Security and Compliance

Question 1

Managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS

Answer 1

AWS Shield

Question 2

A web application firewall that helps protect your web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources

Answer 2

AWS WAF

Question 3

Service that lets you create, manage, and control cryptographic keys across your applications and more than 100 AWS services

Answer 3

Amazon Key Management Service (KMS)

Question 4

Service that lets you manage and access your keys on FIPS-validated hardware, protected with customer-owned, single-tenant HSM instances that run in your own Virtual Private Cloud (VPC).

Answer 4

AWS CloudHSM

Question 5

A service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources

Answer 5

AWS Certificate Manager

Question 6

Central resource for compliance-related information

Answer 6

AWS Artifact

Question 7

A threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation. Service checks VPC, DNS, and CloudTrail Logs

Answer 7

AWS GuardDuty

Question 8

An automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure

Answer 8

AWS Inspector

Question 9

A service that enables you to assess, audit, and evaluate the configurations of your AWS resources

Answer 9

AWS Config

Question 10

Data security and data privacy service that uses machine learning (ML) and pattern matching to discover and protect sensitive data

Answer 10

Amazon Macie

Question 11

Service that monitors and records account API activity across your AWS infrastructure, giving you control over storage, analysis, and remediation actions

Answer 11

AWS CloudTrail

Question 12

Service that provides you with a comprehensive view of your security state in AWS and helps you check your environment against security industry standards and best practices

Answer 12

AWS Security Hub

Question 13

Service that automatically collects log data from your AWS resources and uses machine learning, statistical analysis, and graph theory to build a linked set of data that enables you to easily conduct faster and more efficient security investigations

Answer 13

Amazon Detective

Question 14

What are the behaviors considered AWS abuse?

Answer 14

Spam
Port Scanning
Denial-of-service (DoS) attacks
Intrusion attempts
Hosting prohibited content
Distributing malware

Question 15

What are the actions exclusively permitted to the root user account?

Answer 15

Change account settings
Close AWS account
Change or cancel your AWS support plan
Register as a seller in the Reserved Instance Marketplace