Networking / Security, Identity, and Compliance

Question 1

What release strategy does API GATEWY supports?

Answer 1

Canary relase

Question 2

Whats the DIFF between REST and HTTP APIs?

Answer 2

REST supports more features but HTTP are cheaper.

Question 3

Whats its the CDN service of AWS?

Answer 3

CloudFront

Question 4

How can improve the latency of a lambda function?

Answer 4

Using Lambda@Edge, a use case from CloudFront

Question 5

What are signed URL used for?

Answer 5

Serve private content to costumers. This is a feature of CloudFront, also can be signed cookies.

Question 6

Which layer opareates ELB and ALB?

Answer 6

ELB works on both 4 and 7. ALB only in 7.

Question 7

AWS recomends use PrivateLink when:

Answer 7

You want to use services offered by another VPC securely within an AWS network, using private IP addresses. Alternatively, AWS PrivateLink is a good solution when the VPCs have overlapped IP addresses.

Question 8

Does Route53 supports Healthchecks?

Answer 8

Yes.

Question 9

Whcich service can you use to connect on-premises services with AWS?

Answer 9

AWS Site-to-site VPN

Question 10

Its a regional virtual router

Answer 10

AWS Transit Gateway

Question 11

________________________ allows you to manage and monitor your AWS network environment from a centralized location, including creating global networks.

Answer 11

AWS Network Manager

Question 12

_____________________ is a fully managed application networking service that you use to connect, secure, and monitor all of your services across multiple accounts and virtual private clouds (VPCs).

Answer 12

VPC Lattice

Question 13

_____________________ is a virtual network dedicated to your AWS account.

Answer 13

VPC

Question 14

What service should you use to manage public certificates?

Answer 14

AWS Certificate Manager (ACM)

Question 15

What service should you use to manage private certificates?

Answer 15

AWS Private CA

Question 16

What does means ‘HSM’ in CloudHSM?

Answer 16

Hardware Security Module

Question 17

What third parties are supported by Amazon Cognito?

Answer 17

Facebook, Google, Apple, Amazon, OIDC and SAML.

Question 18

What is Amazon Detective?

Answer 18

helps you analyze, investigate, and quickly identify the root cause of security findings or suspicious activities. Detective automatically collects log data from your AWS resources. It then uses machine learning, statistical analysis, and graph theory to generate visualizations that help you to conduct faster and more efficient security investigations.

Question 19

What data sources uses Amazon Cognito?

Answer 19

Logs from AWS services, VPC Flow logs, CloudTrail, Findings from GuardDuty.

Question 20

Service to integrate MS Active Directory into AWS:

Answer 20

AWS Directory Service

Question 21

AD connector:

Answer 21

is a proxy service that provides an easy way to connect compatible AWS applications, such as Amazon WorkSpaces, Amazon QuickSight, and Amazon EC2 for Windows Server instances, to your existing on-premises Microsoft Active Directory.

Question 22

Simple AD:

Answer 22

is a Microsoft Active Directory–compatible directory from AWS Directory Service that is powered by Samba 4. Simple AD supports basic Active Directory features such as user accounts, group memberships, joining a Linux domain or Windows based EC2 instances, Kerberos-based SSO, and group policies. AWS provides monitoring, daily snap-shots, and recovery as part of the service.

Question 23

What is Amazon GuardDuty?

Answer 23

Is a security monitoring service that analyzes and processes Foundational data sources, such as AWS CloudTrail management events, AWS CloudTrail event logs, VPC flow logs (from Amazon EC2 instances), and DNS logs. It also processes Features such as Kubernetes audit logs, RDS login activity, S3 logs, EBS volumes, Runtime monitoring, and Lambda network activity logs. It uses threat intelligence feeds, such as lists of malicious IP addresses and domains, and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your AWS environment.

Question 24

What groups of resources are covered in Amazon Inspector?

Answer 24

Account,
EC2 Instances,
ECR Repos and images,
Lambdas

Question 25

_____________________ is a fully managed data security and data privacy service. Macie uses machine learning and pattern matching to help you discover, monitor, and protect your sensitive data in Amazon S3.

Answer 25

Amazon Macie

Question 26

What is AWS Network Firewall?

Answer 26

is a stateful, managed, network firewall and intrusion detection and prevention service for your virtual private cloud (VPC) that you created in Amazon Virtual Private Cloud (Amazon VPC).

Question 27

What is AWS Secrets Manager?

Answer 27

helps you manage, retrieve, and rotate database credentials, application credentials, OAuth tokens, API keys, and other secrets throughout their lifecycles. Many AWS services that use secrets store them in Secrets Manager.

Question 28

_____________________ provides you with a comprehensive view of your security state in AWS and helps you check your environment against security industry standards and best practices. Collects security data from across AWS accounts, services, and supported third-party partner products and helps you analyze your security trends and identify the highest priority security issues.

Answer 28

AWS Security Hub

Question 29

________________________ as a web service that enables you to request temporary, limited-privilege credentials for users

Answer 29

AWS Security Token Service (AWS STS)

Question 30

Whats does AWS Shield protects you from?

Answer 30

DDoS attacks

Question 31

Whats the DIFF between AWS Shield Standard and Advanced?

Answer 31

AWS Shield Standard is automatically included at no extra cost beyond what you already pay for AWS WAF and your other AWS services. For added protection against DDoS attacks, AWS offers AWS Shield Advanced. AWS Shield Advanced provides expanded DDoS attack protection for your Amazon EC2 instances, Elastic Load Balancing load balancers, Amazon CloudFront distributions, and Amazon Route 53 hosted zones.

Question 32

What is the succesor to AWS Single Sign On?

Answer 32

AWS IAM Identity Center

Question 33

_________________________ provides one place where you can create or connect workforce users and centrally manage their access across all their AWS accounts and applications.

Answer 33

AWS IAM Identity Center

Question 34

What kind of connections can be protected with AWS WAF?

Answer 34

HTTP(S)