Security Flashcards
Who is responsible for security in AWS Cloud?
AWS and the user share responsibility (shared responsibility model)
What is the customer’s responsibility for security?
Everything they put in the cloud, including patching software and setting permissions.
What is AWS’ responsibility for security?
The security of the cloud itself.
What service manages secure access to services and resources?
AWS Identity and Access Management (IAM)
Where does the root user come from?
When you first create an AWS account, you begin with a root user identity. You should immediately create a new IAM user and then log in as that instead of as the root user. Root user account should NOT be used for everyday activities.
How many IAM users should there be?
Each person who needs to access AWS should have an IAM identity with unique security credentials.
How do you implement the principle of least privilege?
With an IAM policy, a document that allows or denies permissions for AWS services and resources.
How do you assign an IAM policy to multiple users?
Create an IAM group and assign an IAM policy to that group.
How do you assign temporary access?
Assign an IAM role to a user. A user can only have one IAM role at a time.
Should you enable MFA for the root user and IAM users?
MFA is considered a best practice.
How can you consolidate and manage multiple AWS accounts within a central location?
AWS Organizations, which also lets you consolidate billing.
How does AWS Organizations assign permission to Organizational Units (OUs)?
Through service control policies (SCPs), which can be assigned to the root, individual member accounts, or to OUs
How can I get on-demand access to AWS security and compliance reports and select online agreements?
AWS Artifact, which has two parts - AWS Artifact Agreements and AWS Artifact Reports
As a customer, how can I learn about solutions to compliance, governance, and audit challenges with AWS Cloud?
The Customer Compliance Center
What is a DoS attack?
A deliberate attempt to make a website or app unavailable to users. A DDoS is a DISTRIBUTED DoS attack, meaning multiple sources are overloading your services.
How can you defend your AWS resources from a DoS attack?
AWS Shield. Standard is free and mitigates the most common, frequently occurring DDoS attacks. Advanced is a paid service that provides detailed diagnostics and the ability to mitigate sophisticated DDoS attacks.
Can AWS Shield integrate with other services?
AWS Shield Advanced can integrate with CloudFront, Route 53, Elastic Load Balancing. and Amazon Web Application Firewall (WAF)
What service lets me manage cryptographic keys?
AWS Key Management Service (KMS) can help you create and manage keys.
What does Amazon Web Application Firewall (WAF) do?
Configure a web access control list (ACL) to prevent requests from IP addresses that generate malicious requests.
Is there a way to perform automated security assessments and get a list of findings?
That’s what Amazon Inspector does.
I set up Amazon GuardDurty for my AWS account. I can read the findings in AWS Management Console. Can i automatically take action?
You can configure AWS Lambda to take remediation steps automatically.