Compliance and Governance

Question 1

Q: What is the AWS Shared Responsibility Model?

Answer 1

A: AWS is responsible for the security of the cloud (infrastructure), and customers are responsible for security in the cloud (data, configurations, etc.).

Question 2

Q: What is AWS Artifact?

Answer 2

A: A service that provides access to AWS compliance reports, certifications, and agreements (e.g., SOC 1/2/3, ISO 27001, PCI DSS).

Question 3

Q: What compliance programs does AWS support?

Answer 3

A: Examples include GDPR, HIPAA, PCI DSS, ISO 27001, SOC 1/2/3, and FedRAMP.

Question 4

Q: What is AWS Organizations?

Answer 4

A: A service that centrally manages multiple AWS accounts, consolidates billing, and enforces governance using Service Control Policies (SCPs).

Question 5

Q: What are SCPs in AWS Organizations?

Answer 5

A: Policies that define permissions and govern access across accounts within an organization.

Question 6

Q: What is AWS Config?

Answer 6

A: A service that tracks and evaluates configurations of AWS resources for compliance and governance.

Question 7

Q: What are AWS Config rules?

Answer 7

A: Custom or AWS-managed rules to evaluate resource configurations for compliance with organizational policies.

Question 8

Q: What is AWS CloudTrail?

Answer 8

A: A service that records API calls, CLI commands, and actions taken in the AWS Management Console for auditing and compliance.

Question 9

Q: Name some AWS compliance certifications.

Answer 9

A: ISO 27001, SOC 1/2/3, PCI DSS, HIPAA, GDPR, and FedRAMP.

Question 10

Q: What is AWS Security Hub?

Answer 10

A: A service that aggregates and monitors security findings from various AWS services to ensure compliance with best practices.

Question 11

Q: How does AWS address data residency requirements?

Answer 11

A: By allowing customers to store data in specific regions and use services like S3 and DynamoDB with strict regional control.

Question 12

Q: What does the Governance Pillar of the AWS Well-Architected Framework emphasize?

Answer 12

A: Best practices for identity management, access control, compliance monitoring, and risk mitigation.

Question 13

Q: What is AWS Control Tower?

Answer 13

A: A service that automates the setup of a secure, multi-account AWS environment using best practices and governance controls.

Question 14

Q: What are some governance best practices in AWS?

Answer 14

A: Use IAM roles, enforce SCPs, enable CloudTrail, define tagging standards, and monitor resources with AWS Config.

Question 15

Q: How does AWS support GDPR compliance?

Answer 15

A: AWS provides data residency controls, encryption options, and tools for access logging and auditing.

Question 16

Q: What is AWS Trusted Advisor?

Answer 16

A: A tool that provides recommendations for improving security, performance, cost efficiency, and fault tolerance in AWS.

Question 17

Q: How does AWS ensure data encryption compliance?

Answer 17

A: By offering encryption at rest (e.g., S3, RDS, DynamoDB) and in transit (e.g., SSL/TLS), managed via AWS KMS.

Question 18

Q: What AWS services support audit logging for compliance?

Answer 18

A: AWS CloudTrail, VPC Flow Logs, and S3 Access Logs.

Question 19

Q: What is AWS IAM Access Analyzer?

Answer 19

A: A tool that identifies resources accessible from outside your AWS account and provides recommendations to tighten access.

Question 20

Q: What is the AWS Compliance Center?

Answer 20

A: An online resource hub for learning about AWS compliance programs, best practices, and customer responsibilities.

Question 21

Q: What is the AWS Policy Generator?

Answer 21

A: A tool to create custom IAM policies, bucket policies, and SQS/SNS policies for controlling access to AWS resources.

Question 22

Q: What is ISO 27001, and how does AWS comply with it?

Answer 22

A: ISO 27001 is an international standard for information security. AWS achieves compliance through strong security controls and audits.

Question 23

Q: What are AWS Config Aggregators?

Answer 23

A: Tools that combine configuration data from multiple accounts or regions into a single view for compliance monitoring.

Question 24

Q: What is AWS Backup Audit Manager?

Answer 24

A: A tool to track and validate backup activity to ensure compliance with organizational and regulatory requirements.

Question 25

Q: How does tagging help with governance?

Answer 25

A: By assigning metadata to resources, enabling cost tracking, compliance enforcement, and resource organization.

Question 26

Q: How do Cost Allocation Reports support governance?

Answer 26

A: They provide detailed cost breakdowns by tags, accounts, or services for better financial management and compliance.

Question 27

Q: Which AWS services provide compliance reporting?

Answer 27

A: AWS Artifact and Security Hub.

Question 28

Q: How do you monitor compliance in AWS?

Answer 28

A: Using AWS Config, Security Hub, CloudTrail, and GuardDuty to track resource usage, configuration, and activity.

Question 29

Q: What is an AWS Landing Zone?

Answer 29

A: A solution to set up a secure, multi-account AWS environment with governance controls, SCPs, and security baselines.

Question 30

Q: What are preventative controls in AWS governance?

Answer 30

A: Policies and configurations like SCPs, IAM policies, and encryption that prevent non-compliant actions.

Question 31

Q: What are detective controls in AWS governance?

Answer 31

A: Tools like AWS Config and CloudTrail that identify and report non-compliant activities after they occur.

Question 32

Q: What are AWS Quick Starts for compliance?

Answer 32

A: Pre-built templates to deploy secure and compliant AWS environments quickly.

Question 33

Q: How does AWS help achieve HIPAA compliance?

Answer 33

A: By offering the AWS Business Associate Addendum (BAA) and services that support PHI encryption, logging, and auditing.

Question 34

Q: What are SOC reports?

Answer 34

A: Service Organization Control (SOC) reports provide assurance about AWS’s security controls (SOC 1, SOC 2, SOC 3).

Question 35

Q: What is FedRAMP compliance in AWS?

Answer 35

A: A U.S. government program ensuring secure cloud services, with AWS offering FedRAMP Moderate and High certifications.