Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cloud Practitioner > Security and Compliance > Flashcards

Security and Compliance Flashcards

1
Q

AWS Command Line Interface (CLI)

A

allows you to access resources in your AWS account through a terminal or command window. Access keys are needed when using the CLI and can be generated using IAM

USER>SSH Client on laptop>EC2 Instance
Uses private key users public key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

EC2 Groups Vs. IAM Groups

A

EC2 security groups act as firewalls

IAM groups are collections of users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Roles

A

Roles define access permissions and are temporarily assumed by an IAM user or service

  • You assume a role to perform a task in a single session
  • Access is assigned using policies

Roles help you avoid sharing long term credentials like access keys and protect your instances from unauthorized access

EC2 Instance> S3 Bucket Upload> S3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Policies

A

Manage permissions for IAM users, groups, and roles by creating a policy document in JSON format and attaching it.

User + POLICY + RDS
(JSON)

{
  "Version"....",
  "Statement":[
     {
        "Action":rds*,
        "Effect": "Allow",
        "Resource": [...]
      }
     ]
 }
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

IAM Credential Report

A

Lists all users in your account and the status of their various credentials

Lists all users and status of passwords, access keys and MFA devices

Used for auditing and compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Web Application Firewall (WAF)

A

Helps protect your web applications against common web attacks

  • Protects apps against common attack patterns
  • Protects against SQL injection
  • Protects against cross-site scripting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Shield

A

Managed Distributed Denial of Service (DDoS) protection service

  • Always-on detection
  • Shield standard is free
  • Shield Advanced is a paid service
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Shield Standard Vs. Shield Advanced

A

Standard- Provides free protection against common and frequently occurring attacks

Advanced- Provides enhanced protections and 24/7 access to AWS experts for a fee

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Shield Advanced is supported on several services

A
  • CloudFront
  • Route 53
  • Elastic Load Balancing
  • AWS Global Accelerator
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Macie

A

Helps your discover and protect sensitive data

  • Uses machine learning
  • Evaluates S3 environment
  • Uncovers personally identifiable information (PII)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

config

A

Allows you to assess, audit, and evaluate the configurations of your resources

  • Track configuration changes over time
  • Delivers configuration history file to S3
  • Notifications via Simple Notification Service (SNS) of every configuration change
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

GuardDuty

A

Is an intelligent threat detection system that uncovers unauthorized behavior

  • Uses machine learning
  • Built-in detection for EC2, S3, and IAM
  • Reviews CloudTrail, VPC Flow Logs, and DNS logs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Inspector

A

Works with EC2 instances to uncover and report vulnerabilities

  • Agent installed on EC2 Instance
  • Reports vulnerabilities found
  • Checks access from the internet, remote root login, vulnerable software versions, etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Artifact

A

Offers on-demand access to AWS security and compliance reports

  • Central repository for compliance reports from third-party auditors
  • Service Organization Controls (SOC) reports
  • Payment Card Industry (PCI) reports
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Cognito

A

Help you control access to mobile and web applications

  • Provides authentication and authorization
  • Help you mange users
  • Assists with user sign-up and sign-in
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Key Management Service (KMS)

A

Allows your to generate and store encryption keys

  • Key generator
  • Store and control keys
  • AWS manages encryption keys
  • Automatically enabled for certain services (CloudTrail Logs, S3 Glacier, Storage Gateway)
17
Q

CloudHSM

A

Hardware security module (HSM) used to generate encryption keys

  • Dedicated hardware for security
  • Generate and manage your own encryption keys
  • AWS does not have access to your keys
18
Q

Secrets Manager

A

Allows you to manage and retrieve secrets (passwords or keys)

  • Rotate, manage, and retrieve secrets
  • Encrypt secrets at rest (use encryption keys that you own then stored in KMS)
  • Integrates with services like RDS, Redshift, and DocumentDB
19
Q

Which service protects your web application from cross-site scripting attacks?

Amazon Inspector

AWS Shield

Amazon Macie

AWS Web Application Firewall (WAF)

A

AWS Web Application Firewall (WAF)

WAF helps protect your web applications from common web attacks, like SQL injection or cross-site scripting.

20
Q

Which of the following are considered IAM best practices?

Choose 2

Use access keys to manage EC2 applications.

Enable multi-factor authentication (MFA) for administrative accounts as well as the root user.

Use the root account for daily administrative tasks.

Implement strong password policies.

A

Enable multi-factor authentication (MFA) for administrative accounts as well as the root user.

Implement strong password policies.

21
Q

Which service has a feature that can assist with compliance and auditing by offering a downloadable report that provides the status of passwords and MFA devices in your account?

AWS Secrets Manager

AWS Artifact

AWS Systems Manager

AWS Identity and Access Management (IAM)

AWS Trusted Advisor

A

AWS Identity and Access Management (IAM)

IAM provides a downloadable credential report that lists all users in your account and the status of their various credentials, including passwords, access keys, and MFA devices.

