Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Tut Dojo Test 5 1st attempt > Neil Davis Test 4 > Flashcards

Neil Davis Test 4 Flashcards

1
Q

Validating CloudTrail log file integrity

A

To determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it, you can use CloudTrail log file integrity validation.

This feature is built using industry standard algorithms: SHA-256 for hashing and SHA-256 with RSA for digital signing.

a validated log file enables you to assert positively that the log file itself has not changed, or that particular user credentials performed specific API activity.

When you enable log file integrity validation, CloudTrail creates a hash for every log file that it delivers. Every hour, CloudTrail also creates and delivers a file that references the log files for the last hour and contains a hash of each. This file is called a digest file.

CloudTrail signs each digest file using the private key of a public and private key pair. After delivery, you can use the public key to validate the digest file. CloudTrail uses different key pairs for each AWS region

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

CloudTrail - Enabling validation and validating files

A

CLI - aws cloudtrail update-trail –name your-trail-name –enable-log-file-validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is elasticashe

A

Fully Managed implementation Redit and MemcacheD

ElastiCache is a key/value store

In-memory database offering high performance and low latency

Can be put in front of databases such as RDS and DynamoDB

Good solution if Database is read heavy and does not change frequently.

Elasticash can be used for storing session state

provide push-button scalability for memory or or write and reads

ElastiCache EC2 nodes cannot be accessed by EC2 instances in other VPCs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

MemcacheD Features

A 
Data Persistance : No
Data Types : simple
Data Partitioning: Yes
Encryption : No
HA (Replication): No

Multi-AZ: Yes, Place nodes in Multiple AZ. No For failover or replication.

Scaling: Up (node Types); Out (add nodes)

Multi Threading : Yes

Backup and restore: No (and No snapshots)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Redis (cluster mode disable) - features

A 
Data Persistance : Yes
Data Types : Complex
Data Partitioning: No
Encryption : Yes
HA (Replication): Yes

Multi-AZ: Yeswith auto-failover. Uses read replicas (0-5 per shard)

Scaling: Up (node Types); Out (add replicas)

Multi Threading : No

Backup and restore: Yes (Auto and Manual snapshots)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Redis (cluster mode on) -features

A 
Data Persistance : Yes
Data Types : Complex
Data Partitioning: Yes
Encryption : Yes
HA (Replication): Yes

Multi-AZ: Yeswith auto-failover. Uses read replicas (0-5 per shard)

Scaling: Up (node Types); Out (add shards)

Multi Threading : No

Backup and restore: Yes (Auto and Manual snapshots)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Tag Policy

A

Tag policies are a type of policy that can help you standardize tags across resources in your organization’s accounts. In a tag policy, you specify tagging rules applicable to resources when they are tagged.
Using tag policies requires the following:

  • Your organization must have all features enabled.
  • You must be signed in to your organization’s management account.
  • You need the correct IAM permissions for AWS Organizations.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Federation?

A
  • Allows users outside of AWS to assume temp role for accessing AWS resources
  • These users assume identity provided access.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How does Federation authenticate?

A

Assumes a form of 3rd party authentication

  • LDAP
  • Microsoft Active Directory (SAML)
  • Single Sign On
  • Open ID
  • Cognito.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

SAML Federation for Enterprise

A

To integrate AD/ADFS with AWS or any SAML 2.0

Provides access to AWS console or CLI (through Temporary creds)

No Need to create IAM user for each of your employees.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SAML Process - Client Base

A
  1. Client app communicate with IdP (SAML)
  2. IDP validates LDAP Based data store
  3. Idp Sends SAML assertion to Client app (TOKEN)
  4. Client app calls Assertion to STS.
  5. STS Provides Temp credentials.
  6. Client is able to communicate with resources.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SAML Process - AWS Console Base

A
  1. Client app communicate with IdP (SAML)
  2. IDP validates LDAP Based data store
  3. Idp Sends SAML assertion to Client app (TOKEN)
  4. Client app calls Assertion to SSO Signin URL.
  5. SS0 Endpoint communicates with STS
    6 SSO endpoint validates and pand sends redirect.
  6. Client is able to communicate with AWS Console.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Custom Identity Broker

A
  • Use only if Idp is not compatible with SAML 2.0

- The identity broker must determine the appropriate IAM policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

AWS Cognito - Federated ID Pools

A

Goal: Provides access to AWS resources from Client side

How :

Log in to federated Identity provider- or remain anonymous

Get temporary AWS creds back from the Federation ID pools

These credentials comes with pre-defined IAM Stating their permissions.

Example : log in with Fb creds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Tut Dojo Test 5 1st attempt (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions