CPC Prep AWS Compliance Flashcards

1
Q

What enables you to understand the robust controls in place at AWS to maintain security and data protection in the cloud? These programs include: certifications/attestations; law, regulations, and privacy; & alignments/frameworks

A

AWS Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

As systems are built on top of AWS Cloud Infrastructure who is responsible for compliance?

A

Shared responsiblity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which AWS service is a central resource for compliance-relation that provides on-demand access to AWS security and compliance reports and select online agreements?

A

AWS Artifact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which AWS service provides on-demand access to Service Organization Control, Payment Card Industry reports and certifications from accreditation bodies across the world, compliance that validate the implementation and operating effectiveness of AWS security controls?

A

AWS Artifact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which AWS Organizations feature defines the AWS service actions that are available for use and how you can limit the actions taken on an AWS account?

A

Service Control Policies (SCP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which AWS Organizations feature enforces rules around tagging across accounts and OUs?

A

Tag Policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which AWS service provides and automated security assessment service that helps improve security and compliance of applications deployed on AWS?

A

Amazon Inspector

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which AWS service automatically assesses applications for vulnerabilities or deviations from best practices and uses an agent installed on EC2 where the instances must be tagged?

A

Amazon Inspector

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which AWS service protects against common exploits that could compromise application availability, compromise security, or consume excessive resources?

A

AWS Web Application Firewall (WAF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which AWS service safeguards web applications running on AWS with alway-on detection and automatic inline mitigations?

A

AWS Shield

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which AWS service is a managed DDoS protection service that minimizes application downtime and latency and is integrated with Amazon CloudFront?

A

AWS Shield

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the two AWS Shield pricing tiers?

A
  1. Standard - free

2. Advanced - visibility & reporting; incident management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which AWS service manages WAF and AWS Shield?

A

AWS Firewall Manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which AWS service is a fully managed data security and data privacy service the uses machine learning and pattern matching to discover, monitor, or help protect sensitive data on Amazon S3?

A

Amazon Macie

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which AWS service enables security compliance and preventive security to identify a variety of data types including PII, PHI, HIPPA, regulatory documents, API keys, and secret keys?

A

Amazon Macie

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which AWS service identifies changes to policy and access control lists; continuously monitors the security posture of Amazon S3; and generates security findings that can viewed on Macie Console, AWS Security Hub, or Amazon Eventbridge?

A

Amazon Macie

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which AWS service offers threat detection that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads (threats to the account) and generates reports or trigger action to remediate?

A

AWS GuardDuty

18
Q

Which AWS service continuously analyzes CloudTrail Logs, VPC Flow Logs, and DNS Logs to intelligently detect threats through machine learning?

A

Amazon GuardDuty

19
Q

When does Amazon S3 encrypt objects?

A

As it is written

20
Q

What type of data is protected by SSL/TLS while it is in flight?

A

Encryption in Transit

21
Q

Which AWS service provides centralized control over the encryption keys used to protect your data?

A

Key Management Service (KMS)

22
Q

Which AWS service can create, import, rotate, disable, delete, define usage policies, and audit the use of encryption keys used to encrypt your data?

A

Key Management Service (KMS)

23
Q

Which AWS service is integrated with most other AWS services making it easy to encrypt the data stored on these services with customer controlled encryption keys?

A

Key Management System (KMS)

24
Q

Which AWS service is a cloud-based hardware security module that enables you to easily generate and use your own encryption keys in the cloud?

A

AWS CloudHSM

25
Q

Which AWS service enables you to manage your own encryption keys using FIPS 140-2 Level 3 validated USM?

A

AWS CloudHSM

26
Q

Which AWS service is used for creating SSL/TLS certificates for encrypting data in transit?

A

AWS Certificated Manager (ACM)

27
Q

Which AWS service can secure multiple domain names, multiple domain names with a domain, create wildcard SSL and can protect in unlimited number of sub domains?

A

AWS Secrets Manager

28
Q

Which AWS service enables you to meet your security and compliance requirements by enabling you to rotate secrets safely without the need for code deployments?

A

AWS Secrets Manager

29
Q

Which AWS service is built for Amazon RDS, Amazon RedShift, and Amazon Document DB that automatically rotates secrets periodically?

A

AWS Secrets Manager

30
Q

During penetration testing what are the five prohibited activities?

A
  1. DNS zone walking
  2. DoS, DDoS, & simulated DoS or DDoS
  3. Port flooding
  4. Protocol flooding
  5. Request flooding
31
Q

What is the purpose of the AWS authorized customer penetration testing?

A

Testing of customer applications security for vulnerability by simulating an attack

32
Q

What services does AWS authorize customer to conduct penetration testing on without permission?

A
  • Amazon EC2 instances, NAT Gateways, & Elastic Load Balancers
  • Amazon RDS and Amazon Aurora
  • Amazon CloudFront
  • Amazon API Gateways
  • AWS Lambda & Lambda Edge Functions
  • Amazon Lightsail
  • Amazon Elastic Beanstalk environments
33
Q

What actions should you take if your AWS account is compromised?

A
  1. Change AWS root account password
  2. Change all IAM user passwords
  3. Deleted or rotate all programmatic (API) access keys
  4. Delete any resource in your account you did not create
  5. Respond to notifications you received from AWS though the AWS Support Center or contact AWS to open a support case
34
Q

Which AWS feature enables you to log-in once and access multiple accounts?

A

AWS Single Sign-On

35
Q

What is an active directory social providers can access through AWS using IAM that Cognito is recommend to use?

A

Web Identity Federation

36
Q

What is a fully managed active directory running on Windows Sever 2012 R2 that used to host Microsoft AD or LDAP for Linux apps?

A

AWS Directory Service for Microsoft Active Directory

37
Q

Which AWS feature allows on-premises users to log into AWS services with their existing AD credentials this is used for single sign-on for on-premises employees and for adding EC2 instances to the domain?

A

AD Connector

38
Q

What is a low-scale, low cost, AD implementation base on Samba that can be used for simple user directory or if you need LDAP compatibility?

A

Simple AD

39
Q

Which service is used to notify customers of security and privacy events with AWS service vulnerabilities?

A

Security Bulletins

40
Q

Which AWS service is used a customer suspects AWS resources are used for abusive or illegal purposes; they can be notified through an online form or AWS email box?

A

AWS Abuse Teams