Section 13.5 - 16.5 Flashcards

1
Q

The billing alarm (e.g. for EC2 instances) in CloudWatch is only available in this region

A

us-east-1 (Northern Virginia)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A user has deleted something; how can we figure out who deleted it and when?

A

AWS CloudTrail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which AWS provides personalized alerts and remediation guidance when AWS is experiencing events that may impact you?

Which dashboard provides global information on AWS health?

A

AWS Health Dashboard = personalized info

AWS Service Health Dashboard = Global info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

This AWS service provides governance, compliance, and risk auditing for your AWS Account

A

AWS CloudTrail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Network ACL (NACL) controls to/from at the ______ level, whereas Security Groups control to/from at the ___ __________ level

A

subnet; EC2 instance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Network ACL has _______/_____, Security groups only have _______

A

ALLOW/DENY; ALLOW

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What do Network ACL rules include? What do Security groups rules include?

A

NACL = IP addresses only, Security groups = IP addresses and other security groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which AWS firewall is stateful, and what does that mean?

A

Security groups are stateful, which means return traffic is automatically allowed regardless of rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which AWS firewall is stateless, and what does that mean?

A

NACL is stateless, which means return traffic must be allowed by the rules before it is accepted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

VPC Endpoints are used for what? When is it called a gateway? When is it called an interface?

A

VPC Endpoints are used for accessing your services privately. It’s called a gateway for S3 and DynamoDB. It’s called an interface for every other service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In order to establish a site-to-site VPN connection between your on-premises DC and AWS, what 2 components are needed?

A
  1. On-premises: there must be a Customer Gateway (CGW)
  2. On AWS: there must be a Virtual Private Gateway (VGW)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How can you connect hundreds or thousands of VPC together as well as your on-premises infrastructure?

A

AWS Transit Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You need a logically isolated section of AWS, where you can launch AWS resources in a private network that you define. What should you use?

A

A VPC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What DDoS protection is activated by default for every customer?

What provides a higher level of defence and 24/7 access to an AWS DDoS response team?

A

AWS Shield Standard

AWS Shield Advanced

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which AWS service allows you to manage VPC security groups across multiple accounts in an organization?

A

AWS Firewall Manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Amazons policy in regards to pentesting, service attacks, and flooding??

A

Penetration testing is allowed on certain services, however anything related to an attack (DoS, flooding) is prohibited.

17
Q

What service can help us with in-flight encryption and generate SSL/TLS certificates?

A

AWS Certificate Manager (CAM)

18
Q

There’s a secret that needs managing/rotating in RDS, what can we use for this?

A

AWS Secrets Manager

19
Q

I need to ensure my company is following the compliance documentation laid out by Amazon, where can I find it?

A

AWS Artifact

20
Q

Which service is a good tool to protect you against Cryptocurrency attacks?

A

AWS GuardDuty

21
Q

What are 4 things that only the root user can do?

A
  1. Change account settings (name, etc.)
  2. Close the AWS account
  3. Change or cancel the AWS support plan
  4. Register as a seller in the Reserved Instance Marketplace