Security

Question 1

Security

What service provides visibility into user & resource activity and helps you enable operational and risk auditing, governance, and compliance of your AWS account

Answer 1

CloudTrail

Question 2

Security

What 4 pieces of informaiton does CloudTrail record

Answer 2

User
Account
Source IP
Timestamp

Question 3

Security

What 2 use cases is CloudTrain good for

Answer 3

After-the-fact incident investigation
near real time intrusion detection

Question 4

Security

What service acts as “CCTV for your AWS account”

Answer 4

CloudTrail

Question 5

Security

What service provides free DDOS protection against layer 3 & 4 attacks

Answer 5

Shield

Question 6

Security

What service provides protection against http/https (layer 7) attacks

Answer 6

AWS WAF

Question 7

Security

AWS WAF has 3 opperating modes

what are they?

Answer 7

(1) Allow all but …
(2) Deny all but …
(3) Count all that match …

Question 8

Security

What service provides threat detection using AI to determine a baseline for your account

Answer 8

Guard Duty

Question 9

Security

AWS Guard Duty monitors 3 things

What are they?

Answer 9

CloudTrail Logs
VPC Flow Logs
DNS Logs

Question 10

Security

Service that provides a single-pane-of-glass for all firewall rules accross accounts

Answer 10

Firewall Manager

Question 11

Security

Service that searches for PII within your S3 buckets

Answer 11

Macie

Question 12

Security

Automated security assesment service providing continuous scanning of either network’s (VPC’s) or hosts (EC2’s)

Answer 12

Amazon Inspector

Question 13

Security

When would you choose to use Parameter Store over secrets manager

Answer 13

Its free
Dont need key rotation

Question 14

Security

When would you choose to use Secrets Manager over Parameter Store

Answer 14

You need key rotation
You need PW Generation from cloudformation
You have more than 10k secrets

Question 15

Security

How can you allow access to single files within a S3 bucket securely

Answer 15

Use a presigned URL

Question 16

Security

How can you allow access to a group of files within a S3 bucket securely

Answer 16

Use cookies

Question 17

Security

What is the term given to the unique identifier for an AWS resource

Answer 17

ARN

Question 18

Security

What service can you use to create, manage and deploy & automatically renew your SSL certs

Answer 18

Certificate Manager

Question 19

Security

Certificate Manager supports SSL certs for 3 AWS services

what are they

Answer 19

ELB
CloudFront
API Gateway

Question 20

Security

What service allows you to Continually audit your AWS usage to simplify risk and compliance assessment and map your compliance requirements to AWS usage data with prebuilt and custom frameworks and automated evidence collection.

Answer 20

AWS Audit Manager

Question 21

Security

What service is a source of all your compliance reports

iso, pci….

Answer 21

AWS Artifact

Question 22

Security

What service provides Authentication and Authorization

like Okta

Answer 22

Amazon Cognito

Question 23

Security

What service is great for root-cause analysis of security events & for linking interactions between users and resources

Answer 23

Amazon Detective

Question 24

Security

What service provides a physical firewall to filter traffic before it gets to your VPC

Answer 24

AWS Network Firewall

Question 25

Security

What service acts as a single-pane-of-glass to view all your security alerts accross multiple accounts and services

Answer 25

AWS Security Hub

Question 26

Security

Service to automate the detection of fraud using machine learning and artificial intelligence

Answer 26

Fraud Detector