Networking / Security, Identity, and Compliance Flashcards
What release strategy does API GATEWY supports?
Canary relase
Whats the DIFF between REST and HTTP APIs?
REST supports more features but HTTP are cheaper.
Whats its the CDN service of AWS?
CloudFront
How can improve the latency of a lambda function?
Using Lambda@Edge, a use case from CloudFront
What are signed URL used for?
Serve private content to costumers. This is a feature of CloudFront, also can be signed cookies.
Which layer opareates ELB and ALB?
ELB works on both 4 and 7. ALB only in 7.
AWS recomends use PrivateLink when:
You want to use services offered by another VPC securely within an AWS network, using private IP addresses. Alternatively, AWS PrivateLink is a good solution when the VPCs have overlapped IP addresses.
Does Route53 supports Healthchecks?
Yes.
Whcich service can you use to connect on-premises services with AWS?
AWS Site-to-site VPN
Its a regional virtual router
AWS Transit Gateway
________________________ allows you to manage and monitor your AWS network environment from a centralized location, including creating global networks.
AWS Network Manager
_____________________ is a fully managed application networking service that you use to connect, secure, and monitor all of your services across multiple accounts and virtual private clouds (VPCs).
VPC Lattice
_____________________ is a virtual network dedicated to your AWS account.
VPC
What service should you use to manage public certificates?
AWS Certificate Manager (ACM)
What service should you use to manage private certificates?
AWS Private CA
What does means ‘HSM’ in CloudHSM?
Hardware Security Module
What third parties are supported by Amazon Cognito?
Facebook, Google, Apple, Amazon, OIDC and SAML.
What is Amazon Detective?
helps you analyze, investigate, and quickly identify the root cause of security findings or suspicious activities. Detective automatically collects log data from your AWS resources. It then uses machine learning, statistical analysis, and graph theory to generate visualizations that help you to conduct faster and more efficient security investigations.
What data sources uses Amazon Cognito?
Logs from AWS services, VPC Flow logs, CloudTrail, Findings from GuardDuty.
Service to integrate MS Active Directory into AWS:
AWS Directory Service
AD connector:
is a proxy service that provides an easy way to connect compatible AWS applications, such as Amazon WorkSpaces, Amazon QuickSight, and Amazon EC2 for Windows Server instances, to your existing on-premises Microsoft Active Directory.
Simple AD:
is a Microsoft Active Directory–compatible directory from AWS Directory Service that is powered by Samba 4. Simple AD supports basic Active Directory features such as user accounts, group memberships, joining a Linux domain or Windows based EC2 instances, Kerberos-based SSO, and group policies. AWS provides monitoring, daily snap-shots, and recovery as part of the service.
What is Amazon GuardDuty?
Is a security monitoring service that analyzes and processes Foundational data sources, such as AWS CloudTrail management events, AWS CloudTrail event logs, VPC flow logs (from Amazon EC2 instances), and DNS logs. It also processes Features such as Kubernetes audit logs, RDS login activity, S3 logs, EBS volumes, Runtime monitoring, and Lambda network activity logs. It uses threat intelligence feeds, such as lists of malicious IP addresses and domains, and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your AWS environment.
What groups of resources are covered in Amazon Inspector?
Account,
EC2 Instances,
ECR Repos and images,
Lambdas
_____________________ is a fully managed data security and data privacy service. Macie uses machine learning and pattern matching to help you discover, monitor, and protect your sensitive data in Amazon S3.
Amazon Macie
What is AWS Network Firewall?
is a stateful, managed, network firewall and intrusion detection and prevention service for your virtual private cloud (VPC) that you created in Amazon Virtual Private Cloud (Amazon VPC).
What is AWS Secrets Manager?
helps you manage, retrieve, and rotate database credentials, application credentials, OAuth tokens, API keys, and other secrets throughout their lifecycles. Many AWS services that use secrets store them in Secrets Manager.
_____________________ provides you with a comprehensive view of your security state in AWS and helps you check your environment against security industry standards and best practices. Collects security data from across AWS accounts, services, and supported third-party partner products and helps you analyze your security trends and identify the highest priority security issues.
AWS Security Hub
________________________ as a web service that enables you to request temporary, limited-privilege credentials for users
AWS Security Token Service (AWS STS)
Whats does AWS Shield protects you from?
DDoS attacks
Whats the DIFF between AWS Shield Standard and Advanced?
AWS Shield Standard is automatically included at no extra cost beyond what you already pay for AWS WAF and your other AWS services. For added protection against DDoS attacks, AWS offers AWS Shield Advanced. AWS Shield Advanced provides expanded DDoS attack protection for your Amazon EC2 instances, Elastic Load Balancing load balancers, Amazon CloudFront distributions, and Amazon Route 53 hosted zones.
What is the succesor to AWS Single Sign On?
AWS IAM Identity Center
_________________________ provides one place where you can create or connect workforce users and centrally manage their access across all their AWS accounts and applications.
AWS IAM Identity Center
What kind of connections can be protected with AWS WAF?
HTTP(S)
