Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AD > Security > Flashcards

Security Flashcards

Cognito, IAM ..

1
Q

How does Cognito use SAML 2.0 to support identity providers such as Google?

A

user clicks sign in
cognito sends a SAML request to Google
once authenticated
Google sends a SAML assertion back to Cognito which generates an ACCESS TOKEN for the user to access the app

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the recommended approach for user sign in and sign up for mobile apps which allow user with FB, Amazon or Google credentials

A

Cognito

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Identity pools

A

grant users TEMPORARY access to aws services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

User pools

A

are directories that provide sign up and sign in options for users apps

one example is user pools in Cognito allow mobile app users to sign up, sign in, and manage their profiles securely within the app.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the primary method for granting cross account access?

A

IAM Roles because you don’t need to share credentials user just assumes the role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does STS stand for and what is it used for

A

Secure Token Service

STS used when an app on an EC2 instance needs temporary access to resources in another AWS account, allowing it to request temporary security credentials for that access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which always wins deny or allow?

A

Deny, but permissions of role always overrule users permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the way to give access if app is running outside of AWS?

A

IAM roles with temporary security CREDENTIALS obtained through the AWS Security Token Service (STS).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Get Session Token?

A

An API that returns a set of temporary credentials (access key ID, secret access key and security token) for an AWS account or IAM user

Use if you want to use MFA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the most secure way to access AWS services?

A

IAM roles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How would you ensure containers could interact with dynamo db tables that are deployed in ECS?

A

Create an IAM role for ECS tasks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An app is making lots of calls to a dynamo db table.

Name 1 way you could minimise the read capacity being used by the queries?

A

Use global secondary indexes with projected attributes to help reduce the amount of read through put

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the ideal way to store database passwords?

A

Store them as secrets in Secrets Manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Your developing a mobile app.

Users will be authenticated by a third party (ie., Google) and would need TEMPORARY access to work with AWS resources

What action would you need to do this?

A

AssumeRoleWithWebIdentity

which returns a set of temporary security credentials for users who have been authenticated in an app with a WEB IDENTITY PROVIDER (ie., Google)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Give some examples of Web Identity Providers?

A

Google
Facebook

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

AD (21 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions