Security Flashcards
What is Cloud Trail?
A service that logs all API calls made your AWS account and stores these in logs in S3.
It monitors whats going on via API or console.
What is AWS Shield?
Free DDOS Protection
Protects agains layer 3 and 4 attacks
What does AWS Shield Advanced give you?
A 24/7 DDoS Response team at $3,000 a month
What is AWS WAF?
Web Application Firewall
Lets you monitor the HTTP and HTTPS requests to your application.
What layer does WAF work on?
Layer 7
What is AWS Guard Duty?
GuardDuty is a threat detection service that uses machine learning to continuously monitor for malicious behavior.
What is AWS Macie?
A service that uses machine learning to find PII information in S3
What is AWS Inspector?
Automated security assessment service that helps improve the security and compliance of applications deployed on AWS
What is AWS Key Management Service? (AWS KMS?)
A managed service that makes it easy for you to create and control the encryption keys used to encrypt your data
What are the three ways to generate a CMK?
1) AWS Creates the CMK for you
2) You import key material from your own key management infrastructure and associate it with a CMK
3) Have the key material generated and used in an AWS CloudHSM cluster as part of the custom key store feature in AWK KMS
What is AWS Secrets Manager?
A service that securely stores, encrypts, and rotates your database credentials and other secrets.
What is AWS Parameter Store?
A free version of AWS Secrets manager but you don’t get auto key rotation and need to have 10,000 or less parameters
What is AWS Cognito?
Provides authentication, authorization, and user management for your web and mobile apps.
In general, what does a DDoS attack entail?
A large number of connections overwhelms your architecture. Your application is unable to answer the legitimate requests that are sent to it.
What is the best way to deliver content from an S3 bucket that only allows users to view content for a set period of time?
Create a presigned URL using S3.
You need a single source you can visit to get the compliance-related information that matters to you, such as AWS security and compliance reports or select online agreements. Which service should you use?
AWS Artifact
What does DDoS stand for?
Distributed Denial of Service
True or False? Amazon Inspector requires an agent for host assessment rules packages.
True
Which of the following is NOT a data source for GuardDuty?
A) RDS event history
B) VPC Flow Logs
C) CloudTrail logs
D) DNS query logs
A) RDS Event History
What is a good use case for AWS Audit Manager?
To automatically produce reports specific to auditors for PCI compliance, GDPR, and more.
What is the minimum length of time before you can schedule a KMS key to be deleted?
7 days
Which of the following best describes AWS Firewall Manager?
A) A managed service that makes it easy to deploy physical firewall protection across your VPCs via its managed infrastructure (e.g., a physical firewall that is managed by AWS).
B) A service that provides authentication, authorization, and user management for your web and mobile apps without the need for custom code.
C) A security management service that allows you to centrally configure and manage firewall rules across your accounts and applications.
D An automated service that produces reports specific to auditors for PCI compliance, GDPR, and more.
C) A security management service that allows you to centrally configure and manage firewall rules across your accounts and applications.
Which Layers does WAF provide protection on?
Layer 7
Which service provides authentication, authorization, and user management for your web and mobile apps without the need for custom code?
Amazon Cognito
