Security and Compliance Flashcards
What is AWS Artifact?
A portal that provides compliance documents and agreements
What services help provide Network security?
Shield, WAF and Network Firewall
What is Cognito?
Allows web and mobile users to be IAM users
How can a user investigate security issues or current suspicious activities?
Detective - note identifies cause of issue not identifies threat
What is Config?
A tool to record configurations and changes over time helping to manage compliance
What is Macie?
A tool that uses ML to discover and protect sensitive data
What is Security Hub?
A dashboard for security and compliance acting as a hub for alerts and allowing the automation of security checks
How might a AWS user get a history of API calls?
CloudTrail
How might a AWS user protect against DDoS attacks?
Shield
How might a AWS user protect incoming and outbound traffic for a VPC?
Network Firewall
How might a user get access to compliance reports?
Artifact
What is Audit Manager?
It allows the user to map user compliance requirements with usage data
How can a user identify treats to security?
GuardDuty - note treats not issues
What is Inspector?
A security assessment on EC2 instances and containers
What is Cloud HSM?
HSM = Hardware Security Module - encryption hardware
What are the different options offered by CMK?
CMK = Customer Master Key
Customer managed - own rotation policy + can bring own key
AWS managed
AWS owned - Multiple accounts and costumer can’t see key
What does Certificate Manager do?
Set up SSL/TLS certificates - for encrypting and accessing HTTPS
What is KMS
A AWS managed CMK
For what services is KMS set up by default?
CloudTrail
S3 Glacier
Storage Gateway
For what services is KMS an opt in?
EBS
S3
Redshift
RDS
EFS
What is Control Tower?
Multi-account environment
Automate set-up and policy
How can a AWS user observe and monitor AWS resources and trigger alarms when service limits are reached or exceeded?
CloudWatch
What layer exploits does WAF protect against?
7
Shield Advanced provides expanded DDoS attack protection for web applications running on resource?
Route 53
What is Service Catalog?
Create and manage records of IT services approved for AWS use
What is U2F
A hardware device for MFA it doesn’t require a code
What code generating options are there in AWS for MFA?
Virtual Multi-Factor Authentication (MFA) device - software that can run on a physical device to gen a code
Hardware Multi-Factor Authentication (MFA) device - a hardware device to generate a code