Networking / Security, Identity, and Compliance Flashcards
What release strategy does API GATEWY supports?
Canary relase
Whats the DIFF between REST and HTTP APIs?
REST supports more features but HTTP are cheaper.
Whats its the CDN service of AWS?
CloudFront
How can improve the latency of a lambda function?
Using Lambda@Edge, a use case from CloudFront
What are signed URL used for?
Serve private content to costumers. This is a feature of CloudFront, also can be signed cookies.
Which layer opareates ELB and ALB?
ELB works on both 4 and 7. ALB only in 7.
AWS recomends use PrivateLink when:
You want to use services offered by another VPC securely within an AWS network, using private IP addresses. Alternatively, AWS PrivateLink is a good solution when the VPCs have overlapped IP addresses.
Does Route53 supports Healthchecks?
Yes.
Whcich service can you use to connect on-premises services with AWS?
AWS Site-to-site VPN
Its a regional virtual router
AWS Transit Gateway
________________________ allows you to manage and monitor your AWS network environment from a centralized location, including creating global networks.
AWS Network Manager
_____________________ is a fully managed application networking service that you use to connect, secure, and monitor all of your services across multiple accounts and virtual private clouds (VPCs).
VPC Lattice
_____________________ is a virtual network dedicated to your AWS account.
VPC
What service should you use to manage public certificates?
AWS Certificate Manager (ACM)
What service should you use to manage private certificates?
AWS Private CA
What does means ‘HSM’ in CloudHSM?
Hardware Security Module
What third parties are supported by Amazon Cognito?
Facebook, Google, Apple, Amazon, OIDC and SAML.
What is Amazon Detective?
helps you analyze, investigate, and quickly identify the root cause of security findings or suspicious activities. Detective automatically collects log data from your AWS resources. It then uses machine learning, statistical analysis, and graph theory to generate visualizations that help you to conduct faster and more efficient security investigations.
What data sources uses Amazon Cognito?
Logs from AWS services, VPC Flow logs, CloudTrail, Findings from GuardDuty.
Service to integrate MS Active Directory into AWS:
AWS Directory Service
AD connector:
is a proxy service that provides an easy way to connect compatible AWS applications, such as Amazon WorkSpaces, Amazon QuickSight, and Amazon EC2 for Windows Server instances, to your existing on-premises Microsoft Active Directory.
Simple AD:
is a Microsoft Active Directory–compatible directory from AWS Directory Service that is powered by Samba 4. Simple AD supports basic Active Directory features such as user accounts, group memberships, joining a Linux domain or Windows based EC2 instances, Kerberos-based SSO, and group policies. AWS provides monitoring, daily snap-shots, and recovery as part of the service.
What is Amazon GuardDuty?
Is a security monitoring service that analyzes and processes Foundational data sources, such as AWS CloudTrail management events, AWS CloudTrail event logs, VPC flow logs (from Amazon EC2 instances), and DNS logs. It also processes Features such as Kubernetes audit logs, RDS login activity, S3 logs, EBS volumes, Runtime monitoring, and Lambda network activity logs. It uses threat intelligence feeds, such as lists of malicious IP addresses and domains, and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your AWS environment.
What groups of resources are covered in Amazon Inspector?
Account,
EC2 Instances,
ECR Repos and images,
Lambdas
