Security

Question 1

What is a DDOS attack?

Answer 1

Distributed denial of service
Flooding your server with requests

Question 2

What is a Layer 4 DDOS attack, and what else is it known by?

Answer 2

• AKA “Syn Flood”.
• The attacker sends SyN packets and ignores the AYN-ACK.
• Makes the server hang
• This exhausts the supply of TCP connections.

Question 3

What is a common Layer 7 attack?

Answer 3

Floods, GET/POST requests

Question 4

What is CloudTrail for?

Answer 4

• Logging AWS API Calls.
• Every API call in AWS is logged.
  
  • User Activity

Question 5

What does CloudTrail Log?

Answer 5

• API Call metadata
• Identity of the API caller
• Time of call
• Source IP of the call
• Request
• Response

Question 6

What is AWS Shield?

Answer 6

Free DDOS protection

Layer 3 and 4 attacks

Question 7

What does AWS Shield Advanced give you? How much is it?

Answer 7

• Enhanced protection against more sophisticated attacks
• Real-time protection
• 24/7 access to a live DDOS response team
• Protect your bill against higher fees due to DDOS
• $3000/month

Question 8

What Protects against Layer 7 attacks?

What protects against Layer 3 and 4 attacks?

Answer 8

• Layer 7 - AWS WAF
• Layer 3 and 4 - AWS Shield/Shield Advanced

Question 9

What is AWS WAF?

Answer 9

• Web Application Firewall
• Protects against application layer 7 attacks
• Common attacks
  
  • HTTP/HTTPS
  • Cross-site scripting
  • SQL Injection

Question 10

What can you control for using WAF?

Answer 10

• IP addresses
• Query strings
• Country of origin
• Request headers
• Presence of SQL code (SQL injections)
• Presence of scripts (cross-site scripting)

Question 11

What is Guard Duty?

Answer 11

• Machine learning-based threat detection
• looks for things like known malicious IPs, port scanning, etc.

Question 12

How can you use AI and automation to protect your AWS account

Answer 12

Guard Duty -→ Lambda!

Question 13

What is AWS Macie for?

Answer 13

Automated monitoring S3 buckets for PII

Can send alerts

Question 14

What is AWS Inspector?

Answer 14

• Automated security assessment service
• Works with
  
  • Network
  • EC2’s
• think “vulnerability scans”

Question 15

What types of assessments does AWS Inspector do?

Answer 15

• Network Assessments
• Host Assessments (with an installed agent)

Question 16

What is KMS

Answer 16

Key management system

Managed service you use to generate keys.

Starts with the customer managed Key

Question 17

What is Secrets Manager? How is it accessed?

Answer 17

• Secures, encrypts, rotates database and other credentials
• Accessed programmatically rather than being hardcoded

Question 18

What happens when you enable rotation in secrets manager?

Answer 18

• The credential is immediately rotated. This could be a good scenario question

Question 19

What is Parameter Store

Answer 19

• Stores secret values inside systems manager.
  
  • Plain text or encrypted data.
• Free

Question 20

What are the limits in Parameter store?

Answer 20

• Limited to 10,000 values
• Does not rotate the keys
• Cannot generate keys using Cloud Manager

Question 21

How can you temporarily share S3 objects?

Answer 21

• Pre-signed URL
• Pre-signed cookie

Question 22

How can you share an S3 object in a shared bucket?

Answer 22

Pre-signed URL

Question 23

How can you grant access to multiple objects in a private bucket?

Answer 23

Pre-signed cookies

Question 24

What can you apply policies to?

Answer 24

• Identities (group, user)
• Resource

Question 25

If a privilege isn’t explicitly allowed in a policy …

Answer 25

Its implicitly denied.

Question 26

What are two common attacks you can protect against using AWS WAF

Answer 26

• Cross-site scripting
• SQL injection

Question 27

What AWS services allow you to import 3rd party certificates?

Answer 27

IAM Certificate Store

ACM (Aws Certificate Manager)

Question 28

AWS Shield protects your applications that use which AWS services?

Answer 28

• ELB
• Cloud Front
• Route 53
• EC2
• Global Accelerator