Security

Question 1

AWS Firewall that let’s you monitor HTTP and HTTPS

Answer 1

AWS WAF

Question 2

What services can be protected by an AWS WAF

Answer 2

CloudFront
Application Load Balancer (ALB)
API Gateway

Question 3

What can be tracked with AWS WAF

Answer 3

IP address request comes form
Countryh request comes form
Values in request header
Strings in request (based on regex)
Lenght of request
SQL injuection
Cross-site scripting

Question 4

3 types of allowed behavior for AWS WAF

Answer 4

Allow all requests except ones you specifiy
Block all requests except the once you specify
Count number of requests based on specs

Question 5

What AWS service should you use if you want to prevent certain IP addresses or countries from hitting your CloudFront distribution

Answer 5

WAF

Question 6

What AWS service should you use to help prevent SQL injection or cross-site scripting on your Layer 7 application

Answer 6

WAF

Question 7

Where does CloudTrail store it’s API logs

Answer 7

S3

Question 8

How to monitor all API calls in your account

Answer 8

Cloudtrail

Question 9

Free DDoS protection for Layer 3 and Layer 4 SYN/UDP flood and reflection attacks

Answer 9

AWS Shield

Question 10

More enhanced protection for ELB, Cloudfront and Route53 with near real-time notifications of DDoS attacks

Answer 10

AWS Shield Advanced

Question 11

How much is Shield Advanced

Answer 11

$3000 / month

Question 12

Centralized Threat detection service that uses Machine Learning to continuously look for malicious activity in your account/s and lookups on known malicious IPs.

Answer 12

AWS GuardDuty

Question 13

How can you respond to a threat found by GuardDuty?

Answer 13

Create a Cloudwatch Event to Trigger a Lambda function that addresses a threat

Question 14

Centralize and set and manage firewall rules across AWS Organizations

Answer 14

Firewall Manager

Question 15

Automated Security Detection Service that assessess applications for vulnerabilities on EC2 and VPC

Answer 15

AWS Inspector

Question 16

2 Types of Assessments Inspector can give you

Answer 16

Network Assessment
Host Accessment

Question 17

TRUE or FALSE Inspector Host assessments can be turned on easily in EC2 Console

Answer 17

FALSE, must install agent on EC2 unless it is an instance that allows SSM manager run command

Question 18

3 Ways to Create CMK

Answer 18

AWS creates it for you and managed in KMS

Can import Key material

Use in CloudHSM

Question 19

What Encryption service you should use if you need a dedicated and full control of hardware

Answer 19

CloudHSM

Question 20

You want to use Secrets Manager for password rotation. You turned it on but now your application is having trouble authenticating with old password what happened?

Answer 20

Secrets Manager auto rotates the secret once and you had something hard coded in your app

Question 21

How many parameters can be stored in parameter store?

Answer 21

10,000

Question 22

Supported Services for AWS Certificate Manager

Answer 22

ELB
CloudFront
API Gateway

Question 23

Continuously audit and Compliance AWS Accounts for things like HIPPA

Answer 23

AWS Audit Manager

Question 24

Downloading Compliance reports in AWS for Audits

Answer 24

AWS Artifact

Question 25

What are Cognito User Pools

Answer 25

directories of users that can sign in

Question 26

What are Cognito Identity Pools

Answer 26

give users access to certain AWS services

Question 27

Analyze Investigate and Determine Root Cause of potential security issue using Machine Learning and Graph Theory to Triage Security Findings & Threat Hunting

Answer 27

AWS Detective

Question 28

Deploying physical firewall protection across VPCs fully managed by AWS for IPS

Answer 28

AWS Network Firewall

Question 29

How to filter traffic before it get’s to your internet Gateway

Answer 29

Use AWS Network Firewall

Question 30

Single place to view all security alerts from Guard Duty, Inpector, and Macie and AWS Firewall Manager across multiple AWS Accounts

Answer 30

AWS Security Hub

Question 31

How to grant EC2 permission to an RDS database using an authentication token

Answer 31

IAM database authentication