Security and Compliance Flashcards

1
Q

What is AWS Artifact?

A

A portal that provides compliance documents and agreements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What services help provide Network security?

A

Shield, WAF and Network Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Cognito?

A

Allows web and mobile users to be IAM users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How can a user investigate security issues or current suspicious activities?

A

Detective - note identifies cause of issue not identifies threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Config?

A

A tool to record configurations and changes over time helping to manage compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Macie?

A

A tool that uses ML to discover and protect sensitive data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Security Hub?

A

A dashboard for security and compliance acting as a hub for alerts and allowing the automation of security checks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How might a AWS user get a history of API calls?

A

CloudTrail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How might a AWS user protect against DDoS attacks?

A

Shield

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How might a AWS user protect incoming and outbound traffic for a VPC?

A

Network Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How might a user get access to compliance reports?

A

Artifact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Audit Manager?

A

It allows the user to map user compliance requirements with usage data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How can a user identify treats to security?

A

GuardDuty - note treats not issues

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Inspector?

A

A security assessment on EC2 instances and containers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Cloud HSM?

A

HSM = Hardware Security Module - encryption hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the different options offered by CMK?

A

CMK = Customer Master Key
Customer managed - own rotation policy + can bring own key
AWS managed
AWS owned - Multiple accounts and costumer can’t see key

17
Q

What does Certificate Manager do?

A

Set up SSL/TLS certificates - for encrypting and accessing HTTPS

18
Q

What is KMS

A

A AWS managed CMK

19
Q

For what services is KMS set up by default?

A

CloudTrail
S3 Glacier
Storage Gateway

20
Q

For what services is KMS an opt in?

A

EBS
S3
Redshift
RDS
EFS

21
Q

What is Control Tower?

A

Multi-account environment
Automate set-up and policy

22
Q

How can a AWS user observe and monitor AWS resources and trigger alarms when service limits are reached or exceeded?

A

CloudWatch

23
Q

What layer exploits does WAF protect against?

24
Q

Shield Advanced provides expanded DDoS attack protection for web applications running on resource?

25
What is Service Catalog?
Create and manage records of IT services approved for AWS use
26
What is U2F
A hardware device for MFA it doesn't require a code
27
What code generating options are there in AWS for MFA?
Virtual Multi-Factor Authentication (MFA) device - software that can run on a physical device to gen a code Hardware Multi-Factor Authentication (MFA) device - a hardware device to generate a code