Section 13.5 - 16.5 Flashcards
The billing alarm (e.g. for EC2 instances) in CloudWatch is only available in this region
us-east-1 (Northern Virginia)
A user has deleted something; how can we figure out who deleted it and when?
AWS CloudTrail
Which AWS provides personalized alerts and remediation guidance when AWS is experiencing events that may impact you?
Which dashboard provides global information on AWS health?
AWS Health Dashboard = personalized info
AWS Service Health Dashboard = Global info
This AWS service provides governance, compliance, and risk auditing for your AWS Account
AWS CloudTrail
Network ACL (NACL) controls to/from at the ______ level, whereas Security Groups control to/from at the ___ __________ level
subnet; EC2 instance
Network ACL has _______/_____, Security groups only have _______
ALLOW/DENY; ALLOW
What do Network ACL rules include? What do Security groups rules include?
NACL = IP addresses only, Security groups = IP addresses and other security groups
Which AWS firewall is stateful, and what does that mean?
Security groups are stateful, which means return traffic is automatically allowed regardless of rules
Which AWS firewall is stateless, and what does that mean?
NACL is stateless, which means return traffic must be allowed by the rules before it is accepted
VPC Endpoints are used for what? When is it called a gateway? When is it called an interface?
VPC Endpoints are used for accessing your services privately. It’s called a gateway for S3 and DynamoDB. It’s called an interface for every other service.
In order to establish a site-to-site VPN connection between your on-premises DC and AWS, what 2 components are needed?
- On-premises: there must be a Customer Gateway (CGW)
- On AWS: there must be a Virtual Private Gateway (VGW)
How can you connect hundreds or thousands of VPC together as well as your on-premises infrastructure?
AWS Transit Gateway
You need a logically isolated section of AWS, where you can launch AWS resources in a private network that you define. What should you use?
A VPC
What DDoS protection is activated by default for every customer?
What provides a higher level of defence and 24/7 access to an AWS DDoS response team?
AWS Shield Standard
AWS Shield Advanced
Which AWS service allows you to manage VPC security groups across multiple accounts in an organization?
AWS Firewall Manager