Key Security and Compliance Services

Question 1

What is IAM?

Answer 1

IAM allows you to control access to your AWS services and resources.

Question 2

What is WAF?

Answer 2

WAF helps protect your web applications against common web attacks.

Question 3

What is Shield?

Answer 3

Shield is a managed Distributed Denial of Service (DDoS) protection service.

Question 4

What is Macie?

Answer 4

Macie helps you discover and protect sensitive data.

Question 5

What is Config?

Answer 5

Config allows you to assess, audit, and evaluate the configurations of your resources.

Question 6

What is GuardDuty?

Answer 6

GuardDuty is an intelligent threat detection system that uncovers unauthorized behavior.

Question 7

What is Inspector?

Answer 7

Inspector works with EC2 instances to uncover and report vulnerabilities.

Question 8

What is Artifact?

Answer 8

Artifact offers on-demand access to AWS security and compliance reports.

Question 9

What is Cognito?

Answer 9

Cognito helps you control access to mobile and web applications.

Question 10

What is KMS?

Answer 10

KMS allows you to generate and store encryption keys.

Question 11

What is Cloud HSM?

Answer 11

CloudHSM is a hardware security module (HSM) used to generate encryption keys.

Question 12

What is Secrets Manager?

Answer 12

Secrets Manager allows you to manage and retrieve secrets (passwords or keys).

Question 13

Instead of relying on a single data centre to provide its services across the world, AWS relies on several separate geographic areas, each of which consists of one or more isolated locations. What are the official names for these separate geographic areas, and what is the name for the one or more multiple, isolated locations?

Answer 13

Regions; Availability Zones

The separate geographic areas, from which AWS provides its services, are known as Regions. Each Region consists of multiple isolated locations called Availability Zones. Each Availability Zone has one or more data centres.

Question 14

You want to streamline access management for your AWS administrators by assigning them a pre-defined set of permissions based on their job role. Which options below are the best way to approach this?

• IAM roles
• IAM groups
• IAM policies

Answer 14

Use IAM groups

Using IAM groups lets you create a list of pre-defined permissions that any user made a part of that group will be granted. Roles are primarily used to grant AWS resources permissions to other AWS resources and generally are not for end-users. Reference: IAM User Groups

Use IAM policies

You manage permissions for IAM users, groups, and roles by creating a policy document in JSON format and attaching it.

Question 15

In Identity and Access Management (IAM), which term applies to a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS?

Answer 15

Principal

A principal is a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS.

Question 16

Which of the below are TRUE statements when it comes to network security for an EC2 instance in AWS?

• AWS is responsible for ensuring malicious traffic does not reach the EC2 instance.
• AWS is responsible for ensuring malicious traffic does not impair the network hardware.
• The customer is responsible for ensuring malicious traffic does not reach the EC2 instance.
• The customer is responsible for ensuring unwanted traffic does not reach the EC2 instance.
• The customer is responsible for ensuring malicious traffic does not impair the network hardware.

Answer 16

• AWS is responsible for ensuring malicious traffic does not impair the network hardware.
• The customer is responsible for ensuring malicious traffic does not reach the EC2 instance.
• The customer is responsible for ensuring unwanted traffic does not reach the EC2 instance.