Security Flashcards

1
Q

What does IAM stand for?

A

Identity and Access Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the main function of IAM?

A

To securely control access to AWS services and resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the core components of IAM?

A

Users, Groups, Roles, and Policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an IAM user?

A

A person or application within your organization that needs access to AWS resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is an IAM group?

A

A collection of IAM users that makes it easier to manage permissions for multiple users at once.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is an IAM role?

A

Used to grant permissions to entities that you trust, like AWS services, applications, or other AWS accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an IAM policy?

A

A JSON document that defines permissions for an IAM entity (user, group, or role).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the two types of IAM policies?

A

Inline policies (attached directly to an entity) and managed policies (standalone policies that can be attached to multiple entities).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the key elements of an IAM policy statement?

A

Effect (Allow/Deny), Action (the specific actions allowed or denied), Resource (the resources the actions apply to), Condition (optional conditions for when the policy applies).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the purpose of IAM Access Analyzer?

A

To help you identify resources that are shared with external entities, aiding in implementing least privilege.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is an IAM Password Policy?

A

A set of rules that define password complexity requirements for IAM users (e.g., minimum length, required character types, password expiration).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why is it important to enforce a strong IAM Password Policy?

A

To improve the security of your AWS account and protect against unauthorized access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is KMS?

A

Key Management Service - a service for creating and managing encryption keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the two main types of KMS keys?

A

Symmetric and asymmetric.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a symmetric KMS key?

A

A single key used for both encryption and decryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is an asymmetric KMS key?

A

A key pair with a public key for encryption and a private key for decryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a KMS key policy?

A

A policy that defines who can manage and use the KMS key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is key rotation in KMS?

A

The process of generating a new cryptographic key and replacing the old one.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Why is key rotation important?

A

It helps to reduce the impact of a compromised key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the Principle of Least Privilege?

A

Granting only the permissions required to perform a task.

21
Q

What is data masking?

A

Obfuscating sensitive data, such as masking part of a credit card number.

22
Q

What is data anonymization?

A

Techniques to make it difficult to identify individuals from data.

23
Q

What is key salting?

A

Adding a random value to data before hashing to protect against rainbow table attacks.

24
Q

What is encryption in flight?

A

Encrypting data as it is transmitted over a network.

25
Q

What is encryption at rest?

A

Encrypting data while it is stored.

26
Q

What are some common encryption techniques used in AWS?

A

TLS/SSL, KMS, client-side encryption.

27
Q

What is a VPC?

A

Virtual Private Cloud - a logically isolated section of the AWS cloud.

28
Q

What are subnets?

A

Segments of a VPC that are specific to an Availability Zone.

29
Q

What is an Internet Gateway?

A

A component that allows resources in your VPC to connect to the internet.

30
Q

What is a NAT Gateway?

A

Allows instances in a private subnet to connect to the internet without exposing them to incoming traffic.

31
Q

What are Security Groups?

A

Act as a virtual firewall for your EC2 instances to control inbound and outbound traffic.

32
Q

What are Network ACLs?

A

Stateless rules that control traffic at the subnet level.

33
Q

What is VPC Peering?

A

Connecting two VPCs privately.

34
Q

What are VPC Endpoints?

A

Allowing private connections to AWS services within your VPC.

35
Q

What is DNS?

A

Domain Name System - translates domain names into IP addresses.

36
Q

What is Amazon Route 53?

A

A highly available and scalable DNS web service.

37
Q

What is Amazon CloudFront?

A

A content delivery network (CDN) that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds.

38
Q

What is Amazon CloudWatch?

A

A monitoring and observability service.

39
Q

What are CloudWatch metrics?

A

Variables that represent the performance of AWS resources.

40
Q

What are CloudWatch Logs?

A

Logs that capture events and information from various sources.

41
Q

What are CloudWatch Alarms?

A

Notifications triggered when a metric breaches a defined threshold.

42
Q

What is AWS CloudTrail?

A

A service that records AWS API calls for your account and delivers log files to you.

43
Q

What is AWS Macie?

A

A data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS.

44
Q

What is AWS Secrets Manager?

A

A service for securely storing and managing secrets, such as database credentials, API keys, and other sensitive information.

45
Q

What is AWS WAF (Web Application Firewall)?

A

A web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources.

46
Q

What is AWS Shield?

A

A managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS.

47
Q

What is AWS Config?

A

A service that enables you to assess, audit, and evaluate the configurations of your AWS resources.

48
Q

What is AWS CloudFormation?

A

A service that helps you model and set up your AWS resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS.

49
Q

What is AWS SSM Parameter Store?

A

A secure, hierarchical storage service for configuration data and secrets management.