Security Flashcards

1
Q

What is the AWS shared responsibility model

A

AWS controls security of the cloud and customers control security in the cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is AWS Identity and Access Management (IAM)

A

enables you to manage access to AWS services and resources securely.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the AWS account root user

A

It has complete access to all the AWS services and resources in the account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the best practices for using the Root User account

A

-Do not use the root user for everyday tasks
-use the root user to create your first IAM user and assign it permissions to create other users.
-continue to create other IAM users, and access those identities for performing regular tasks throughout AWS
-Only use the root user when you need to perform a limited number of tasks that are only available to the root user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is an IAM user

A

an identity that you create in AWS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the permissions associated by default when you create a new IAM user in AWS

A

no permissions associated with it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the best practice when creating IAM users in AWS

A

create individual IAM users for each person who needs to access AWS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is an IAM policy

A

a document that allows or denies permissions to AWS services and resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What do IAM policies enable you to do

A

customize users’ levels of access to resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the best practice when creating IAM policies

A

Follow the security principle of least privilege when granting permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is an IAM group

A

a collection of IAM users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What occurs when you assign an IAM Policy to an IAM Group

A

all users in the group are granted permissions specified by the policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are IAM roles

A

an identity that you can assume to gain temporary access to permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What occurs when a user assumes an IAM role

A

they abandon all previous permissions that they had under a previous role and assume the permissions of the new role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the best practice when creating IAM Roles

A

ideal for situations in which access to services or resources needs to be granted temporarily, instead of long-term

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does multi-factor authentication (MFA) in IAM provide

A

an extra layer of security for your AWS account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the best practice for using MFA

A

enable MFA for the root user and all IAM users in your account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is AWS Organizations

A

consolidate and manage multiple AWS accounts within a central location

19
Q

What are service control policies (SCPs)

A

enable you to place restrictions on the AWS services, resources, and individual API actions that users and roles in each account can access.

20
Q

What are Organizational units in AWS

A

accounts with similar business or security requirements

21
Q

What happens whe you apply a policy to an OU

A

all the accounts in the OU automatically inherit the permissions specified in the policy

22
Q

Which identities and resources can SCPs be applied to

A

-An individual member account
-An Organizational Unit (OU)

23
Q

What is AWS Artifact

A

a service that provides on-demand access to AWS security and compliance reports and select online agreements

24
Q

AWS Artifact consists of 2 main sections

A

-AWS Artifact Agreement
-AWS Artifact Reports

25
Q

What are AWS Artifact Agreements

A

review, accept, and manage agreements for an individual account and for all your accounts in AWS Organizations. Different types of agreements are offered to address the needs of customers who are subject to specific regulations

26
Q

What are AWS Artifact Reports

A

provide compliance reports from third-party auditors. These auditors have tested and verified that AWS is compliant with a variety of global, regional, and industry-specific security standards and regulations.

27
Q

What is the Customer Compliance Center

A

contains resources to help you learn more about AWS compliance

28
Q

What is available in the Customer Compliance Center

A

-Read customer compliance stories

-access compliance whitepapers and documentation

-auditor learning path

29
Q

What is a Denial-of-service (DoS) attacks

A

a deliberate attempt to make a website or application unavailable to users

30
Q

What is a Distributed denial-of-service (DDoS) attacks

A

multiple sources are used to start an attack that aims to make a website or application unavailable

31
Q

What AWS service can you use to help minimize the effect of DoS and DDoS attacks

A

AWS Shield

32
Q

What is AWS Shield

A

a service that protects applications against DDoS attacks

33
Q

AWS Shield provides two levels of protection

A

-Standard
-Advanced

34
Q

What is AWS Shield Standard

A

automatically protects all AWS customers at no cost. It protects your AWS resources from the most common, frequently occurring types of DDoS attacks

35
Q

What is AWS Shield Advanced

A

a paid service that provides detailed attack diagnostics and the ability to detect and mitigate sophisticated DDoS attacks

36
Q

What are the advantages of using AWS Shield Advanced

A

-Integrates with other AWS services such as Amazon CloudFront, Amazon Route 53, and Elastic Load Balancing

-can integrate AWS Shield with AWS WAF by writing custom rules to mitigate complex DDoS attacks

37
Q

What is AWS Key Management Service (AWS KMS)

A

enables you to perform encryption operations through the use of cryptographic keys

38
Q

What is a cryptographic key

A

a random string of digits used for locking (encrypting) and unlocking (decrypting) data

39
Q

What is AWS WAF

A

a web application firewall that lets you monitor network requests that come into your web applications

40
Q

What does AWS WAF use to protect from network attacks

A

web access control list (ACL)

41
Q

What is Amazon Inspector

A

a service that checks applications for security vulnerabilities and deviations from security best practices

42
Q

What is Amazon GuardDuty

A

a service that provides intelligent threat detection for your AWS infrastructure and resources

43
Q

How does Amazon GuardDuty work

A

Identifies threats by continuously monitoring the network activity and account behavior within your AWS environment

44
Q

What can you configure to automatically take remediation steps in response to GuardDuty’s security findings

A

AWS Lambda functions