Deck 3

Question 1

Compliance of AWS

Answer 1

PCI DSS Level l (QSA Audit Still Required)
ISO 9001
ISo 27001
SOC 1,2,3
FISMA/DIACAP and FEDRAMP

Question 2

Industry specific standards

Answer 2

HIPAA
Cloud Security Alliance (CSA)
Motion Picture Association of America (MPAA)

Question 3

Areas of AWS you are responsible for

Answer 3

EC2 patching
VPC setup
S3
Account management 
Users access

Question 4

What is used to monitor API access

Answer 4

CloudTrail is recommended to be enabled

Question 5

How storage decommissioned at Amazon

Answer 5

• DoD 5220.22-M or NIST 800-88 Guidelines

- All storage devices are wiped and physically destroyed

Question 6

Network security components

Answer 6

HTTPS using SSL/TLS
VPC
IpSec VPN

Question 7

Is the Amazon Corporate network segregated from the corporate network

Answer 7

Yes

Question 8

Network monitoring provided by Amazon

Answer 8

DDos blocks
Man in the middle
IP Spoofing
Port Scanning
Sniffing

Question 9

AWS password requirements

Answer 9

6 characters minimum, up to 128.

You can also require mixed case, numbers and special characters

Question 10

Keypair security

Answer 10

Required by EC2 instances - 2048-bit SSH-2 RSA keys

Question 11

Keys used by S3, API, REST, AWS SDK

Answer 11

Access Keys (comprised of Key ID and Secret

Question 12

Use of X509 Certs

Answer 12

Used to sign SOAP based requests (S3). You can used Amazon based certs or generate your own.

Question 13

AWS Trusted Adviser can make recommendations on:

Answer 13

Open Ports
No internal IAM accounts
Public S3 access
CloudTrail logging not enabled for 
Not using MFA for root account

Question 14

How is virtual machine data protected

Answer 14

VDs are zeroed out

Memory is scrubbed

Question 15

Does Amazon have access to VM’s

Answer 15

No

Question 16

Default network traffic restriction

Answer 16

All ingress blocked and all outbound allowed

Question 17

EBS Encryption

Answer 17

Available on volumes and snapshots 256AES

Occurs on the EC2 Instance that host the volume

Question 18

Types of instance EBS encryption is available on

Answer 18

Only the more power types M3,C3,R3,G2

Question 19

Additional layer of security that act at the subnet level

Answer 19

Network ACLs

Question 20

Default # of VPC per region

Answer 20

5

Question 21

How many internet gateways can you attache to your custom VPC?

Answer 21

1

Question 22

What could be required to be assigned to an EC2 instance if it required internet access with no NAT

Answer 22

The instance needs either an Elastic IP address/Public IP address assigned to it.

Question 23

Amazon SWF restrict me to use specific programming languages.

Answer 23

False. SWF.

Question 24

A __________ is a document that provides a formal statement of one or more permissions.

Answer 24

Policy

Question 25

What function of an AWS VPC is stateless

Answer 25

Network ACLs

Question 26

Amazon’s SNS has the following subscribers

Answer 26

Lambda, SQS, HTTPS, Email, SMS