Security Advance

Question 1

What is Symmetric encryption

Answer 1

Encryption key is given to end user for decryption; same key is used for encryption and decryption

Question 2

What is Asymmetric encryption

Answer 2

Public key is used for encryption and private key is used for decryption.data is encrypted using private key and it can only be decrypted using private key by end user.no private key is exchanged in this scenario

Question 3

Which encryption is good for local file storage encryption

Answer 3

Symmetric encryption

Question 4

Which encryption is used for file transfer

Answer 4

Asymmetric encryption

Question 5

What is STS?

Answer 5

Security token service generate temporary credentials for assume role functionality

Question 6

Which is used to control who can assume the role

Answer 6

Trust policy

Question 7

Can external Identity like Facebook access aws STS?

Answer 7

Yes as long as it is allowed in Trust policy

Question 8

If you role switch between AWS accounts does it use AWS STS?

Answer 8

Yes

Question 9

Assume Role AWS STS?

Answer 9

Yes

Question 10

Cross accounts access using role use AWS STS?

Answer 10

Yes

Question 11

All identity federation access use AWS STS?

Answer 11

Yes

Question 12

Do we get new temp credentials when we use AWS STS?

Answer 12

Yes

Question 13

How to revoke temp credentials issued by AWS STS with out affecting other users?

Answer 13

Add AWS Revoke Older Session inline policy which will deny any sessions older than now

Question 14

What is Steganography?

Answer 14

Hiding information in image

Question 15

Does permission boundary affect identity permission?

Answer 15

Yes

Question 16

Does permission boundary affect resource policy permission?

Answer 16

No

Question 17

Does permission boundary allow any access?

Answer 17

No it define max permission and identity can have. It act like a wall

Question 18

What will happen to permissions which are out side of permissions boundary?

Answer 18

Permission which are outside of permissions boundary will have no effect

Question 19

What are the multiple ways we can provide cross account access to S3

Answer 19

Bucket Policy
Access control policy
Assume Role using AWS STS

Question 20

If a user upload object in S3 using bucket Policy or access controller list does bucket owner have access to the s3 object?

Answer 20

No

Question 21

If a user upload object in S3 using assume Role with AWS STS does bucket owner have access to the s3 object?

Answer 21

Yes

Question 22

When we use Canonical user id?

Answer 22

When we use legacy permissions model

Question 23

Can we create one access control list for all S3 object?

Answer 23

No we have to create separate ACL for every object; we can’t apply one ACL to multiple objects

Question 24

Can we use bucket policy to provide access to individual objects?

Answer 24

No bucket policy provide access only to buckets

Question 25

Can we use ACL to provide access to s3 objects and bucket level permissions?

Answer 25

Yes

Question 26

Can SAML 2.0 directly access AWS console & CLI?

Answer 26

No it indirectly use on premise id to access AWS console & CLI

Question 27

Which credentials can directly access AWS console & CLI?

Answer 27

Only aws credentials can do direct access with console & CLI

Question 28

All enterprise Identity provider is compatible with SAML 2.0

Answer 28

Yes

Question 29

If you need access with AWS do we need SAML 2.0 comparability?

Answer 29

Yes

Question 30

If you have more than 5000 users which Identity federation is required?

Answer 30

SAML 2.0

Question 31

If GOOGLE FACEBOOK OR TWITTER is not comparable with SAML 2.0 can we use it to access AWS?

Answer 31

No

Question 32

How SAML 2.0 compatible Identity federation access AWS

Answer 32

Using IAM ROLE & AWS temp credentials

Question 33

AWS temp credentials are valid upto how many hrs?

Answer 33

12 Hrs

Question 34

Which service replace SAML 2.0 implementation?

Answer 34

AWS SSO

Question 35

AWS SSO manages access to all AWS service and external application?

Answer 35

Yes

Question 36

Any non aws identity need to be SAML 2.0 comparable to access AWS?

Answer 36

Yes

Question 37

SAML based identify federation use aws STS?

Answer 37

Yes

Question 38

If identity federation user access AWS console it is authenticated by identity federation and temp credentials are provided by AWS SSO end point or SAML Endpoint

Answer 38

Yes

Question 39

If identity federation app access AWS api it is authenticated by identity federation and temp credentials are provided by AWS IAM end point

Answer 39

Yes

Question 40

SAML 2.0 is replaced with?

Answer 40

AWS SSO

Question 41

What is the legacy service Used to support identify federation ?

Answer 41

SAML 2.0

Question 42

What is the latest service Used to support identify federation ?

Answer 42

AWS SSO

Question 43

Microsoft ADFS support aws sso?

Answer 43

Yes

Question 44

AWS SSO is free service?

Answer 44

Yes

Question 45

Can we create AWS SSO access for applications?

Answer 45

Yes

Question 46

Cognito user pool is used for?

Answer 46

Authentication

Question 47

Cognito identity pool is Used for ?

Answer 47

Authorization

Question 48

AWS Cognito is Used for

Answer 48

Web and mobile apps

Question 49

What does Cognito user pool provide after successfull login?

Answer 49

JWT TOKEN

Question 50

Can we use JWT TOKEN to access AWS resources?

Answer 50

Not all resources

Question 51

What does cognito identify pool provide?

Answer 51

Temp AWS credentials to access AWS resources

Question 52

Who gets guest access in conito identity pool?

Answer 52

Unauthenticated identity

Question 53

Can we use identity federation like fb to login cognito user pool?

Answer 53

Yea

Question 54

API GATEWAY accepts JWT?

Answer 54

Yes

Question 55

Can we use fb login and get access to aws resources using cognito identity pool?

Answer 55

Yea

Question 56

Can we use cogito user pool to get access to aws resources ?

Answer 56

No user pool is used only for authentication and identity pool is used for authorization

Question 57

What does Identity pool provide?

Answer 57

Temp credentials to access AWS resources

Question 58

Can we use AWS sso for web identification federation?

Answer 58

No AWS cognito

Question 59

Can we use AWS cognito for workplace authentication?

Answer 59

No AWS sso

Question 60

SCP is used for?

Answer 60

Restricting AWS accounts

Question 61

Where we can attach SCP?

Answer 61

Root account, Organization Unit, or individual AWS accounts

Question 62

If SCP is attached to OU does it affect all of its members accounts?

Answer 62

Yes

Question 63

SCP restrict management account?

Answer 63

No

Question 64

Which service is used for account permission boundary?

Answer 64

Service control policy

Question 65

Can SCP restrict Root user?

Answer 65

Yes

Question 66

Can we use SCP to grant permissions?

Answer 66

No

Question 67

If you need access to a service it should be allowed in?

Answer 67

SCP & IAM