Security Flashcards

1
Q

CLI Access

Security

A

Access AWS services by command line

Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Use (3)

Security CLI Access

A
  • Automation
  • Running scripts
  • Direct resource access

Security CLI Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Access keys

Security

A

Key ID and Secret key pair created for CLI Access

Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

SDK

Security

A

Language specific APIs for application access

Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Systems supported (3)

Security SDK

A
  • Programming languages (like JS, Python, .Net)
  • Mobile SDKs
  • IoT SDKs

Security SDK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

CloudShell

Security

A

Browser based shell that includes preloaded tools

Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

File management

CloudShell

A

can upload, edit, and download files

CloudShell

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Default region

CloudShell

A

The current region you are browsing

CloudShell

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Shared Responsibility Model

Security

A

Both AWS and Customer have security and compliance responsibilities

Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Employees

AWS Responsibility

A

Access and training for Amazon employees

AWS Responsibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Physical

AWS Responsibility

A

data centers, hardware, and network

AWS Responsibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Updates

AWS Responsibility

A

patching of cloud infrastructure and services

AWS Responsibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Users (2)

Customer responsibility

A
  • Training
  • Least privilege access

Customer responsibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Data

Customer responsibility

A

security and encryption of data and code

Customer responsibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Configuration

Customer responsibility

A

OS, network, and firewall

Customer responsibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Updates

Customer responsibility

A

patching guest OS and custom applications

Customer responsibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Artifact

Compliance

A

self-service access to AWS agreements and compliance reports

Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

GuardDuty

Compliance

A

Monitors accounts and workloads for malicious activity

Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Cognito

Security

A

provides user sign-up, sign-in, and access control for custom applications

Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Federation

Security

A

can federate with social and enterprise identity providers

Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Network ACL

Security

A

Security controls at the subnet level in a VPC

Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Traffic control

Network ACL

A

May allow or deny traffic based on conditions

Network ACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Default ACL

Network ACL

A

Allow all traffic

Network ACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

VPN

Security

A

Encrypted tunnel over Internet into VPC

Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Endpoint options (2) | VPN
* Datacenter * individual clients | VPN
26
Service types | VPN
Site-to-site or client | VPN
27
Shield | Security
Managed detection and mitigation of DDoS attacks | Security
28
Macie | Security
Data leakage protection powered by ML | Security
29
Data protected | Macie
personal information and intellectual property | Macie
30
Anomaly detection | Macie
detects unusual activity | Macie
31
Inspector | Security
Scans EC2 Instances for security vulnerabilities | Security
32
Secrets Manager | Security
secure way to store credentials, API keys, tokens | Security
33
Services integrated (3) | Secrets Manager
* RDS * DynamoDB * Redshift | Secrets Manager
34
credential management feature | Secrets Manager
can auto-rotate credentials | Secrets Manager
35
authorization | Secrets Manager
provides fine-grained access controls to secrets | Secrets Manager
36
Access AWS services by command line | Security
CLI Access | Security
37
* Automation * Running scripts * Direct resource access | Security CLI Access
Use (3) | Security CLI Access
38
Key ID and Secret key pair created for CLI Access | Security
Access keys | Security
39
Language specific APIs for application access | Security
SDK | Security
40
* Programming languages (like JS, Python, .Net) * Mobile SDKs * IoT SDKs | Security SDK
Systems supported (3) | Security SDK
41
Browser based shell that includes preloaded tools | Security
CloudShell | Security
42
can upload, edit, and download files | CloudShell
File management | CloudShell
43
The current region you are browsing | CloudShell
Default region | CloudShell
44
Both AWS and Customer have security and compliance responsibilities | Security
Shared Responsibility Model | Security
45
Access and training for Amazon employees | AWS Responsibility
Employees | AWS Responsibility
46
data centers, hardware, and network | AWS Responsibility
Physical | AWS Responsibility
47
patching of cloud infrastructure and services | AWS Responsibility
Updates | AWS Responsibility
48
* Training * Least privilege access | Customer responsibility
Users (2) | Customer responsibility
49
security and encryption of data and code | Customer responsibility
Data | Customer responsibility
50
OS, network, and firewall | Customer responsibility
Configuration | Customer responsibility
51
patching guest OS and custom applications | Customer responsibility
Updates | Customer responsibility
52
self-service access to AWS agreements and compliance reports | Compliance
Artifact | Compliance
53
Monitors accounts and workloads for malicious activity | Compliance
GuardDuty | Compliance
54
provides user sign-up, sign-in, and access control for custom applications | Security
Cognito | Security
55
can federate with social and enterprise identity providers | Security
Federation | Security
56
Security controls at the subnet level in a VPC | Security
Network ACL | Security
57
May allow or deny traffic based on conditions | Network ACL
Traffic control | Network ACL
58
Allow all traffic | Network ACL
Default ACL | Network ACL
59
Encrypted tunnel over Internet into VPC | Security
VPN | Security
60
* Datacenter * individual clients | VPN
Endpoint options (2) | VPN
61
* Site-to-site * client | VPN
Service types (2) | VPN
62
Managed detection and mitigation of DDoS attacks | Security
Shield | Security
63
Data leakage protection powered by ML | Security
Macie | Security
64
personal information and intellectual property | Macie
Data protected | Macie
65
detects unusual activity | Macie
Anomaly detection | Macie
66
Scans EC2 Instances for security vulnerabilities | Security
Inspector | Security
67
secure way to store credentials, API keys, tokens | Security
Secrets Manager | Security
68
* RDS * DynamoDB * Redshift | Secrets Manager
Services integrated (3) | Secrets Manager
69
can auto-rotate credentials | Secrets Manager
credential management feature | Secrets Manager
70
provides fine-grained access controls to secrets | Secrets Manager
authorization | Secrets Manager