Security

Question 1

What is the Shared Responsibility Model?

Answer 1

AWS is responsible for “Security of Cloud” & you’re responsible for “Security in Cloud”

Question 2

What is the Customer’s Responsibility in the Cloud?

Answer 2

• Customer Data
• Platform, Applications, Identify & Access Management
• OS’s, Network, & Firewall Configurations
• Client-side Data Encryption
• Server-Side Encryption
• Networking Traffic Protection

Question 3

What is AWS’s Responsibility of the Cloud?

Answer 3

• Software
• Compute
• Storage
• Database
• Networking
• Hardware/AWS Global Infrastructure
• Regions
• Availability Zones
• Edge Locations

Question 4

What is AWS Identity & Access Management (IAM)?

Answer 4

Manage access to AWS services & resources securely & lets you configure access based on your company’s specific operation & security needs.

Question 5

What is an IAM User?

Answer 5

Identity you create in AWS that represents person or application that interacts with AWS services & resources.
- Consists of name & credentials.
- Default: has no permissions associated w/ it.

Question 6

What is an IAM Policy?

Answer 6

JSON Document that allows or denies permissions to AWS services & resources.

Question 7

What is an IAM Group?

Answer 7

Collection of IAM Users where all users in group have only the permissions of the policy of the IAM Group.

Question 8

What is an IAM Role?

Answer 8

Identity user can assume to gain temporary access to permissions.
- Must be granted permissions to switch to role.
- Abandons all previous permissions and has only new permissions.
- Ideal for user needs TEMPORARY access to services/resources, NOT LONG-TERM.

Question 9

What is Multi-factor Authentication (MFA)?

Answer 9

Requires user to give more than one form of verification to access account which provides extra layer of security to AWS account.

Question 10

What is an AWS Organization?

Answer 10

Consolidates & manages multiple AWS accounts w/in a central location.

Question 11

What is an AWS Organizational Unit?

Answer 11

Grouping of AWS accounts to make it easier to manage accounts w/ similar business or security requirements.
- When you apply a policy to an OU, all the accounts in the OU automatically inherit the permissions specified in the policy.

Question 12

What is AWS Artificat?

Answer 12

Provides on-demand access to AWS security & compliance reports & select online agreements.
Consists of two main sections:
- AWS Artifact Agreements
- AWS Artifact Reports

Question 13

What are AWS Artifact Agreements?

Answer 13

You can review, accept, & manage agreements for an individual account & for all your accounts in AWS Organizations.

Question 14

What are AWS Artifact Reports?

Answer 14

Provide compliance reports from 3-party auditors who have tested & verified that AWS is compliant w/ variety of global, regional, & industry specific security standards & regulations & always stay up to date.

Question 15

What is the Customer Compliance Center?

Answer 15

Group of resources that helps you more a/b AWS compliance.
- Can help you w/ compliance questions & auditing security checklist.
- Can see how other companies solved compliance problems.

Question 16

What is AWS Shield?

Answer 16

Protects applications from DDoS attacks.
Has two levels:
- Standard
- Advanced

Question 17

What is AWS Shield Standard?

Answer 17

Automatically protects all AWS customers for free from most common frequent DDoS attacks.

Question 18

What is AWS Shield Advanced?

Answer 18

Protects from sophisticated DDoS attacks & integrates w/ other services s/a:
- Amazon CloudFront
- Amazon Rout 53
- Elastic Load Balancing

Also you can integrate with AWS WAF to write complex rules to mitigate DDoS attacks.

Question 19

What is AWS Key Management Service (AWS KMS)?

Answer 19

Managed service that makes it easy to create & control encryption keys that are used to encrypt your data.

Question 20

What is AWS WAF (Web Application Firewall)?

Answer 20

Web Application Firewall that monitors network requests that come into your web applications.

Question 21

What is Amazon Inspector?

Answer 21

Helps improve security & compliance of applications by running automated security assessments that check for weaknesses & changes from security best practices & offers recommendations on how to fix them.

Question 22

What is Amazon GuardDuty?

Answer 22

Proved intelligent threat detection for AWS infrastructure & resources by identifying threats by always monitoring network activity & account behavior w/in AWS environment.

Question 23

What services does AWS Shield Advanced provide expanded DDoS protection for?

Answer 23

• Amazon Elastic Compute Cloud (EC2)
• Elastic Load Balancing (ELB)
• Amazon CloudFront
• Amazon Route 53
• AWS Global Accelerator

Question 24

What are key benefits of AWS Global Infrastructure?

Answer 24

• Security
• Availability
• Performance
• Global Footprint
• Scalability
• Flexibility

Question 25

Is AWS Identity & Access Management (AWS IAM) a global service?

Answer 25

Yes

Question 26

What is an IAM Policy?

Answer 26

Set of rules that define what actions user or system can/cannot do in cloud enviornment s/a which resources a person/application can access, what operations they can perform on those resources (s/a reading, writing, deleting).

A document defining what actions are allowed or denied

THEY ARE GLOBAL

Question 27

What is an IAM Role?

Answer 27

Set of permissions (policies) that can be temporarily assumed by user, application, or service to perform specific tasks.

A set of permissions that can be assumed

They are GLOBAL