Security

Question 1

Common DDoS Layer 4 attacks

Answer 1

SYN floods or NTP amplification attacks

Question 2

Common DDoS Layer 7 attacks

Answer 2

Floods of GET/POST requests

Question 3

What CloudTrail Allows

Answer 3

• After-the-fact incident investigation
• Near real-time intrusion detection
• Industry and regulatory compliance

Question 4

What is CloudTrail

Answer 4

It’s basically CCTV for your AWS account. It logs all API calls made to your AWS account and stores these logs in S3

Question 5

Against attacks in which layers does Shield protect from?

Answer 5

Shield protects against Layer 3 and Layer 4 attacks only.

Question 6

What’s Shield used for?

Answer 6

It’s used for DDoS mitigation or protection against Layer 3 and Layer 4 attacks

Question 7

Shield Advanced cost and advantages

Answer 7

Advanced costs $3.000 USD a month but will give you a dedicated 24/7 DDoS response team

Question 8

In which layer does WAF operate?

Answer 8

WAF operates at layer 7

Question 9

What kind of attacks can WAF block?

Answer 9

• Layer 7 DDoS attacks as well as things like SQL injections and cross-site scripting.
• If you need to block access to specific countries or IP addresses you can also achieve this using WAF

Question 10

Can I block access to specific countries or IP addresses using WAF?

Answer 10

Yes

Question 11

What does WAF allow?

Answer 11

• Allow all requests except the ones you specify
• Block all requests except the ones you specify
• Count the requests that match the properties you specify

Question 12

What is Amazon GuardDuty?

Answer 12

GuardDuty is a threat detection service that uses machine learning to continuously monitor for malicious behaviour.

Question 13

What does GuardDuty do?

Answer 13

• Updates a database of known malicious domains using external deeds from third parties.
• Monitors CloudTrail logs, VPC Flow Logs, and DNS logs.
• Findings appear in the GuardDuty dashboard. CloudWatch Events can be used to trigger a Lambda function to address a threat.

Question 14

What is Macie?

Answer 14

• Macie uses AI to analise data in S3 and helps identify PII, PHI and financial data.
• Great for HIPAA and GDPR compliance as well as preventing identity theft.
• Macie alerts can be sent to Amazon EventBridge and integrated with your event management systems.
• Automate remediation actions using other AWS services such as Step Functions.

Question 15

What is Inspector?

Answer 15

It’s used to perform vulnerability scans on both EC2 instances and VPCs: Host assessments and network assetstments. You can run these once or, alternatively, weekly.