Security and Compliance

Question 1

What are AWS responsibilities in their shared responsibility model?

Answer 1

a. AWS global infrastructure
b. Building security
c. Networking components
d. Software

Question 2

What are customer responsibilities in the AWS shared responsibility model?

Answer 2

a. Application data
b. Security configuration
c. Patching
d. Responsible for the guest operating system, which includes updates and security patches
e. Identity and access management
f. Network traffic
g. Installed software

Question 3

Who do you contact to report abuse of AWS resources?

Answer 3

AWS Trust & Safety team

Question 4

What are the 5 pillars of the AWS Well-Architected Framework?

Answer 4

1. Operational excellence
2. Security
3. Reliability
   4 . Performance efficiency
4. Cost optimization

Question 5

What are permissions of a root user?

Answer 5

Can close your account, change email address, and modify your support plan

Question 6

What is an IAM policy?

Answer 6

Manages permissions of IAM users, groups and roles by creating a policy document in JSON format

Question 7

What is AWS WebApp Firewall (WAF)?

Answer 7

Helps protect your web apps against common web attacks such as cross-site scripting attacks and SQL injection

Question 8

What is AWS Shield?

Answer 8

i. Managed DDoS protection service
ii. Always-on detection
iii. The standard version of Shield is free. Provides free protection against common and frequently occurring attacks
iv. Shield Advanced is a premium service: Advanced provides enhanced protections and 24/7 access to AWS experts for free. Integrated with other services such as AWS CloudFront, Route 53, and ELB

Question 9

Which AWS services is supported by AWS Shield Advanced?

Answer 9

CloudFront, Route 53, Elastic Load Balancing, and AWS Global Accelerator

Question 10

What is AWS Macie?

Answer 10

Helps you discover and protect sensitive data.

i. Uses machine learning
ii. Evaluates S3 environments
iii. Uncovers personally identifiable information

Question 11

What is AWS Config?

Answer 11

Allows you to assess, audit, and evaluate the configurations of your resources.

a. Tracks config changes over time
b. Delivers config history file to S3
c. Notifications via SNS of every config change

Question 12

What is AWS GuardDuty?

Answer 12

a. Is an intelligent threat detection system that uncovers unauthorized behavior
b. Uses machine learning
c. Built in detection for EC2, S3, and IAM
d. Reviews CloudTrail, VPC flow logs, and DNS logs

Question 13

What is AWS Inspector?

Answer 13

a. Works with EC2 instances to uncover and report vulnerabilities. Only works with EC2 instances
b. Agent installed on EC2 instance
c. Reports vulnerabilities found
d. Checks access from the internet, remote root login, vulnerable and software version

Question 14

What is AWS Artifact?

Answer 14

a. Offers on-demand access to AWS security and compliance reports
b. Central repository for compliance reports from third party auditors
c. SOC2 reports and PCI reports
d. Lets you review, accept, and manage agreements with AWS

Question 15

What is AWS Keys Management Service (KMS)?

Answer 15

a. Allows you to generate, control, and store encryption keys
b. AWS manages encryption keys
c. Automatically enabled for certain services

Question 16

What is AWS CloudHSM (Hardware Security Module)?

Answer 16

a. Hardware security model used to generate encryption keys
b. Dedicated hardware for security
c. Generate and manage your own keys
d. AWS does not have access to customer’s keys

Question 17

What is AWS Secrets Manager?

Answer 17

a. Allows you to manage and retrieve secrets (passwords or keys)
b. Rotate, manage, and retrieve secretes like DB credentials, API keys, and passwords
c. Encrypt secrets at rest
d. Integrated with services like RDS, RedShift, and DocumentDB