Security and Compliance Flashcards

1
Q

Shared Responsibility of Infrastructure Services

A

Most consumer responsibility, customers responsible “in cloud” vs “of cloud”
Customer: Data, platform/app/identity management, OS/network/firewall config, client/server encryption, network traffic protection
AWS: Foundation services (storage, compute, network, database), Global Infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Shared Responsibility of Container Services (RDS, EMR, Beanstalk)

A

Balanced responsibility
Customer: Customer data encryption/integrity, network traffic protection, firewall config
AWS: Platform/app management, OS/network config, foundation services, global infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Shared Responsibility of Abstract Services (S3, DynamoDB, Glacier, SQS)

A

Most AWS responsibility
Customer: customer data, clientside data encryption
AWS: Network traffic protection, serverside encryption, platform/app management, OS/network config, foundation services, global infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

AWS Compliance Program

A

Helps customers to understand the robust controls in place at AWS to maintain security and compliance of the cloud. By tying together governance-focused, audit-friendly service features with applicable compliance or audit standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Encryption of Data in Transit

A

Data actively moving from one location to another such as across the internet or through a private network
Uses Transport Layer Security (TLS) and Certificate Managers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Encryption of Data at Rest

A

Data that is not actively moving from device to device or network to network such as data stored on a hard drive, laptop, flash drive, or archived/stored in some other way
Uses KMS and Amazon CloudHSM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Federated Access

A

User who can access secure AWS account resources using an external identity provider, such as Login with Amazon, Facebook, or Google

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

HIPAA

A

Standard required for storage of medical records in the US

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

AWS Abuse Team

A

Responsible for protecting AWS customers from various types of abuse, including spam, phishing, and other malicious activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

CLI

A

A command-line interface, a text-based user interface (UI) used to interact with a computer operating system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

AWS Risk and Compliance Program

A

Manages risk in all phases of service design and deployment and continually improve and reassess the organization’s risk-related activities
Components include information security, risk management, and control environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SDK

A

A software development kit, a set of software-building tools for a specific platform, including building blocks, debuggers, and sometimes a framework or group of code libraries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

API

A

Application Programming Interface, a software intermediary that enables two or more computer programs to communicate with each other

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which services have built-in DDoS protection/migration?

A

1) VPCs and Security Groups
2) Route 53
3) CloudFront
4) WAF
5) Elastic Load Balancing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly