AWS Security Responsibility

Question 1

Who is responsible for security in AWS

Answer 1

Both customers and AWS are responsible for security in AWS

Question 2

What is AWS responsibility in Security?

Answer 2

1. Physical (Regions, avail zones, edge locations, (Hardware AWS Cloud Infrastructure))
2. N/w (Compute, storage, DB, n/wking)
3. Hypervisor (and softwared)

Question 3

What is customers responsibility in AWS

Answer 3

1. OS (client side, server side encry, n/w traffiking, OS, n/w firewall)
2. Application (platform, appli, identity & access mgmt)
3. Data (Clients data)

Question 4

Good definition of AWS Security

Answer 4

AWS responsible for “Security of the cloud”
We responsible for “Security in the Cloud”

Question 5

what is the service that enables you to manage AWS services and resources securely?

Answer 5

AWS Identity and Access Management

Question 6

what does IAM provides

Answer 6

IAM provides the felexibility to configure access based on company’s operational and security needs

Question 7

what are the combinations of IAM features

Answer 7

1. IAM Users, Groups and Roles
2. IAM Policies
3. Multi factor Authentication

Question 8

Who is the owner of AWS Account

Answer 8

AWS Account Root User (Root User) - Its created using the account that is used for loggin in AWS accont and password

Question 9

What permissions does the Root User have

Answer 9

Complete access to all resources and services

Question 10

What is the user created in AWS

Answer 10

IAM User. It is an identity given to user to access AWS resources and services

Question 11

What is the default behaviour of IAM User account

Answer 11

By default, IAM user have no access to any resources or services. It nees explicit configuration to access a resources

Question 12

What is IAM Policies

Answer 12

IAM policies is a document that allows or denies permissions to AWS resources

Question 13

What is IAM Policies used for

Answer 13

To customizes users access to resources or services. Eg.., you allow user to access specific buckets or all buckets

Question 14

What is the best practice in IAM policies

Answer 14

To follow “Least Previleges” for giving access. means, give only the permissions to access resources needed not the all resources

Question 15

IAM Groups

Answer 15

“Collection of IAM Users”. We can configure IAM Groups an Configure with permissions to access.

Question 16

What is IAM roles

Answer 16

IAM roles is an identity that you can assume to gain temporary access to the permissions

Question 17

What is IAM Roles important thing to remember?

Answer 17

Before an IAM User, serviceor application assume an IAM role, he has to abandon the previous role and assume /start the new role

Question 17

Best Practices to Use IAM role?

Answer 17

To grant permissions temporarily instead of long term

Question 18

What is AWS Organizations

Answer 18

Suppose you have multiple AWS Accounts, we can comtrol and manage multiple AWS accounts from single location called AWS Organization

Question 19

How can we centrally control permissions for the accounts in AWS Organization?

Answer 19

“Service Control Policies”

Question 20

What is Organizational Units

Answer 20

In AWS Organizations, we can group accounts to “Organizational Units” to easily manage accounts with similar business or security commitments

Question 21

Why its mandatory for your application to maintains standards

Answer 21

Depending on the company’s industry/location, we may have to uphold standard. An Audit/Inspection will make sure that the standards are followed

Question 22

What service AWS provides to maintain standars and reports

Answer 22

AWS Artifacts

Question 23

What does AWS Artifact provides

Answer 23

On Demand Access to AWS security and compliance reports and select online Agreement

Question 24

What are two main sections of AWS Artifacts

Answer 24

1. AWS Artifacts Agreements
2. AWS Artifact Reports

Question 25

What is AWS Agreements

Answer 25

Suppose that you need to sign agreement with AWS for using certain part of your data throughout the service. We can do this through AWS agrrements.
We can review, accept and manage agreements for individual accounts or group of accounts in AWS Organizations

Question 26

What is AWS Reports

Answer 26

Suppose that a developer is creating an application and need tio understand his responsibility in complying with the regulatory standards. He can be advised to access AWS reports

Question 27

Customer Compliance Center

Answer 27

The Customer Compliance Center(opens in a new tab) contains resources to help you learn more about AWS compliance.

In the Customer Compliance Center, you can read customer compliance stories to discover how companies in regulated industries have solved various compliance, governance, and audit challenges.

Question 28

Wat is DDoS

Answer 28

Distributes Denial of Service Attack

Question 29

How AWS protects against DDoS

Answer 29

AWS Shield

Question 30

AWS Shield Standard

Answer 30

Freee AWS Shield. It protects AWS services from Common, frequent attacks.WS Shield Standard uses a variety of analysis techniques to detect malicious traffic in real time and automatically mitigates it.

Question 31

AWS Shield Advanced

Answer 31

A Paid service that provides details attack diagonostics and mitigate sophisticated DDos Attacks.
It also integrates with other services such as Amazon CloudFront, Amazon Route 53, and Elastic Load Balancing. Additionally, you can integrate AWS Shield with AWS WAF by writing custom rules to mitigate complex DDoS attacks.

Question 32

What is very important in storing and transmitting data

Answer 32

Data protection. “Encryption at Rest” and “Encryption in Transit”

Question 33

How does encyption is performed

Answer 33

Encryption in “AWS Key Management Service” through “Cryptographic keys”

Question 34

What is Cryptographic key

Answer 34

Random string of digits used for encrypting or decrypting the data. We can use AWS KMS to create, manage and use cryptographic keys

Question 35

What is the monitor that helps to monitor web service request to ur Service

Answer 35

AWS WAF (AWS Web Application Firewall)

Question 36

What is Amazon Inspector

Answer 36

Helps to improve Amazons security and compliance of application by running automated security assessments