Security

Question 1

The _____ ______ ______ outlines your responsibilities vs. ____’s when it comes to security compliance

Answer 1

1. Shared Responsibility Model, AWS

Question 2

The ___-_____ ______ describes design principles and best practices for running workloads in the cloud. It has __ pillars you can lean on when you are designing Cloud Ecosystems

Answer 2

Well-Architected Framework, 6

Question 3

The 6 Pillars of a Well-Architected Framework:

Answer 3

1. Operational Excellence:
2. Security:
3. Reliability:
4. Performance Efficiency
5. Cost Optimization
6. Sustainability

Question 4

AWS is responsible for security __ the cloud.
You are responsible for security __ the cloud.

Answer 4

OF, IN

Question 5

AWS Global infrastructure elements include : _____, ___ ______, and ___s

Answer 5

Regions, Edge Locations, AZs

Question 6

AWS Software infrastructure includes: all ______ services like RDS, S3, ECS, Lambda, patching of the ____ OS (firmware updates, etc.), and data access ______.

Answer 6

managed, host, endpoints

Question 7

YOU are responsible for ___ the services are implemented and managing your _______ _____

Answer 7

HOW, APPLICATION DATA

Question 8

you are responsible for the _____ OS, which includes updates and security patches

Answer 8

Guest,

Question 9

You are responsible for your application code and ______ _______. You should frequently scan for and patch vulnerabilities in your code.

Answer 9

Installed Software:

Question 10

You are responsible for ______ traffic protection, which includes security group ______ configuration.

Answer 10

network, firewall

Question 11

2. Configuration Management:
   ____ configures infrastructure devices,
   ____ configure databases and applications

Answer 11

AWS, You

Question 12

______ ______ (pilar) Focuses on creating applications that effectively support production workloads.

Answer 12

1. Operational Excellence:

Question 13

________ Focuses on putting mechanisms in place that help protect your systems and data. Recommends using ______ , ______ and assigning only the _____ ______

Answer 13

2. Security:, automation, encryption, least privileges

Question 14

_______ Focuses on designing systems that work consistently and recover quickly

Answer 14

3. Reliability:

Question 15

______ ______ (pilar) Focuses on the effective use of computing resources to meet system and business requirements. Use _______ architectures first - leverage AWS services whenever possible, they are optimized for the cloud

Answer 15

4. Performance Efficiency, serverless

Question 16

_____ ______ (pilar) Focuses on delivering optimum and resilient solutions at the least cost to the user
- utilize ______-_______ pricing (whenever possible)

Answer 16

5. Cost Optimization, consumption-based

Question 17

_________ Focuses on environmental impacts, especially energy consumption and efficiency

Answer 17

6. Sustainability

Question 18

Use Cases - the 6 Pillars in the Real World:
____________
- you can use CloudTrail to log all of the actions in your AWS account

Answer 18

2. Security
   - you can use CloudTrail to log all of the actions in your AWS account

Question 19

Use Cases - the 6 Pillars in the Real World:
_________ _________
- you can use AWS ____ _____ for version control to enable tracking of code changes and to version-control ____________ templates, which define your infrastructure as code

Answer 19

1. Operational Excellence, Code Commit, CloudFormation

Question 20

Use Cases - the 6 Pillars in the Real World:
___________
- you can use ____ for databases for reliability, and multi-AZ deployments for enhanced availability. If one AZ fails, a backup ____ instance that can absorb the database traffic

Answer 20

3. Reliability, RDS, RDS

Question 21

Use Cases - the 6 Pillars in the Real World:
________ -________
- you can use AWS _______ to run code on demand (in response to events) with reduced administration

Answer 21

4. Performance Efficiency, Lambda

Question 22

Use Cases - the 6 Pillars in the Real World:
______ __________
- you can use S3 _______-_______, which automatically moves your data between access tiers based on your usage patterns

Answer 22

5. Cost Optimization, Intelligent-Tiering

Question 23

Use Cases - the 6 Pillars in the Real World:
____________
- you can use EC2 ____ ______ to ensure you are maximizing utilizaion (and scale in, when demand is low)

Answer 23

6. Sustainability, Auto Scaling

Question 24

________ defines WHO can access your resources
- root user, individual users, groups, roles

Answer 24

1. Identities

Question 25

________ defines WHAT resources they can access

Answer 25

2. Access

Question 26

_____________
- is where you present your identity (username) and provide verification (password)

Answer 26

1. Authentication

Question 27

___________
- determines which services and resources the authenticated identity has access to
- permissions are typically granted through a policy - code

Answer 27

2. Authorization

Question 28

______
Are entities you create in IAM to represent the person or application needing to access your AWS resources

Answer 28

Users:

Question 29

________ ______
- you create them through IAM and are used for everyday tasks
- have no permissions by default, you need to assign them

Answer 29

Individual Users

Question 30

_________ can be users - create a user in IAM and generate access keys for an ______ running on-premises that needs access to your cloud resources

Answer 30

• applications, application

Question 31

________
A collection of IAM users. User ______ enable you to specify permissions for all users within that _____.

Answer 31

Groups: Groups, group.

Question 32

You assign users to ______, and then assign the appropriate permissions to the _____.

Answer 32

groups, group

Question 33

______ lets you apply the same access controls to a large set of users
- if you want to remove the privileges for a user, you just need to remove them from the _____

Answer 33

Groups, group

Question 34

IAM groups are not the same and EC2 security groups - EC2 security groups act as ______ , while IAM groups are a ________ of _____

Answer 34

Firewall, collection, users

Question 35

_____ and ______ _______
Allows you to control access to your AWS services and resources, and provides a downloadable report that lists all the users in your account and their credential status.

Answer 35

Identity and Access Management

Question 36

____ define access permissions and are temporarily assumed by an IAM user or service. they are assigned to users or groups

Answer 36

Roles

Question 37

_____ are assumed by any user or service that needs it, and helps you avoid sharing long-term credentials like access keys and protect your instances from unauthorized access.

Answer 37

Roles

Question 38

you can grant users in one AWS account access to resources in another AWS account using _____

Answer 38

Roles