Cloud Security

Question 1

AWS Shared Responsibility Model

Answer 1

Customer: Responsibility for security ‘in’ the cloud
AWS: Responsibility for security ‘of’ the cloud

Question 2

Shared controls

Answer 2

controls which apply to both AWS and customer but in completely separate context or perspectives

patch management:

• AWS: patching infrastructure
• Customer: patching guest OS and applications

configuration management:

• AWS: maintains the configuration of its infrastructure devices
• Customer: configure their own guest OS, databases and applications

awareness and training:

• AWS: trains AWS employees
• Customer: trains their own employees

Question 3

Identity and Access Management (IAM)

Answer 3

helps you securely control access to AWS services and resources for your users and applications

Question 4

IAM User

Answer 4

person or application that can authenticate with an AWS account

Question 5

IAM Group

Answer 5

A collection of IAM users that are granted identical authorization

Question 6

IAM Policy

Answer 6

the document that defines which resources can be accessed and the level or access to each resource

Question 7

IAM Role

Answer 7

A set of permissions that define what actions a user, service, or entity can perform within AWS services

• temporary credentials

Question 8

Key Management Services (KMS)

Answer 8

Enables you to create and manage encryption keys

Question 9

CloudHSM (Hardware Security Module)

Answer 9

Web service that helps you meet corporate, contractual and regulatory compliance requirements for data security by using hardware security module (HSM) appliances within the AWS Cloud

• HSM: physical device that safeguards and manages cryptographic keys and performs cryptographic operations in a highly secure manner

Question 10

IAM Access Analyzer

Answer 10

Helps to streamline permissions management throughout the continuous cycle of access management to achieve least privilege