Module 6: Security

Question 1

What is the AWS Shared Responsibility Model?

Answer 1

1. Customer is Responsible for the security “in” the Cloud
2. AWS is responsible for the security “of” of the Cloud

Question 2

What items are Customers responsible for the security “in” the Cloud?

Answer 2

1. Operating System
2. Application
3. Data

Question 3

What items is AWS responsible for the security “in” the Cloud?

Answer 3

1. Physical
2. Network
3. Hypervisor

Question 4

What is Multi-Factor Authentication (MFA)?

Answer 4

Provides an extra layer of security for your AWS account through password and then a second form of authentication

Question 5

What is AWS Identity and Access Management (IAM)?

Answer 5

Enables you to manage access to AWS services and resources securely

Question 6

Components of AWS Identity and Access Management (IAM)

Answer 6

1. Root User
2. Users
3. Group
4. Policies
5. Roles

Question 7

What are IAM Root Users?

Answer 7

Access and control any resource in the account

Question 8

What are IAM Users?

Answer 8

Identity that you create in AWS. It represents the person or application that interacts with AWS services and resource

Question 9

What are IAM Groups?

Answer 9

Collection of IAM users

Question 10

What are IAM Policies?

Answer 10

Document that allows or denies permissions to AWS services and resources.

Question 11

What is Principle of Least Privilege?

Answer 11

A user is granted access to only what they need

Question 12

Components of an IAM Policy

Answer 12

1. Effect: Allow or Deny
2. Action: List any AWS API Call
3. Resource: Which AWS resource the API Call is for

Question 13

What is an IAM Role?

Answer 13

You can assume to gain temporary access to permissions.

Question 14

Functions of an IAM Role

Answer 14

1. Associated permissions
2. Allow or Deny
3. Assumed for temporary amounts of time
4. No username or password
5. Access to temporary permissions to:

Question 15

What is an AWS Organization?

Answer 15

A central location to manage multiple AWS accounts

Question 16

What is a Service Control Policy (SCP)?

Answer 16

Specify the maximum permissions for member accounts in the organization.

Question 16

Features of an AWS Organization

Answer 16

1. Centralized management
2. Consolidated billing
3. Hierarchical groupings of accounts
4. AWS service and API actions Access control

Question 17

What are Organizational Units (OUs)?

Answer 17

In AWS Organizations, you can group accounts into organizational units (OUs) to make it easier to manage accounts with similar business or security requirements.

Question 18

What is AWS Artifact?

Answer 18

Service that provides on-demand access to AWS security and compliance reports and select online agreements

Question 19

Sections of AWS Artifact

Answer 19

1. AWS Artifact Agreements
2. AWS Artifact Reports

Question 20

What are AWS Artifact Agreements?

Answer 20

You can review, accept, and manage agreements for an individual account and for all your accounts in AWS Organizations

Question 21

What are AWS Artifact Reports?

Answer 21

Provide compliance reports from third-party auditors

Question 22

What is the Customer Compliance Center?

Answer 22

Read customer compliance stories to discover how companies in regulated industries have solved various compliance, governance, and audit challenges

Question 23

What is a Denial-of-Service (DoS) Attack?

Answer 23

A deliberate attempt to make a website or application unavailable to users.

Question 24

Types of DoS Attacks

Answer 24

1. UDP Flood
2. HTTP Level Attacks
3. Slowloris Attack

Question 25

What is a UDP Flood Attack?

Answer 25

Request large amount of requests and fake return addresses

Question 26

What AWS solution prevents UDP Flood Attacks?

Answer 26

Security Groups

Question 27

What is an HTTP Level Attack?

Answer 27

Bots making large amount of requests that regular customers can’t get in

Question 28

What is a Slowloris Attack?

Answer 28

Attack pretends to have a terribly slow connection

Question 29

What AWS solution prevents Slowloris attacks?

Answer 29

Elastic Load Balancer

Question 30

Types of Distributed Denial-of-Service Attack (DDoS) Tools

Answer 30

1. AWS Shield
2. AWS Shield Advanced

Question 31

What is AWS Shield?

Answer 31

Protects all AWS customers at no cost. It protects your AWS resources from the most common, frequently occurring types of DDoS attacks

Question 32

How is AWS Shield configured?

Answer 32

As network traffic comes into your applications, AWS Shield Standard uses a variety of analysis techniques to detect malicious traffic in real time and automatically mitigates it

Question 33

What is AWS Shield Advanced?

Answer 33

Paid service that provides detailed attack diagnostics and the ability to detect and mitigate sophisticated DDoS attacks

Question 34

What is AWS Key Management Service (AWS KMS)?

Answer 34

Enables you to perform encryption operations through the use of cryptographic keys

Question 35

What are Cryptographic Keys?

Answer 35

Random string of digits used for locking (encrypting) and unlocking (decrypting) data

Question 36

What is AWS WAF?

Answer 36

Web application firewall that lets you monitor network requests that come into your web applications by working together with Amazon CloudFront and an Application Load Balance by using a web access control list (ACL) to protect your AWS resources

Question 37

What is Amazon Inspector?

Answer 37

Helps to improve the security and compliance of applications by running automated security assessments

Question 38

What is Amazon GuardDuty?

Answer 38

Service that provides intelligent threat detection for your AWS infrastructure and resources by identifying threats by continuously monitoring the network activity and account behavior within your AWS environment.