22
Q

What is the role of CloudHSM?

It will allow all users to view and access encryption keys.

Its role is to easily create and use your own encryption keys.

It is software used for encryption key management.

Its role is to manage and retrieve passwords or keys.

A

Its role is to easily create and use your own encryption keys.

AWS CloudHSM enables you to easily create and use your own encryption keys on the AWS Cloud.

23
Q

In the AWS shared responsibility model, what is AWS not responsible for?

Choose 3

Setting permissions for objects stored in Amazon S3

Amazon Relational Database Service (RDS) database backups

Decommissioning storage devices that have reached the end of life

Amazon Elastic Block Store (EBS) snapshots

Backup power generators

AWS Lambda language versions

A

Setting permissions for objects stored in Amazon S3

Amazon Relational Database Service (RDS) database backups

Amazon Elastic Block Store (EBS) snapshots

24
Q

Which service can integrate with a Lambda function to automatically take remediation steps when it uncovers suspicious network activity when monitoring logs in your AWS account?

Amazon GuardDuty

AWS Systems Manager

Amazon Inspector

AWS CloudTrail

A

Amazon GuardDuty

GuardDuty can perform automated remediation actions by leveraging Amazon CloudWatch Events and AWS Lambda. GuardDuty continuously monitors for threats and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3. GuardDuty analyzes multiple AWS data sources, such as AWS CloudTrail event logs, Amazon VPC Flow Logs, and DNS logs.

25
Q

Which service allows you to generate encryption keys managed by AWS?

AWS Key Manager (KM)

AWS Key Management Service (KMS)

AWS CloudHSM

AWS Identity and Access Management (IAM)

A

AWS Key Management Service (KMS)

KMS allows you to generate and manage encryption keys. The keys generated by KMS are managed by AWS.

26
Q

Which service allows you to locate credit card numbers stored in Amazon S3?

Amazon Comprehend

Amazon Rekognition

Amazon Macie

Amazon Inspector

A

Amazon Macie

Macie is a data privacy service that helps you uncover and protect your sensitive data, such as personally identifiable information (PII) like credit card numbers, passport numbers, social security numbers, and more.

27
Q

Which service allows you to record software configuration changes within your Amazon EC2 instances over time?

AWS Config

AWS Systems Manager

AWS Trusted Advisor

AWS Inspector

A

AWS Config

Config helps with recording compliance and configuration changes over time for your AWS resources.

28
Q

In the shared responsibility model, what is the customer responsible for?

Choose 2

Patching the host operating system (OS)

Cloud infrastructure

Patching the guest operating system (OS)

Firewall configuration and application security

A

Patching the guest operating system (OS)

Firewall configuration and application security

29
Q

Which of the following are tasks that only the root user can complete?

Choose 2

Launch EC2 instances.

Change the account name and email address.

Modify your support plan.

Configure databases.

A

Change the account name and email address.

Modify your support plan.

30
Q

Select the FALSE statement regarding the pillars of the AWS Well-Architected Framework.

The Cost Optimization pillar enables the ability to run systems to deliver business value at the lowest price point by utilizing a capital expenditures (CAPEX) model.

The Security pillar enables the ability to protect data, systems, and assets to improve your cloud security.

The Performance Efficiency pillar enables the ability to use computing resources efficiently as demand and technology changes.

The Operational Excellence pillar enables the ability to support development, run workloads effectively, gain operational insights, and improve supporting processes and procedures.

A

The Cost Optimization pillar enables the ability to run systems to deliver business value at the lowest price point by utilizing a capital expenditures (CAPEX) model.

The Cost Optimization pillar does enable the ability to run systems to deliver business value at the lowest price point. However, it favors the operating expenses (OPEX) model, rather than the capital expenditures (CAPEX) model.

31
Q

How do you manage permissions for multiple users at once using AWS Identity and Access Management (IAM)?

Roles

Groups

Policies

EC2 security groups

A

Groups

An IAM group is a collection of IAM users. When you assign an IAM policy to a group, all users in the group are granted permissions specified by the policy.

32
Q

Which service allows you to create access keys for someone needing to access AWS via the command line interface (CLI)?

Amazon Cloud Directory

AWS Secrets Manager

AWS Identity and Access Management (IAM)

AWS Security Hub

A

AWS Identity and Access Management (IAM)

IAM allows you to create users and generate access keys for users needing to access AWS via the CLI.

33
Q

Which service helps you control access to mobile and web applications?

Cognito

Macie

Shield

IAM

A

Cognito

Cognito helps you control access to mobile and web applications.

34
Q

Which of the following are pillars of the AWS Well-Architected Framework? (Choose 3.)

Choose 3

Environmental Responsibility Pillar

Security pillar

Operational excellence pillar

Cost optimization pillar

A

Security pillar

Operational excellence pillar

Cost optimization pillar

Cloud Practitioner (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions