Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Certified cloud practicioner > Security and Compliance > Flashcards

Security and Compliance Flashcards

1
Q

What is AWS Shield Standard

A

Protects against DDOS attack for your website and apps for all customers at no additional costs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is AWS Shield Advanced

A

24/7 premium DDoS protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is AWS WAF

A

Filter specific requests based on rules

Protects your web apps from common web exploits (Layer 7)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When it comes to penetration Testing on your AWS Cloud what can you not do

A 
DNS zone walking via AWS Route 53 Hosted zones 
DOS , DDOS, attacks 
Port flooding 
Protocol flooding 
Request flooding
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What type of services can do pentests on

A 
EC2
RDS
CLoudFront
Aurora
API gateways
Lambda and edge
Lightsail
Elastic Beanstalk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does it mean when data is at rest

A

Data is stored or archived on a device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does it mean when data is in transit

A

data being moved from one location to another

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is AWS KMS

A

Key Management Service

AWS manages the encryption keys for us

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Cloud HSM

A

AWS provides encryption to us by a HSM - Hardware Security Module
You manage your own encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is AWS Certificate Manager (ACM)

A

Lets you easily provision, manage, and deploy SSL/TLS Certificates
Used to provide in-flight encryption for websites (HTTPS)
Supports both public and private TLS certificates
Free of charge for public TLS certificates
Automatic TLS certificate renewal
Intergrations with (Load TLS certificates on)
-Elastic Load balancers
CloudFront Distros
APIs on API Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Secrets Manager

A 
Meant for storing secrets
Force rotation of secrets every X days 
Automate generation of secrets on rotation (uses Lambda)
Intergration with Amazon RDS 
Secrets are encrypted using KMS
Mostly meant for RDS intergration
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is AWS Artifact

A

Portal that provides customers with on-demand access to AWS compliance documentation and AWS agreements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is AWS Gaurd Duty

A

Intelligent Threat discovery to protect AWS account
Uses Machine Learning algorithms, anomaly detection
30 day free trial

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the input data of AWS gaurd duty

A

CloudTrail Logs: unusual API calls, unauthorized deployments
VPC Flow Logs: unusual internal traffic, unusal IP address
DNS Logs: comprised EC2 instances sending encoded data within DNS queries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is AWS Inspector

A

Provides Automated Security Assessments for EC2 instances
Analyze the running OS against known vulnerabilities
Analyze against unintended network accessibility
AWS Inspector Agent must be installed on OS in EC2 instances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is AWS Config

A

Helps with auditing and recording compliance of your AWS resources
record config and changes over time

17
Q

What kind of questions can be solved with AWS Config

A

Is there unrestricted SSH access to my security group?
Do my buckets have any public access?
How has my ALB config changed over time

18
Q

What is AWS Macie

A

A fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS
Helps identify and alert you to sensitve data, such as personally identifiable info (PII)

19
Q

What is AWS Security Hub

A

Central security tool to manage security across several AWS accounts and automate security checks

20
Q

What is AWS Detective

A

analyze, investigates, and quickly identifies the root cause of security issues or sus activities from VPC Flow Logs, CloudTrail, GaurdDuty and create a unified view

21
Q

What is AWS Abuse

A

Report suspected AWS resources used for abusive or illegal purposes

22
Q

What things can only the root user do

A 
Change account settings 
Close Your AWS account 
Restore IAM user permissions
Change or cancel your AWS Support plan 
Register as a seller in the reserved instance Marketplace 
Config a S3 bucket to enable MFA

AWS Certified cloud practicioner (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions