Security And Compliance Flashcards
Your company has an application that uses Amazon EC2 instances to run the customer-facing website and Amazon RDS database instances to store customers’ personal information. How should the developer configure the VPC according to best practices?
1- EC2 private subnet, RDS public subnet
2- EC2 public subnet, RDS private subnet
3- EC2 and RDS single public subnet
4- EC2 and RDS single private subnet
EC2 public subnet, RDS private subnet
Which component can be used to establish a private dedicated connection between your company’s data center and AWS?
AWS Direct connect
Which statement best describes security groups?
1- They are stateful and deny all inbound traffic by default
2- They are stateful and allow all inbound traffic by default
3- They are stateless and deny all inbound traffic by default
4- They are stateless and allow all inbound traffic by default
They are STATEFUL and DENY all inbound traffic by default
Which component is used to connect a VPC to the internet?
Internet Gateway
What is an IAM policy?
A document that grants/denies permissions to AWS services and resources
An employee requires temporary access to create several S3 buckets. Which security/permissions option would be the best choice for this task?
IAM role
What is the principle of least privledge?
Getting only tte permissions that are needed to perform specific tasks
Which service helps protect your applications against DDoS attacks?
AWS Shield: as network traffic comes into your applications, AWS Shield uses a variety of analysis techniques to detect potential DDoS attacks in real time and automatically mitigates them.
What does AWS Key Management Service (KMS) do?
Create cryptographic keys. It enables you to perform encryption operations through the use of keys. You can use it to create, manage, and use cryptographic keys.
Which TWO actions can you perform using Amazon CloudWatch?
1- Monitor your resources’ utilization and performance
2- Receive real-time guidance for improving your AWS environment
3- Compare your infrastructure to AWS best practices in five categories
4- Access metrics from a single dashboard
5- Automatically detect unusual account activity
Monitor your resources’ utilization and performance
Access metrics from a single dashboard
Which service enables you to review the security of your Amazon S3 buckets by checking for open access permissions?
AWS Trusted Advisor: it is a web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices. The inspection includes security checks
What are the FIVE categories included in the Trusted Advisor dashboard?
COST OPTIMIZATION
PERFORMANCE: checks for high-utilization EC2 instances, provides recommendations for how to take advantage of provisioned throughput
SECURITY: checks that help you to review your permissions and identify which AWS security features to enable
FAULT TOLERANCE: checks to help you improve your applications’ availability and redundancy
SERVICE LIMITS
Which perspective of the AWS Cloud Adoption Framework helps you structure the selection and implementation of permissions?
1- Governance
2- Security
3- Operations
4- Business
Security
Which service enables you to review details for user activities and API calls that have occurred within your AWS environment?
AWS CloudTrail
What is Amazon GuardDuty?
A service that provides intelligent threat detection for your AWS infrastructure and resources by continually monitoring the network activity and account behavior within your AWS environment.