Security Flashcards
What is Salting?
Appending or prepending a random value to a piece of data before hashing it.
What are rainbow table attacks?
They use pregenerated hashes of commonly used passwords.
What kind of KMS keys do AWS integrated services use?
symmetric keys. You don’t have access to the key.
Can you automatically rotate secrets in Secrets Manager?
Yes
Can secrets in Secrets Manager be replicated?
Yes from region to region. Good for BC / DR
Can AWS WAF be added to an NLB?
No. Only and ALB
What is the most secure and scalable way to expose a service to 1000s of VPCs
AWS Private Link
What are the requirements for Private Link?
A network load balancer (service VPC) and ENI (Customer VPC)
How do you bypass TTL in CloudFront?
CloudFront Invalidation
CloudWatchMetrics belong to?
NameSpaces
What is a CloudWatch Dimension?
An attribute of a metric
Can you send cloudwatch logs to Kinesis Data streams / firehose?
Yes. You can also filter them using a metric filter. This will allow you to send the metrics to third parties.
Where do you query CloudWatch Logs natively?
CloudWatch Logs Insight
What is a CloudWatch Logs Subscription?
It allows you to get a real-time stream of log events for processing and analysis.
How could you aggregate cloudwatch logs from multiple accounts?
Have them all send to a single kinesis data stream. You can filter them using a subscription filter. Kinesis data firehose would store the result in S3
What does CloudTrail insights do?
It detects unusual activity in your account. Service limits, IAM action bursts, etc..
How long are events in Cloudtrail stored by default?
90 days
What is CloudTrail lake?
It is a managed data lake for cloudTrail events. Events are converted to ORC format.
How do you Query CloudTrail Lake?
Using SQL and you can visualize events in the dashboard.
How are custom AWS Config rules created?
AWS Lambda
Can you automate remediation of AWS Config violations?
Yes, using SSM Documents.
What is SageMaker?
It is a fully managed service to build ML models.
What is the SageMaker feature store?
It allows you to import your data and organize it.
What Modes does SageMaker Feature Store support?
Streaming or Batch (S3, Athena, Etc..).
What does SageMaker ML Lineage Tracking do?
It keeps a running history of your models for tracking and audit compliance.
What is SageMaker Data Wrangler?
It is a built-in ETL pipeline for SageMaker. Tailored for ML projects.
What is AWS CLoud9
It is a cloud-based integrated development environment, IDE. Works from your browser.
What is the AWS Cloud Development Kit CDK?
It allows you to define your cloud infrastructure using a familiar language. .NEt , JavaScript, etc..
What should you use if you want an alarm sent when costs exceed the budget allocated?
You would use AWS Budgets
Can API Gateway connect to Kinesis Data Streams?
Yes
What are the three API Gateway endpoints
Edge-Optimized
Regional - All in the same region.
Private - VPC access only
Does API Gateway support cognito?
Yes
In SQS, does the visibility timeout remove the message from the queue?
No
Should you ever use Data Wrangler with PII
NO. Use Glue instead
Can Redshift UNLOAD data to S3 Glacier Instant Retrieval?
No
Can you use IAM database authentication with MS SQL
No.
What does a high iterator age mean in Kinesis?
That the last record in the stream is aging which means data is not processed fast enough.
How many lambda functions are executed per shard in Kinesis?
one per shard
What does the parallelization factor do in Kinesis
a feature that allows you to process one shard of a Kinesis or DynamoDB data stream with more than one Lambda invocation simultaneously.
