Module 6: Security

Question 1

What is the Shared Responsibility Model?

Answer 1

The shared responsibility model divides into customer responsibilities (commonly referred to as “security in the cloud”) and AWS responsibilities (commonly referred to as “security of the cloud”)

Question 2

What are some examples of Customer Responsibilities in the Shared Responsibility Model?

Answer 2

• Instance Operating System
• Applications
• Security Groups
• Host-based Firewalls
• Account Management

Question 3

What are some examples of AWS Responsibilities in the Shared Responsibility Model?

Answer 3

• Physical Security of data centers
• Hardware and software infrastructure
• Network infrastructure
• Virtualisation infrastructure

Question 4

What does AWS Identity and Access Management (IAM) allow?

Answer 4

AWS Identity and Access Management (IAM) allows you to manage access to AWS services and resources securely.

Question 5

What is the difference between Root Users and IAM Users?

Answer 5

Root users have complete access to all of the AWS services and resources within the AWS account whereas IAM Users represent the person or application that interacts with AWS services and resources

Question 6

What is a IAM Policy?

Answer 6

An IAM policy is a document that allows or denies permissions to AWS services and resources

Question 7

What is a IAM Group?

Answer 7

An IAM group is a collection of IAM users. When you assign an IAM policy to a group, all users in the group are granted permissions specified by the policy.

Question 8

What is a IAM Role?

Answer 8

An IAM role is an identity that you can assume to gain temporary access to permissions.

Question 9

What is an AWS Organization?

Answer 9

AWS Organizations helps you consolidate and manage multiple AWS accounts within a central location. When you create an organization, AWS Organizations automatically creates a root, which is the parent container for all the accounts in your organization.

Question 10

What are Service Control Policies?

Answer 10

SCPs help you place restrictions on the AWS services, resources, and individual API actions that the users and roles in each account can access.

Question 11

What do Organisational Units enable?

Answer 11

Organizational Units enable users to easily isolate workloads or applications that have specific security requirements. For instance, if your company has accounts that can access only the AWS services that meet certain regulatory requirements, you can put these accounts into one OU.

Question 12

What is AWS Artifact?

Answer 12

AWS Artifact is a service that provides on-demand access to AWS security and compliance reports and select online agreements

Question 13

What is AWS Artifact Agreements?

Answer 13

AWS Artifact Agreements is a service where you can review, accept, and manage agreements for an individual account and for all your accounts in AWS Organizations

Question 14

What is AWS Artifact Reports?

Answer 14

AWS Artifact Reports is a service that provides

compliance reports from third-party auditors.

Question 15

What is Customer Compliance Center?

Answer 15

The Customer Compliance Center contains resources to help you learn more about AWS compliance. In the Customer Compliance Center, you can read customer compliance stories to discover how companies in regulated industries have solved various compliance,
governance, and audit challenges.

Question 16

What is AWS WAF and which other Amazon services does it work with?

Answer 16

AWS WAF is a web application firewall that lets you monitor network requests that come into your web applications. AWS WAF works together with Amazon CloudFront and an Application Load Balancer.

Question 17

What is the difference between a denial of service (DoS) attack and a distributed denial of service (DDoS) attack?

Answer 17

A denial of service (DoS) attack is a deliberate attempt to make a website or application unavailable to users, whereas In a distributed denial of service (DDoS) attack, multiple sources are used to start an attack that aims to make a website or application unavailable

Question 18

What is AWS Shield and what levels of protection does it provide?

Answer 18

AWS Shield is a service that protects applications against DDoS attacks. AWS Shield provides two levels of protection: Standard (Free) and Advanced (Paid)

Question 19

What is Amazon Inspector?

Answer 19

Amazon Inspector allows you to perform automated security assessments on your applications.

Question 20

What is AWS Key Management Service?

Answer 20

AWS Key Management Service (AWS KMS) helps customers perform encryption operations through the use of cryptographic keys

Question 21

What is Amazon GuardDuty?

Answer 21

Amazon GuardDuty is a service that provides intelligent threat detection for your AWS infrastructure and resources. It identifies threats by continuously monitoring the network activity and account behavior within your AWS environment.

Question 22

What is the concept of Least Privilege?

Answer 22

Least Privilege refers to granting only the permissions that are needed to perform specific job tasks.