Module 6: Security Flashcards
In the shared responsibility model, what is the customer responsible for?
Where the security of everything IN the platform is the responsibility of the customer.
e.g.
Customer data
Applications, Identity and Access Management
Operating system
Client-side data encryption
In the shared responsibility model, what is AWS responsible for?
Security OF the cloud. E.g. Software Compute power Storage Databases Hardware Regions, AZs, Edge locations
What is AWS Identity and Access Management and it’s key features? (5)
Allows you to manage access to AWS services and resources.
IAM User - Someone or an app you can assign policies or a role to
IAM Policy - A document that grants or denies access to AWS services
IAM group - a group of users
IAM role - predefined policies that can be assigned to a user for a period of time
Multi-factor authentication (MFA)
What is the route user
When you create an AWS account, you give yourself permission to create more users and you operate as a newly created user. The account you used to create the operational user account is the root user and should only be used for a limited number of tasks.
What is MFA?
When you sign into your user account, you need the IAM ID and password. You’ll then be prompted to provide a response from a AWS MFA device.
What are AWS organizations and Organizational Units?
Organization is a feature that allows a root account the ability to manage mulitpl AWS accounts in a central location. Incl. creation of Organizational Units who can have the same service control policies (SCPs). SCPs can be assigned to individual member accounts.
What AWS service is used for the purposes of compliance?
AWS Arifact?
What does AWS Artifact allow you to do?
Access AWS compliance reports on demand
Review, accept and manage agreements with AWS
Access compliance reports from third-party auditors
What are features of the customer compliance center?
Contains resources to help you learn about AWS compliance. Access technical compliance papers. Complete the auditor learning path.
What is AWS WAF?
AWS Web Application Firewall - protects your web applications or APIs from web exploits and bots
What is Denials of service attack (DoS) and a Distributed DoS?
An attack that originates from a single source typically trying to overload the target with requests.
DDoS is the same idea but from multiple sources using bots.
What is AWS shield and it’s features?
Provides protection against DoS and DDoS. Integrate AWS Shield Advances and other services. Write custom ACL ruls with AWS WAF for complex DDoS attacks.`
What is Amazon Inspector and it’s features?
Allows you to perform automated security assessments on applications. Identify security vulnerabilities. Receive recommendations of how to fix.
What are two additional security services and their features?
AWS Key Management Service - helps customers perform
What AWS provides intelligent threat detection for AWS products and services?
Amazon GuardDuty
