Security

Question 1

Who is responsible for security in AWS Cloud?

Answer 1

AWS and the user share responsibility (shared responsibility model)

Question 2

What is the customer’s responsibility for security?

Answer 2

Everything they put in the cloud, including patching software and setting permissions.

Question 3

What is AWS’ responsibility for security?

Answer 3

The security of the cloud itself.

Question 4

What service manages secure access to services and resources?

Answer 4

AWS Identity and Access Management (IAM)

Question 5

Where does the root user come from?

Answer 5

When you first create an AWS account, you begin with a root user identity. You should immediately create a new IAM user and then log in as that instead of as the root user. Root user account should NOT be used for everyday activities.

Question 6

How many IAM users should there be?

Answer 6

Each person who needs to access AWS should have an IAM identity with unique security credentials.

Question 7

How do you implement the principle of least privilege?

Answer 7

With an IAM policy, a document that allows or denies permissions for AWS services and resources.

Question 8

How do you assign an IAM policy to multiple users?

Answer 8

Create an IAM group and assign an IAM policy to that group.

Question 9

How do you assign temporary access?

Answer 9

Assign an IAM role to a user. A user can only have one IAM role at a time.

Question 10

Should you enable MFA for the root user and IAM users?

Answer 10

MFA is considered a best practice.

Question 11

How can you consolidate and manage multiple AWS accounts within a central location?

Answer 11

AWS Organizations, which also lets you consolidate billing.

Question 12

How does AWS Organizations assign permission to Organizational Units (OUs)?

Answer 12

Through service control policies (SCPs), which can be assigned to the root, individual member accounts, or to OUs

Question 13

How can I get on-demand access to AWS security and compliance reports and select online agreements?

Answer 13

AWS Artifact, which has two parts - AWS Artifact Agreements and AWS Artifact Reports

Question 14

As a customer, how can I learn about solutions to compliance, governance, and audit challenges with AWS Cloud?

Answer 14

The Customer Compliance Center

Question 15

What is a DoS attack?

Answer 15

A deliberate attempt to make a website or app unavailable to users. A DDoS is a DISTRIBUTED DoS attack, meaning multiple sources are overloading your services.

Question 16

How can you defend your AWS resources from a DoS attack?

Answer 16

AWS Shield. Standard is free and mitigates the most common, frequently occurring DDoS attacks. Advanced is a paid service that provides detailed diagnostics and the ability to mitigate sophisticated DDoS attacks.

Question 17

Can AWS Shield integrate with other services?

Answer 17

AWS Shield Advanced can integrate with CloudFront, Route 53, Elastic Load Balancing. and Amazon Web Application Firewall (WAF)

Question 18

What service lets me manage cryptographic keys?

Answer 18

AWS Key Management Service (KMS) can help you create and manage keys.

Question 19

What does Amazon Web Application Firewall (WAF) do?

Answer 19

Configure a web access control list (ACL) to prevent requests from IP addresses that generate malicious requests.

Question 20

Is there a way to perform automated security assessments and get a list of findings?

Answer 20

That’s what Amazon Inspector does.

Question 21

I set up Amazon GuardDurty for my AWS account. I can read the findings in AWS Management Console. Can i automatically take action?

Answer 21

You can configure AWS Lambda to take remediation steps automatically.