Cloud Security Flashcards
What are the 2 types of access, and what is required by each in order to authenticate?
Program Acces key id/secret and Managment console pswd and username
There are two types of access: Programmatic Access and Management Console Access. Programmatic Access requires Access Key ID and Secret Access Key for authentication. Management Console Access requires a username and password for authentication.
Cloud Security
“CLOUD SAFE” Cloud Secuirty
Here’s how to associate each letter with a security aspect:
“CLOUD SAFE” Cloud Secuirty
Here’s how to associate each letter with a security aspect:
C - Control Access: “Control Access” involves managing and restricting access to AWS resources through Identity and Access Management (IAM) and other security mechanisms.
L - Logging and Monitoring: “Logging and Monitoring” emphasizes the importance of continuous monitoring and logging to detect and respond to security incidents effectively.
O - Object Storage Security: “Object Storage Security” reminds you to secure data stored in Amazon S3 or other object storage services, applying proper access controls and encryption.
U - Use Encryption: “Use Encryption” encourages the use of encryption for data both in transit and at rest, safeguarding information from unauthorized access.
D - Data Integrity: “Data Integrity” involves ensuring the integrity of data through measures like checksums, making sure data remains unchanged and reliable.
S - Secure Network Configurations: “Secure Network Configurations” stresses the importance of properly configuring Virtual Private Cloud (VPC) settings and network security groups to control traffic.
A - Apply Security Best Practices: “Apply Security Best Practices” reminds you to follow AWS security best practices, incorporating recommended configurations and settings.
F - Follow Compliance Standards: “Follow Compliance Standards” underscores the importance of adhering to regulatory compliance standards relevant to your industry and geography.
E - Evaluate Security Controls: “Evaluate Security Controls” prompts regular assessments and reviews of security controls to ensure they align with evolving security requirements.
CEPEASPIMIICIICII
CEPE ASP IMIICIICII
Cogently, Eloquently, Perspicaciously, Eruditely, Astutely, Sagaciously, Profoundly, Acutely, Incisively, Meticulously, Invariably, Ineffably, Conclusively, Incontrovertibly, Inherently, Inimitably, Ineffaceably, Inscrutably, Inexplicably, Inextricably
What is a key pair made up of?
PUBLIC AWS / PRIVATE OMAR
A key pair consists of a public key, which AWS stores, and a private key, which the user downloads and keeps secure.
What is MFA, and what are 3 ways to generate an MFA code?
HARDWARE AUTHENTICATOR SMS
MFA (Multi-Factor Authentication adds an extra layer of security. MFA codes can be generated using a hardware token, a virtual MFA app (like Google Authenticator , or through SMS text messages.
What is the default authorization?
LEAST PRIVALEGE 0 PERMISSIONS
The default authorization is based on the principle of least privilege. Users start with no permissions and must be explicitly granted access as needed.
What does the principle of least privilege mean?
MINIMUM PERMISION FOR TASK NO UA OR MISUSE
The principle of least privilege means granting individuals or systems the minimum levels of access or permissions required to perform their tasks, reducing the risk of unauthorized access or misuse.
What is the difference between IMPLICIT access or denial and EXPLICIT access or denial?BEH POLICY
IM DEFAULT BEHAVOIR EX POLICIES IM ALLOWS EX DENIES BP
IMPLICIT access or denial is based on default behaviors, while EXPLICIT access or denial is specifically defined through policies. IMPLICIT allows actions by default unless explicitly denied, and EXPLICIT denies actions by default unless explicitly allowed.
A security policy is written using which language?
JSON
A security policy is written using the JSON (JavaScript Object Notation language.
What are the 2 types of policies? IR
IR UGR RESOURCE AWS RESOURCES
The two types of policies are Identity-based policies and Resource-based policies. Identity-based policies are attached to IAM users, groups, or roles, while Resource-based policies are attached to AWS resources.
If there is a conflict between a Deny statement (i.e., for a resource and an Allow statement (i.e., for a user , which statement takes precedence?
DENY OVER ALLOW
In case of a conflict, the Deny statement takes precedence over the Allow statement.
An action can only take place with an _______ Allow permission; otherwise, the action is an _______ Deny.
EX ALLOW PERMISSION OR IM DENY
An explicit Allow permission; otherwise, the action is an implicit Deny.
How is an IAM group different from an IAM user?
USER UNIQUE CREDENTIALS AND COLLECTION OF USER WITH SIMILAR PERMISSIONS
An IAM user is an individual identity with unique credentials, while an IAM group is a collection of users with similar permissions.
Can a user belong to multiple groups?
Yes, a user can belong to multiple IAM groups.
Can a group be nested within another group?
NO NEST IN AWS
No, IAM groups cannot be nested within other groups.
Who gets access through IAM Roles and for how long?
USER OR ROLE TEMP.
Temporary credentials obtained through IAM roles are assumed by AWS resources or users, granting them access for a specified duration.
What is needed to log into the Root User account?
EMAL AND PSWD
To log into the Root User account, you need the email address associated with the account and the corresponding password.
What is needed to log into the Root User account?
To log into the Root User account, you need the email address associated with the account and the corresponding password.