Security Flashcards
What does the AD Connector require, and what does it Provide
Requires an existing AD server
Provides access to AWS assets via AD
How can AD Connector support MFA
Using a RADIUS based MFA server
What AD features does Simple AD support?
User Accounts, Groups, Group Policies, Domains, Kerberos SSO
Does Simple AD support MFA? Does it support Trust Relationships?
No to both
NACL & SG: Which is Stateful and Stateless
NACL is Stateless
SG is Stateful
What’s the difference between a Stateful and Stateless Firewall?
Stateful remembers connections, Stateless doesn’t.
Do NACL’s and SG’s support outbound rules?
NACL’s do
SG’s don’t
What are Ephemeral Ports and what is their port range?
Ports that are open one at a time for unique visitor requests. Port range is 1024 – 65535
Describe CloudHSM
Physical client-provided encryption encryption key device for generating RSA and AES signatures. Required to pass FIPS 140-2 Level 3 compliance.
Describe AWS KMS
Tool for Creating, Storing, Managing, and Auditing encryption keys within AWS.
What’s the difference between CloudWatch and CloudTrail
CloudWatch tracks resource usage (like Zabbix). CloudTrail tracks API calls made within AWS.