Key Security and Compliance Services Flashcards
What is IAM?
IAM allows you to control access to your AWS services and resources.
What is WAF?
WAF helps protect your web applications against common web attacks.
What is Shield?
Shield is a managed Distributed Denial of Service (DDoS) protection service.
What is Macie?
Macie helps you discover and protect sensitive data.
What is Config?
Config allows you to assess, audit, and evaluate the configurations of your resources.
What is GuardDuty?
GuardDuty is an intelligent threat detection system that uncovers unauthorized behavior.
What is Inspector?
Inspector works with EC2 instances to uncover and report vulnerabilities.
What is Artifact?
Artifact offers on-demand access to AWS security and compliance reports.
What is Cognito?
Cognito helps you control access to mobile and web applications.
What is KMS?
KMS allows you to generate and store encryption keys.
What is Cloud HSM?
CloudHSM is a hardware security module (HSM) used to generate encryption keys.
What is Secrets Manager?
Secrets Manager allows you to manage and retrieve secrets (passwords or keys).
Instead of relying on a single data centre to provide its services across the world, AWS relies on several separate geographic areas, each of which consists of one or more isolated locations. What are the official names for these separate geographic areas, and what is the name for the one or more multiple, isolated locations?
Regions; Availability Zones
The separate geographic areas, from which AWS provides its services, are known as Regions. Each Region consists of multiple isolated locations called Availability Zones. Each Availability Zone has one or more data centres.
You want to streamline access management for your AWS administrators by assigning them a pre-defined set of permissions based on their job role. Which options below are the best way to approach this?
- IAM roles
- IAM groups
- IAM policies
Use IAM groups
Using IAM groups lets you create a list of pre-defined permissions that any user made a part of that group will be granted. Roles are primarily used to grant AWS resources permissions to other AWS resources and generally are not for end-users. Reference: IAM User Groups
Use IAM policies
You manage permissions for IAM users, groups, and roles by creating a policy document in JSON format and attaching it.
In Identity and Access Management (IAM), which term applies to a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS?
Principal
A principal is a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS.