Security

Question 1

AWS WAF

Answer 1

Web Application Firewall- gives you control over how traffic reaches your applications by enabling you to create security rules

Question 2

Amazon GuardDuty

Answer 2

threat detection service that continuously monitors for malicious activity and unauthorized behavior

Question 3

AWS CloudTrail

Answer 3

service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.

Question 4

Permitted security assessments

Answer 4

– Amazon EC2 instances, NAT Gateways, and Elastic Load Balancers

– Amazon RDS

– Amazon CloudFront

– Amazon Aurora

– Amazon API Gateways

– AWS Lambda and Lambda Edge functions

– Amazon Lightsail resources

– Amazon Elastic Beanstalk environments

Question 5

Prohibited Security assesments

Answer 5

– DNS zone walking via Amazon Route 53 Hosted Zones

– Denial of Service (DoS), Distributed Denial of Service (DDoS), Simulated DoS, Simulated DDoS

– Port flooding

– Protocol flooding

– Request flooding (login request flooding, API request flooding)

Question 6

Amazon Cognito Identity Pool

Answer 6

provides temporary AWS credentials for users who are guests (unauthenticated) and for users who have been authenticated and received a token.

Question 7

Amazon Cognito User Pool

Answer 7

a user pool is a user directory in Amazon Cognito.

Question 8

AWS Single Sign-On

Answer 8

this service lets you centrally manage SSO access to multiple AWS accounts.

Question 9

AWS Shield

Answer 9

this is simply a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS.

Question 10

AWS CloudHSM

Answer 10

is standards-compliant and enables you to export all of your keys to most other commercially available HSMs, subject to your configurations.