Security and Compliance

Question 1

What is AWS Artifact?

Answer 1

A portal that provides compliance documents and agreements

Question 2

What services help provide Network security?

Answer 2

Shield, WAF and Network Firewall

Question 3

What is Cognito?

Answer 3

Allows web and mobile users to be IAM users

Question 4

How can a user investigate security issues or current suspicious activities?

Answer 4

Detective - note identifies cause of issue not identifies threat

Question 5

What is Config?

Answer 5

A tool to record configurations and changes over time helping to manage compliance

Question 6

What is Macie?

Answer 6

A tool that uses ML to discover and protect sensitive data

Question 7

What is Security Hub?

Answer 7

A dashboard for security and compliance acting as a hub for alerts and allowing the automation of security checks

Question 8

How might a AWS user get a history of API calls?

Answer 8

CloudTrail

Question 9

How might a AWS user protect against DDoS attacks?

Answer 9

Shield

Question 10

How might a AWS user protect incoming and outbound traffic for a VPC?

Answer 10

Network Firewall

Question 11

How might a user get access to compliance reports?

Answer 11

Artifact

Question 12

What is Audit Manager?

Answer 12

It allows the user to map user compliance requirements with usage data

Question 13

How can a user identify treats to security?

Answer 13

GuardDuty - note treats not issues

Question 14

What is Inspector?

Answer 14

A security assessment on EC2 instances and containers

Question 15

What is Cloud HSM?

Answer 15

HSM = Hardware Security Module - encryption hardware

Question 16

What are the different options offered by CMK?

Answer 16

CMK = Customer Master Key
Customer managed - own rotation policy + can bring own key
AWS managed
AWS owned - Multiple accounts and costumer can’t see key

Question 17

What does Certificate Manager do?

Answer 17

Set up SSL/TLS certificates - for encrypting and accessing HTTPS

Question 18

What is KMS

Answer 18

A AWS managed CMK

Question 19

For what services is KMS set up by default?

Answer 19

CloudTrail
S3 Glacier
Storage Gateway

Question 20

For what services is KMS an opt in?

Answer 20

EBS
S3
Redshift
RDS
EFS

Question 21

What is Control Tower?

Answer 21

Multi-account environment
Automate set-up and policy

Question 22

How can a AWS user observe and monitor AWS resources and trigger alarms when service limits are reached or exceeded?

Answer 22

CloudWatch

Question 23

What layer exploits does WAF protect against?

Answer 23

7

Question 24

Shield Advanced provides expanded DDoS attack protection for web applications running on resource?

Answer 24

Route 53

Question 25

What is Service Catalog?

Answer 25

Create and manage records of IT services approved for AWS use

Question 26

What is U2F

Answer 26

A hardware device for MFA it doesn’t require a code

Question 27

What code generating options are there in AWS for MFA?

Answer 27

Virtual Multi-Factor Authentication (MFA) device - software that can run on a physical device to gen a code
Hardware Multi-Factor Authentication (MFA) device - a hardware device to generate a code