AWS Security & Encryption: KMS, SSM Parameter Store, Cloud HSM, Shield & WAF Flashcards

1
Q

What is Encryption in flight (SSL)?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Server side encryption at rest?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Client side encryption?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is AWS KMS (Key Management Service)?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the different types of KMS Keys Types available?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the different types of KMS Keys?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How does automation key rotation work in AWS KMS?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How would you copy encrypted EBS snapshots across regions?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are KMS Key Policies?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How are KMS Key Policies used in the process of copying encrypted snapshots across accounts?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are KMS Multi-Region Keys?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why would you use KMS Multi-Region Keys?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How does DynamoDB Global Tables and KMS MultiRegion Keys Client-Side encryption work?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How does Global Aurora and KMS Multi-Region Keys Client-Side encryption work?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are some S3 Replication
Encryption Considerations?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Should you use Multi-Region KMS Keys with S3 replication?

A

You can use multi-region AWS KMS Keys, but they are currently treated as independent keys by Amazon S3 (the object will still be decrypted and then encrypted).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

How do you share an AMI when the AMI is encrypted via a KMS key?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

How do you share an AMI across accounts?

A

You modify the Launch Permission in the origin account and add the specified target account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is SSM Parameter Store?

20
Q

How does the SSM Parameter Store Hierarchy work?

21
Q

What are the two tiers in the SSM Parameter Store?

22
Q

What are Parameters Policies (for advanced parameters) in SSM Parameter Store?

23
Q

What does SSM of SSM Parameter Store stand for?

A

Simple Systems Manager Parameter Store

24
Q

What is AWS Secrets Manager?

25
What are Multi-Region Secrets in AWS Secrets Manager?
26
What is the AWS Certificate Manager (ACM)?
27
What is the process to request public certificates in AWS Certificate Manager (ACM)?
28
How do you import certificates into AWS Certificate Manager (ACM)?
29
How does AWS Certificate Manager (ACM) integrate with Application Load Balancer (ALB)?
30
What are the different Endpoint Types in the API Gateway?
31
How do you integrate AWS Certificate Manager (ACM) with API Gateway?
32
What is AWS WAF – Web Application Firewall?
33
Can an AWS WAF be deployed on a Network Load Balancer?
No, only Application Load Balancers
34
How to set up security on an AWS WAF?
35
What if you want to get a fixed IP while using WAF with a Load Balancer?
36
What is AWS Shield?
37
What is AWS Firewall Manager?
38
What is the difference between WAF vs. Firewall Manager vs. Shield?
39
What are AWS Best Practices for DDoS Resiliency?
40
What are the AWS Best Practices for DDoS Resiliency?
41
AWS Best Practices for DDoS Resiliency?
42
AWS Best Practices for DDoS Resiliency?
43
What is Amazon GuardDuty?
44
What is the architecture of Amazon GuardDuty?
45
What is Amazon Inspector?
46
What does Amazon Inspector evaluate?
47
What is Amazon Macie?
Amazon Macie is a data security service that discovers sensitive data using machine learning and pattern matching, provides visibility into data security risks, and enables automated protection against those risks.