Other Security Services Relevant to Security Exam Flashcards
What does Macie do?
identifies PII in S3, can also be used to analyze Cloudtrail logs to audit who is accessing sensitive data
How does Maci classify data?
1) content type 2) file extensions 3) themes (eg: AmEx, Visa) 4) keywords or regex
What IAM permissions does Macie need?
IAM permissions for S3 and Cloudtrail, and need to explicitly click Integration and Start Analyzing
What does GuardDuty do?
monitors unusual API calls, disable Cloudtrail logging, unauthorized deployments, compromised instances, port scanning, failed logins. Can monitor across multiple accounts
To what two places does GuardDuty send alerts to?
It’s own console and CloudWatch events.
How long does GuardDuty need to establish baseline?
7-14 days
How can applications retrieve credentials?
By making API calls to Secret manager to programmatically retrieve credentials
What is the difference between Secrets Manager vs Parameter store?
Secrets Manager has built-in encryption for RDS, auto-rotate RDS secrets, everything is KMS encrypted, built-in integration with RDS (MySQL, PostgreSQL, Aurora), replicate secrets to other regions, PAID
SSM Parameter Store stores all user-defined parameters, can be plaintext or encrypted, no replication of parameters to other regions but is free
What is the thing about secrets in Secrets Manager?
Have a waiting period of min 7 days to delete a secret
Can SM secrets be replicated to another region, and what happens if you do?
Secrets can be replicated to another region for multi-region apps and DR. Replicated secret cannot be edited but can be promoted to a standalone secret.
What is secrets resource policy handy for?
Cross-account access
What do secrets have attached?
Versions and labels
What is AD Federation?
Allows logging into AWS using existing corporate logins and SSO
What is SAML?
Security Assertion Markup Language - enables SSO for AWS accounts
What are the AD Federation steps?
- In AWS, ADFS is added as a trusted provider
- In ADFS< AWS is configured as Relying Party Trust