Access Manager
It simplifies resource sharing by allowing you to create resource shares and grant access to other accounts, making it easier to collaborate and manage resources across multiple account
AWS Resource Access Manager
an identity management service that helps you authenticate and authorize users for your web and mobile applications.
Amazon Cognito
This provides user pools for managing user sign-up and sign-in, and identity pools for granting temporary access to AWS resources. It supports various authentication methods, including social identity providers like Google and Facebook.
Amazon Cognito
Security layer for your VPC (Virtual Private Cloud) that act as a firewall for controlling traffic in and out of one or more subnets.
Network Access Control Lists (NACLs)
They allow or deny inbound and outbound traffic based on rules you define, providing an additional layer of security beyond security groups and are stateless
Network Access Control Lists (NACLs)
Virtual firewalls that control the traffic to and from your AWS resources, such as EC2 instances.
Security Groups
They define inbound and outbound rules that specify which traffic is allowed or denied and are stateful
Security Groups
Type of organization policy in AWS Organizations that help you manage permissions across your accounts.
Service Control Policies (SCPs)
_________________ define the maximum available permissions for IAM users and roles, ensuring that your accounts adhere to your organization’s access control guidelines and act as guardrails, restricting the actions that users and roles can perform.
Service Control Policies (SCPs)
