Introduction to Security and Architecture on AWS

Question 1

What service controls access to AWS resources

Answer 1

AWS IAM

Question 2

What service is a managed service that enables you to handle authentication and aspects of authorization for your custom web and mobile applications through AWS?

Answer 2

Amazon Cognito

Question 3

What are the three AWS IAM Identities?

Answer 3

Users, Groups, and Roles

Question 4

What are AWS IAM Users?

Answer 4

An account for a single individual to access an AWS resource

Question 5

What are AWS IAM Groups?

Answer 5

Allow you to manage permissions for a group of IAM users

Question 6

What are AWS IAM Roles

Answer 6

Enables a user or AWS service to assume permissions for a task

Question 7

What is the practice of assigning the bare minimum permissions to a user to perform their tasks?

Answer 7

Least Privilege Access

Question 8

What defines both what services an IAM Identity can access and what actions can be taken on those services?

Answer 8

Policies in AWS IAM

Question 9

What format is an AWS Policy?

Answer 9

JSON

Question 10

What is a process through which identities can be imported through SAML providers including active directory?

Answer 10

Identity Federation

Question 11

What is the process that allows a user to log in?

Answer 11

Authentication

Question 12

What is the process that determines what a user is allowed to do once they’re logged in?

Answer 12

Authorization

Question 13

What is the service that provides compliance packs for standards?

Answer 13

AWS Config

Question 14

What is the service that provides self-service access to reports?

Answer 14

AWS Artifact

Question 15

What is the service that provides intelligent threat detection?

Answer 15

AWS GuardDuty

Question 16

What is the compliance standards for processing credit cards?

Answer 16

PCI-DSS

Question 17

What is the compliance standard for healthcare data?f

Answer 17

HIPAA

Question 18

What are third party reviews for operational processes?

Answer 18

SOC1, SOC2, SOC3

Question 19

What are the standards for US government data handling?

Answer 19

FedRAMP

Question 20

What are the standards for handling personally identifiable info?

Answer 20

ISO 27018

Question 21

What is being able to support failure of components within your architecture?

Answer 21

Fault tolerance

Question 22

What is keeping your entire solution running in the expected manner despite issues that may occur?

Answer 22

High availability

Question 23

Which services enable fault tolerance in your custom applications?

Answer 23

SQS, Route 53

Question 24

What is the collection of best practices across five key pillars for how to best create systems that create business value on AWS?

Answer 24

Well-architected Framework

Question 25

What are the five pillars of the Well-architected framework

Answer 25

Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization

Question 26

What is the model in which security and compliance are shared between AWS and the customer?

Answer 26

Shared Responsibility Model

Question 27

What is AWS responsible for in the Shared Responsibility Model?

Answer 27

Access & Training for Amazon Employees, Global data centers and underlying network, hardware for global infrastructure, configuration management for infrastructure, patching cloud infrastructure and services

Question 28

What is the customer responsible for in the Shared Responsibility Model?

Answer 28

Individual access to cloud resources and training, data security and encryption (in transit and at rest), operating system, network, firewall configuration, all code deployed onto cloud infrastructure, patching guest operating systems and custom applications.

Question 29

Should you use your root account as your day-to-day account?

Answer 29

NOOOOOOOOOoooooo