Key Security and Compliance Services Flashcards

1
Q

What is IAM?

A

IAM allows you to control access to your AWS services and resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is WAF?

A

WAF helps protect your web applications against common web attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Shield?

A

Shield is a managed Distributed Denial of Service (DDoS) protection service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Macie?

A

Macie helps you discover and protect sensitive data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Config?

A

Config allows you to assess, audit, and evaluate the configurations of your resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is GuardDuty?

A

GuardDuty is an intelligent threat detection system that uncovers unauthorized behavior.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Inspector?

A

Inspector works with EC2 instances to uncover and report vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Artifact?

A

Artifact offers on-demand access to AWS security and compliance reports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Cognito?

A

Cognito helps you control access to mobile and web applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is KMS?

A

KMS allows you to generate and store encryption keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Cloud HSM?

A

CloudHSM is a hardware security module (HSM) used to generate encryption keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Secrets Manager?

A

Secrets Manager allows you to manage and retrieve secrets (passwords or keys).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Instead of relying on a single data centre to provide its services across the world, AWS relies on several separate geographic areas, each of which consists of one or more isolated locations. What are the official names for these separate geographic areas, and what is the name for the one or more multiple, isolated locations?

A

Regions; Availability Zones

The separate geographic areas, from which AWS provides its services, are known as Regions. Each Region consists of multiple isolated locations called Availability Zones. Each Availability Zone has one or more data centres.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You want to streamline access management for your AWS administrators by assigning them a pre-defined set of permissions based on their job role. Which options below are the best way to approach this?

  • IAM roles
  • IAM groups
  • IAM policies
A

Use IAM groups

Using IAM groups lets you create a list of pre-defined permissions that any user made a part of that group will be granted. Roles are primarily used to grant AWS resources permissions to other AWS resources and generally are not for end-users. Reference: IAM User Groups

Use IAM policies

You manage permissions for IAM users, groups, and roles by creating a policy document in JSON format and attaching it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In Identity and Access Management (IAM), which term applies to a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS?

A

Principal

A principal is a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the below are TRUE statements when it comes to network security for an EC2 instance in AWS?

  • AWS is responsible for ensuring malicious traffic does not reach the EC2 instance.
  • AWS is responsible for ensuring malicious traffic does not impair the network hardware.
  • The customer is responsible for ensuring malicious traffic does not reach the EC2 instance.
  • The customer is responsible for ensuring unwanted traffic does not reach the EC2 instance.
  • The customer is responsible for ensuring malicious traffic does not impair the network hardware.
A
  • AWS is responsible for ensuring malicious traffic does not impair the network hardware.
  • The customer is responsible for ensuring malicious traffic does not reach the EC2 instance.
  • The customer is responsible for ensuring unwanted traffic does not reach the EC2 instance.