Security Flashcards

1
Q

Coupling

A

Coupling defines the interdependencies or connections between components of systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Loose coupling

A

Loose coupling helps reduce the risk of cascading failures between components

Loose coupling components are connected but not dependent on one another

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Tight Coupling

A

Components are highly dependent on each other

If one fails they all fail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Queues

A

Queues are used to implement loosely coupled systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Simple Queue Service (SQS)

A

A message queueing service that allows you to build loosely coupled systems

Allows component to component communication using messages

Multiple components (or producers) can add messages to the queue

Messages are processed in an a synchronous manner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Simple Notification Service (SNS)

A

Send email and text messages

Publish messages to a topic

Subscribers receive messages

Allows sending of email and text from your apps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Simple Email Service

A

An email service that allows you to send richly formatted HTML emails from your app

Ideal choice for marketing campaigns or professional emails

Unlike SNS, SES sends HTML formatted emails

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Cloud Watch

A

A collection of services that help you monitor & observe your cloud resources

Collect metrics, logs, & events

Detect anomalies in your environment

Set alarms

Visualize logs

Can set high res alarms, monitor app logs, visualize time series data, and trigger an event based on a condition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Cloud Trail

A

Tracks user activity & API calls with in your account

Log and retain account activity

Track activity through the console, SDKs, and CLI

Identify which user made changes

Detect unusual activity in your account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Shared Responsibility Model

A

Outlines your responsibility vs. AWS’s when it comes to security and compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Well Architected Framework

A

Describes design principles & best practices for running workloads in the cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Identity & Access Management (IAM)

A

Control access to AWS services and resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Shield

A

Managed distributed denial of service (DDOS) protection service service

Always on detection

Shield standard is free - provides free protection against common & frequently occurring attacks

Shield advanced is paid - provides enhanced protections & 24/7 access to AWS experts

Shield DDOS Protection Supported by:
Cloud Front, Route 53, Elastic Load Balancing, & AWS Global Accelerator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Web Application Firewall

A

WAF helps protect your web apps against common web attacks

Protects against SQL injection

Protects against cross site scripting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Macie

A

Helps discover and protect sensitive data

Uses machine language

Evaluates S3 environment

Discovers PII

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Config

A

Allows assessment, auditing, & evaluation of config of resources

Track configuration changes over time

Delivers config history file to S3

Notifications via Simple Notification Service (SNS) of every configuration change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Guard Duty

A

Intelligent threat detection system that uncovers unauthorized behavior

Uses machine learning

Built in detection for EC2, S3, & IAM

Reviews cloud trail, Vpc flow logs & DNS logs

Great for detecting things like unusual API calls which are common techniques for attackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Inspector

A

Works with EC2 instances to uncover and report vulnerabilities

Agent installed on EC2 instance

Reports vulnerabilities found

Checks access from the internet, remote root login, vulnerable software versions, etc.

Helps identify unintended network access to an EC2 instance via reporting

19
Q

Artifact

A

Offers on demand access to AWS security & compliance reports

Central repository for compliance reports from 3rd party auditors

Service organization controls (SOC) reports

PCI Reports

Repository for security and compliance reports via self service portal

20
Q

Key Management Service (KMS)

A

Allows generation and storing of encryption keys

Key generator

Store and control keys

AWS manages encryption keys

Automatically enabled for certain services

Great for encrypting things like EBS storage volumes, can also specify a customer master key

21
Q

Cloud HSM

A

Hardware Security Module (HSM) used to generate encryption keys

Dedicated hardware for security

Generate & manage your own encryption keys

AWS does not have access to your keys

Great for meeting security and compliance requirements

22
Q

Secrets Manager

A

Allows management & retrieval of secrets (passwords and keys)

Like Last Pass

23
Q

AWS’s Responsibility in Shared Responsibility Model

A

Securing their Infrastructure

24
Q

Your Responsibility Shared in the Shared Responsibility Model

A

Security in the Cloud

25
Q

How to Report Abuse of AWS Resources

A

Contact AWS Trus & Safety Team using the report Amazon AWS abuse form or by contacting abuse@amazonaws.com

26
Q

5 Pillars: operational Excellence

A

Focused on creating apps support prod workload

Plan for & anticipate failure

Deploy smaller reversible changes

Script operations as code

Learn from failure and refine

27
Q

5 Pillars: Security

A

Focused on putting mechanisms in place to help protect your systems & data

Automate security tasks

Assign only the least privileges

Encrypt data in & @ rest

Track who did what & when

Ensure security @ all application layers

28
Q

5 Pillars: Reliability

A

Focused on designing systems that work consistently & recover quickly

Recover from failure automatically

Scale horizontally for resilience

Reduce idle resources

Manage change through automations

Test recovery procedures

29
Q

5 Pillars: Performance Efficiency

A

Focused on effective use of computing resources to meet system and business reps. while removing bottlenecks

Use serverless architecture first

Use multi-region deployments

Delegate tasks to a cloud vendor

Experiment with virtual resources

30
Q

5 Pillars: Cost Optimizations

A

Focused on optimum and resilient solutions at the least cost to the user

Utilize consumption based pricing

Implement cloud financial management

Measure overall efficiency

Pay only for your resources your app requires

31
Q

IAM Identities

A

Who can access your resources

Root user

Individual users

Groups

Roles

32
Q

IAM Access

A

What resources they can access

Policies

AWS Managed Policies

Customer Managed Policies

Permissions Boundaries

33
Q

IAM Authentication

A

Authentication is where you present your identity (username) and provide verification (password) who!

34
Q

IAM Authorization

A

Determines which services and resources the authenticated identity has access to. What!

35
Q

Users

A

Users are entities you create in IAM or represent the person or app needing to access your resources

Applications can be users (you generate access keys for them for apps running on prem that need access to your cloud resources)

You can generate access keys in IAM to access things like AWS CLI

36
Q

Principle of Least Privilege

A

Involves giving a user the minimum access required to get their job done

37
Q

Groups

A

A group is a collection of IAM users that helps you apply common access controls to all group members

38
Q

Policies

A

Manage permission s for IAM users, groups, & roles by creating a policy document in JSON format and attaching it

39
Q

IAM Best Practices

A

1 enable MFA for privileged users

2 implement strong password policies

3 create individual users instead of using root

4 use roles for Amazon EC2 Instances and apps that run on them

40
Q

IAM Credential Report

A

Lists all users in your account & the status of their various credentials

Lists all users and status of passwords, MFA Devices & access keys

Used for auditing and compliance

41
Q

Cognito

A

Helps control access to mobile & web apps

Provides authentication and authorization

Helps you manage users

Assists user sign up and sign in

Great for taking advantage of sign in w/ google, Facebook, options ,etc.

42
Q

Data in Flight

A

Data moving from one location to another

43
Q

Data at Rest

A

Data that is inactive or stored for later use