Security

Question 1

attack that attempts to make your website or application unavailable to your end users

Answer 1

DDoS Attack

Question 2

DDoS attack that is referred to as a SYN flood. Works on the transport layer (TCP)

Answer 2

Layer 4 DDoS Attack

Question 3

Reflection attacks include things such as NTP, SSDP, DNS, CharGEN, and SNMP attacks

Answer 3

Amplification Attack

Question 4

Occurs where a web server receives a flood of GET or POST requests usually from a botnet or large number of compromised computers

Answer 4

Layer 7 attack

Question 5

Enable operational and risk auditing, governance, and compliance of your AWS account. visibility into your user and resource activity

Answer 5

CloudTrail

Question 6

increases visibility into your user and resource activity by recording AWS actions and API calls

Answer 6

CloudTrail

Question 7

Service that provides two levels of protection against DDoS attacks(Layer 3 and 4): Standard and Advanced

Answer 7

AWS Shield

Question 8

Provides expanded DDoS attack protection for your Amazon EC2 instances, Elastic Load Balancing load balancers, Amazon CloudFront distributions, and Amazon Route 53 hosted zones

Answer 8

AWS Shield

Question 9

Service that lets you monitor HTTP and HTTP requests that are forwarded to CloudFront or a Load Balancer

Answer 9

AWS WAF

Question 10

Threat detection service that uses machine learning to continuously monitor for malicious behavior

Answer 10

Amazon GuardDuty

Question 11

service automatically applies your WAF rules across your accounts and resources, even as you add new resources.

Answer 11

Firewall Manager

Question 12

Service that uses machine learning and pattern watching to discover sensitive (PII, PHI, financial data) data stored in S3. Used for HIPAA and GDPR compliance

Answer 12

Macie

Question 13

automatically assesses applications for vulnerabilities or deviations from best practices. Used to perform vulnerability scans on both EC2 instances and VPC

Answer 13

Amazon Inspector

Question 14

Detailed list of security findings prioritized by level of severity in Inspector

Answer 14

Assessment Findings

Question 15

Analysis to check for ports reachable from outside the VPC

Answer 15

Network Assessments

Question 16

Is an inspector agent required for Network Assessments?

Answer 16

No

Question 17

Vulnerable software (CVE) host hardening (CIS Benchmarks), and security best practices

Answer 17

Host Assessments

Question 18

Is an inspector agent required for Host Assessments

Answer 18

Yes

Question 19

managed service that makes it easy for you to create and control the encryption keys used to encrypt your data

Answer 19

Key Management Service

Question 20

Provides you with centralized control of the lifecycle and permissions of your keys

Answer 20

KMS

Question 21

Key that is a logical representation of a master key. Includes metadata such as the key id creation date, description, and key state.

Answer 21

Customer master key (CMK)

Question 22

Is a physical computing device that safeguards and manages digital keys and performs encryption and decryption functions

Answer 22

Hardware security model (HSM)

Question 23

Primary way to manage access to your AWS KMS CMK is with

Answer 23

Policies

Question 24

policies attached to resources

Answer 24

resource-based policies

Question 25

Easily general and use your own encryption keys on the AWS Cloud

Answer 25

CloudHSM

Question 26

Dedicated HSM to you with full control of the underlying hardware

Answer 26

CloudHSM

Question 27

Service that securely stores, encrypts, and rotates your database credentials and other secrets

Answer 27

Secrets Manager

Question 28

Capability of AWS Systems manager that provides secure, hierarchical storage for configuration data management and secrets management

Answer 28

Parameter Store

Question 29

Used if you need more than 10,000 parameters, key rotation, or the ability to generate passwords using CloudFormation

Answer 29

Secrets Manager

Question 30

Web Address using an object owners own security credentials to grant time-limited permission to download objects from S3

Answer 30

Presigned URL

Question 31

Provide access to multiple restricted files

Answer 31

Presigned Cookies

Question 32

Service allows you to create manage and deploy public and private SSL certificates for use with other AWS services

Answer 32

Certificate Manager

Question 33

Does Certificate manager allow you to not pay for SSL certificates?

Answer 33

Yes

Question 34

Can Certificate manager automate the renewal of you SSL

Answer 34

Yes

Question 35

Service that you can continually audit your AWS usage to make sure you stay compliant

Answer 35

Audit Manager

Question 36

Automated service that produces reports specific to auditors for compliance

Answer 36

Audit Manager

Question 37

Source to get compliance-related information that matters to you. Used to download compliance reports for audits

Answer 37

AWS Artifact

Question 38

Provides authentication, authorization, and user management for your web and mobile apps in a single service

Answer 38

Cognito

Question 39

two main components of Cognito are

Answer 39

User pools and identity pools

Question 40

Directories of users that provide sign-up and sign-in options for your application users

Answer 40

User pools

Question 41

Allows you to give you users access to other AWS services

Answer 41

Identity pools

Question 42

Service to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activites

Answer 42

Detective

Question 43

Pulls data from your AWS resources and used machine learning, statistical analysis, and graph theory to build a linked set of data that enables you to quickly figure out the root cause of your security issues

Answer 43

Detective

Question 44

Used to deploy physical firewall protection across your VPCS. (Physical firewall that is managed by AWS)

Answer 44

Network Firewall

Question 45

Service that provides an intrusion prevention system (IPS)

Answer 45

Network Firewall

Question 46

Service that filters your network traffic before it reaches your internet gateway

Answer 46

Network Firewall