Security Flashcards

1
Q

What is the AWS Abuse team?

A

Team to be contacted when AWS resources are being used for abusive behavior.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the AWS Security team?

A

AWS team responsible for security of services offered by AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

IAM Group vs Security Group

A

IAM Group is a group of users with similar permissions.

Security Group is established on EC2 instance to control network traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a NACL or ACL?

A

Network Access Control List – optional layer of security for VPC that acts as a firewall on subnet level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are Route Tables?

A

A route table contains a set of rules, called routes, that are used to determine where network traffic is directed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What do Security Groups do?

A

Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the AWS Shared Responsibility Model?

A

A security model that defines what you (as an AWS account holder/user) and Amazon Web Services are responsible for when it comes to security and compliance.

AWS is responsible for security of the cloud, you are responsible for security in the cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What aspects of Security and Compliance is AWS responsible for in the Shared Responsibility Model?

A

Components from the host operating system and the virtualization layer down to the physical security of the facilities in which the service operates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What aspects of Security and Compliance are you responsible for in the Shared Responsibility Model?

A

Guest operating system (including updates and security patches), other associated application software, as well as the configuration of the AWS provided security group firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How would the Shared Responsibility Model apply to an EC2 instance?

A

AWS is responsible for:

  1. The setup and maintenance of the physical hardware located at each AWS data center
  2. The physical security of the data centers (locks, keys, security guards, etc.)
  3. The setup and maintenance of the host virtualization software

You are responsible for:

  1. Network level security (Security groups & NACL’s)
  2. OS patches and updates
  3. IAM user access management
  4. Client and Server side data encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the AWS services with built-in DDOS attack protection/mitigation?

A
  1. Cloudfront
  2. Route 53
  3. WAF (Web Application Firewall)
  4. Elastic Load Balancing
  5. Security groups & VPC’s
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What services are customers allowed to carry out security assessments/pen tests on with no prior approval required?

A
  1. Amazon EC2 instances, NAT gateways, and ELB’s
  2. RDS
  3. Cloudfront
  4. Aurora
  5. API gateways
  6. Lambda & Lambda edge functions
  7. Lightsail resources
  8. Elastic Beanstalk environments
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the currently prohibited security activities?

A
  1. DNS Zone walking via Route 53 hosted zones
  2. DOS, DDOS, simulated DOS, simulated DDOS
  3. Port flooding
  4. Protocol flooding
  5. Request flooding (login request flooding, API request flooding)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly