AWS Security - Pluralisight

Question 1

Name 3 core concepts of Security

Answer 1

1. Acceptable Use
2. Shared Responsibility Model
3. Identity Management

Question 2

Shared Responsibility Model

Answer 2

AWS is responsible for the security of the cloud

Customer is responsible for security in the cloud

Question 3

AWS Responsibility Details

Answer 3

x access control
x training for their employees
x global datacenters and the underlying network
x Global AWS Infrastructure
x those different availability zones and those regions and making sure that all of the connectivity exists between those
x hardware for global infrastructure
x replacing servers and switches and all the other bits of networking gear that they have
x configuration management for the infrastructure
x determining how bits of data get from one location to another
x patching of the cloud infrastructure and services
the core servers, the bare metal servers that are actually running some of your virtual servers or the servers that are running many of the services you use on AWS
x patching those bits of cloud infrastructure

Question 4

.

Answer 4

.

Question 5

Customer Responsibility

Answer 5

1. Individual access to cloud resources and training
2. Data security and encryption (in transit and at rest)
3. Operating system, network, and firewall configuration
4. All the code deployed onto the cloud infrastructure
5. Guest OS and custom applications

Question 6

AWS Well Architected Framework - what is it and what are the 5 pillars?

Answer 6

Collection of Best Practices across 5 pillars

1. Operational Excellence
2. Security
3. Reliability
4. Performance Efficiency
5. Cost Optimizations

Question 7

Where to learn more about the WAF?

Answer 7

microsite - aws.amazon.com/architecture/well-architected

Question 8

Reliabilty features - what are the two sides of this? Best attitude?

Answer 8

1. High availabilty
2. Fault tolerance
   Attitude - Assume everything fails all the time

Question 9

Explain Fault Tolerance

Answer 9

Able to support the failure of components within your architecture

Question 10

Explain High Avaiability

Answer 10

Keeping your entire system up and running in the expected manner despite issues that may occur

Question 11

Building systems - S3 and EC2

Answer 11

1. S3 - High availability out of the box - diff availability zones
2. EC2 - fault tolerance must be architected
3. Use multiple availability zones

Question 12

Fault Tolerance - 2 examples

Answer 12

Simple Queue Service

Route 53

Question 13

Compliance Standards

Answer 13

PCI DSS - credit card processing
HIPPA - healthcare
SOC1, SOC2, SOC3 - data center compliance
FEDRAMP - us govt re datacenters
ISO27018 - standard for handling PII

Question 14

Compliance Services

Answer 14

AWS Config - conformance packs for standards
AWS Artifact - Self service access to reports
Amazon GuardDuty - intelligent threat detection

Question 15

Explain Least Privilege Access

Answer 15

grant the minimum permissions to complete their task

Question 16

What is AWS IAM

Answer 16

AWS IAM - identity and access management -service that controls access to AWS resources

Question 17

Details about IAM - name 3 capabilities

Answer 17

Authentication
Authorization
Identity federation through SAML - using external identity management

Question 18

Main AWS Identities - name the 3 main types

Answer 18

User
Group - cluster users into a group
Role - user or AWS service to assume permissions for a task

Question 19

What is a policy in AWS IAM? Who manages it?

Answer 19

1. A json document that defines permissions for an AWS IAM identity/principal
   - what services the identity can access and the tasks it can do
2. Customer managed or managed by AWS

Question 20

AWS IAM Best Practices - examples

Answer 20

Multifactor Authentication

Least Privilege Access

Question 21

What is Amazon Cognito? What are four capabilities?

Answer 21

User directory service for your custom applications

1. Out of the box UI controls for various devices
2. Security capabilities to control access
3. Controlled access to AWS resources
4. Works with social and enterprise identity providers

Question 22

On premise data integration - 2 solutions

Answer 22

1. AWS Storage Gateway - hybrid of your & AWS

2. AWS DataSync - Transfer data (not Snowball)

Question 23

AWS Storage Gateway - 3 gateways

Answer 23

1. Tape gateway
2. Volume gateway
3. File gateway

Question 24

AWS Storage Gateway - 2 aspects

Answer 24

1. VM or specific hardware device

2. Integrates with EBS and S3

Question 25

AWS DataSync - 3 aspects

Answer 25

1. Integrates with S3, EFS, and FSx
2. High speed transfers
3. Charged per gb of transfer

Question 26

What is AWS Glue?

Answer 26

ETL processing for these transfers. Supports RDS, DynamoDB, Redshift, and S3. Supports serverless approach.

Question 27

What is Amazon EMR?

Answer 27

Elastic Map Reduce - Big data processing on S3 and EC2.

Question 28

What is AWS Data Pipeline?

Answer 28

Data workflow orchestration across AWS Services

Question 29

Name 6 Services supported by Amazon EMR.

Answer 29

Apache Spark
Apache Flink
Apache Hive
Apache Hudi
Apache HBase
Presto.

Question 30

What is Amazon Athena

Answer 30

Tool for searching S3

Question 31

Name 3 Data analysis tools

Answer 31

1. Athena - Searches on S3 content

Question 32

Name 3 Data analysis tools

Answer 32

1. Athena - Searches on S3 content
2. Quicksight - BI - create Dashboards
3. CloudSearch - Search for custom applications

Question 33

Name 3 AI Learning Services

Answer 33

1. Rekognition - Vision service from machine learning
2. Translate - Text translation from machine learning
3. Transcribe - Speach to text from machine learning

Question 34

Named 4 Infrastructure Scenarios

Answer 34

1. Backup and Restore
2. Pilot light
3. Warm Standby
4. Multi Site
   Top to Bottom Cost and Complexity increasing
   Top to Bottom Recovery Time decreasing

Question 35

Two factors for Disaster Recovery

Answer 35

1. Recovery Point Objective

2. Recovery Time Objective

Question 36

EC2 Scaling - 2 approaches

Answer 36

1. Vertical scaling - Bigger server instances

2. Horizontal scaling - More server instances

Question 37

Name 3 specific Security Services available

Answer 37

1. AWS Shield - protection against DDOS attacks
2. AWS Macie - machine learning to protect PII and intellectual property on S3 - has dashboards and alerts.
   3.

Question 38

Name 3 specific Security Services available

Answer 38

1. AWS Shield - protection against DDOS attacks
2. AWS Macie - machine learning to protect PII and intellectual property on S3 - has dashboards and alerts.
3. Amazon Inspector - scans EC2 - charged per instance per assessment run.

Question 39

Two types of Rules packages for Amazon Inspector

Answer 39

1. Network Reachability Assessment

2. Host Assessment - patches and checks for config errors.

Question 40

Named 2 types of Predefined Service Deployments

Answer 40

1. AWS Service Catalog - in-house

2. AWS Marketplace - 3rd party services

Question 41

Name 3 Developer Tools

Answer 41

1. AWS CodeCommit
2. AWS CodeBuild
3. AWS CodeDeploy
4. AWS CodePipeline
5. AWS CodeStar