AWS Security & Encryption: KMS, SSM Parameter Store, Cloud HSM, Shield & WAF

Question 1

What is Encryption in flight (SSL)?

Answer 1

Question 2

What is Server side encryption at rest?

Answer 2

Question 3

What is Client side encryption?

Answer 3

Question 4

What is AWS KMS (Key Management Service)?

Answer 4

Question 5

What are the different types of KMS Keys Types available?

Answer 5

Question 6

What are the different types of KMS Keys?

Answer 6

Question 7

How does automation key rotation work in AWS KMS?

Answer 7

Question 8

How would you copy encrypted EBS snapshots across regions?

Answer 8

Question 9

What are KMS Key Policies?

Answer 9

Question 10

How are KMS Key Policies used in the process of copying encrypted snapshots across accounts?

Answer 10

Question 11

What are KMS Multi-Region Keys?

Answer 11

Question 12

Why would you use KMS Multi-Region Keys?

Answer 12

Question 13

How does DynamoDB Global Tables and KMS MultiRegion Keys Client-Side encryption work?

Answer 13

Question 14

How does Global Aurora and KMS Multi-Region Keys Client-Side encryption work?

Answer 14

Question 15

What are some S3 Replication
Encryption Considerations?

Answer 15

Question 16

Should you use Multi-Region KMS Keys with S3 replication?

Answer 16

You can use multi-region AWS KMS Keys, but they are currently treated as independent keys by Amazon S3 (the object will still be decrypted and then encrypted).

Question 17

How do you share an AMI when the AMI is encrypted via a KMS key?

Answer 17

Question 18

How do you share an AMI across accounts?

Answer 18

You modify the Launch Permission in the origin account and add the specified target account

Question 19

What is SSM Parameter Store?

Answer 19

Question 20

How does the SSM Parameter Store Hierarchy work?

Answer 20

Question 21

What are the two tiers in the SSM Parameter Store?

Answer 21

Question 22

What are Parameters Policies (for advanced parameters) in SSM Parameter Store?

Answer 22

Question 23

What does SSM of SSM Parameter Store stand for?

Answer 23

Simple Systems Manager Parameter Store

Question 24

What is AWS Secrets Manager?

Answer 24

Question 25

What are Multi-Region Secrets in AWS Secrets Manager?

Answer 25

Question 26

What is the AWS Certificate Manager (ACM)?

Answer 26

Question 27

What is the process to request public certificates in AWS Certificate Manager (ACM)?

Answer 27

Question 28

How do you import certificates into AWS Certificate Manager (ACM)?

Answer 28

Question 29

How does AWS Certificate Manager (ACM) integrate with Application Load Balancer (ALB)?

Answer 29

Question 30

What are the different Endpoint Types in the API Gateway?

Answer 30

Question 31

How do you integrate AWS Certificate Manager (ACM) with API Gateway?

Answer 31

Question 32

What is AWS WAF – Web Application Firewall?

Answer 32

Question 33

Can an AWS WAF be deployed on a Network Load Balancer?

Answer 33

No, only Application Load Balancers

Question 34

How to set up security on an AWS WAF?

Answer 34

Question 35

What if you want to get a fixed IP while using WAF with a Load Balancer?

Answer 35

Question 36

What is AWS Shield?

Answer 36

Question 37

What is AWS Firewall Manager?

Answer 37

Question 38

What is the difference between WAF vs. Firewall Manager vs. Shield?

Answer 38

Question 39

What are AWS Best Practices for DDoS Resiliency?

Answer 39

Question 40

What are the AWS Best Practices for DDoS Resiliency?

Answer 40

Question 41

AWS Best Practices for DDoS Resiliency?

Answer 41

Question 42

AWS Best Practices for DDoS Resiliency?

Answer 42

Question 43

What is Amazon GuardDuty?

Answer 43

Question 44

What is the architecture of Amazon GuardDuty?

Answer 44

Question 45

What is Amazon Inspector?

Answer 45

Question 46

What does Amazon Inspector evaluate?

Answer 46

Question 47

What is Amazon Macie?

Answer 47

Amazon Macie is a data security service that discovers sensitive data using machine learning and pattern matching, provides visibility into data security risks, and enables automated protection against those risks.