Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

AWS Cloud Practitioner > Cloud Security > Flashcards

Cloud Security Flashcards

1
Q

What is the AWS Abuse team?

A

Team to be contacted when AWS resources are being used for abusive behaviour.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the AWS Security team?

A

AWS team responsible for security of services offered by AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

IAM Group vs Security Group

A

IAM Group is a group of users with similar permissions.

Security Group is established on EC2 instance to control network traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a NACL or ACL?

A

Network Access Control List – optional layer of security for VPC that acts as a firewall on subnet level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are Route Tables?

A

A route table contains a set of rules, called routes, that are used to determine where network traffic is directed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What do Security Groups do?

A

Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the AWS Shared Responsibility Model?

A

A security model that defines what you (as an AWS account holder/user) and Amazon Web Services are responsible for when it comes to security and compliance.

AWS is responsible for security of the cloud, you are responsible for security in the cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What aspects of Security and Compliance is AWS responsible for in the Shared Responsibility Model?

A

Components from the host operating system and the virtualization layer down to the physical security of the facilities in which the service operates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What aspects of Security and Compliance are you responsible for in the Shared Responsibility Model?

A

Guest operating system (including updates and security patches), other associated application software, as well as the configuration of the AWS provided security group firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How would the Shared Responsibility Model apply to an EC2 instance?

A

AWS is responsible for:
1. The setup and maintenance of the physical hardware located at each AWS data centre
2. The physical security of the data centres
(locks, keys, security guards, etc.)
3. The setup and maintenance of the host virtualization software

You are responsible for:

  1. Network level security (Security groups & NACL’s)
  2. OS patches and updates
  3. IAM user access management
  4. Client and Server side data encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the AWS services with built-in DDOS attack protection/mitigation?

A
  1. Cloudfront
  2. Route 53
  3. WAF (Web Application Firewall)
  4. Elastic Load Balancing
  5. Security groups & VPC’s
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What services are customers allowed to carry out security assessments/pen tests on with no prior approval required?

A
  1. Amazon EC2 instances, NAT gateways, and ELB’s
  2. RDS
  3. Cloudfront
  4. Aurora
  5. API gateways
  6. Lambda & Lambda edge functions
  7. Lightsail resources
  8. Elastic Beanstalk environments
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the currently prohibited security activities?

A
  1. DNS Zone walking via Route 53 hosted zones
  2. DOS, DDOS, simulated DOS, simulated DDOS
  3. Port flooding
  4. Protocol flooding
  5. Request flooding
    (login request flooding, API request flooding)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the AWS Assurance/Compliance 3 Major Categories?

A

Certifications/Attestations

Laws, Regulations, and Privacy

Alignments/Frameworks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the major AWS Compliance Certifications to be aware of?

A

ISO 27001

PCI DSS Level 1

SOC 1

SOC 2

SOC 3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A _____ _____ is a check to see if your AWS infrastructure meets a given compliance standard.

(I.e. - even though AWS itself might,
your infrastructure or application may not)

17
Q

What is WAF?

A

Web Application Firewall

Protects from common web exploits that could

affect availability

compromise security

consume excessive resources

18
Q

What is the difference between using
Elastic Load Balancers with security groups as security
vs
using a WAF?

A

ELB/Security Groups secure protocols and ports (Layer 4)

WAF - Can actually read the data being sent (Layer 7)

19
Q

What is AWS Shield?

A

Managed DDoS protection

safeguards web apps

always-on detection

enacts inline mitigations

20
Q

What are the two tiers of AWS Shield?

A

Standard - free and comes by default

Advanced $3K/month

21
Q

What is AWS Inspector?

A

Automated Security Assessment

Audits for vulnerabilities or deviation from best practices

Produces a lined report ordered by criticality

Installed on your EC2 instances

22
Q

What is AWS Trusted Advisor?

A

Optimization guidance for your environment for

cost optimization

performance

security

fault tolerance

23
Q

What are the two levels of AWS Trusted Advisor?

A

Core Checks and Recommendations (free)

Full Trusted Advisor - Business and Enterprise only

AWS Cloud Practitioner (14 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions