Cloud DD: AWE Trusted Advisory Report (TAR) Flashcards
Two Tiers of Reporting
- Basic Support Reporting
- Business or Enterprise Support Reporting
Basic Support Reporting
This is for an individual creating something basic
Business Enterprise Support Reporting
If you have a vendor that isn’t paying for this then you should get another vendor.
-They need to have the appropriate reporting that is offered.
-Not our problem if it’s too expensive.
-If you have a Prime account you can set up an AWS account on your own.
AWS TAR
Trusted Advisor Report
Always ask for the CSV version of the document.
Vendors will complain that this has propitiatory information, but vendors can redact information in a CSV so not a real concern.
Software Cloud DD
-Sandbox
-API
-Signatures
-Strings
-Input Validation
-Dynamic Testing
How to test software that is in the cloud
Sandbox
Isolated virtual machine where unsafe software code can be tested.
-Perfectly acceptable to ask for a sandbox so we can test it ourselves.
-Be transparent about what you’re going to be doing.
-Should be included in cost of goods sold.
Signatures
-Code signing
-Authenticas where the software has been altered and come for the source of record
AWS Trusted Advisor Report
Example CSV report
Start by looking at the amount of unhealthy, then applicipable.
You would get a lot more errors in a test environment, but you don’t want tot see these errors in a production environment.
-Make sure you’re seeing the area that you want to see.
**On the exam, we may give an example of a finding from a report if you’re not familiar then look at the answers. Eliminate the worse answer first.
When a vendor won’t share the report, do you have access to the report and do you manage them.
Validate that they’re doing this process themselves.
Then we know that we at least have that process.
Validate that they’re getting access to this information and doing this on their own.
