Security and Compliance

Question 1

Resource Groups

Answer 1

You can use resource groups to organize your AWS resources. Resource groups make it easier to manage and automate tasks on large numbers of resources at one time.

Question 2

IAM Identities

Answer 2

Identities are the IAM resource objects that are used to identify and group. You can attach a policy to an IAM identity. These include users, groups, and roles.

Question 3

A new application needs temporary credentials to access resources in AWS. How can this best be achieved?

Answer 3

Create an IAM role and have the application assume the role.

Question 4

Network ACL

Answer 4

A network access control list (NACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets.

Question 5

IAM Principal

Answer 5

A Principal is a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS.

Question 6

Security Group

Answer 6

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC can be assigned to a different set of security groups.

Question 7

AWS Inspector

Answer 7

Amazon Inspector creates a finding when it discovers a software vulnerability or network configuration issue. A finding describes the vulnerability, identifies the affected resource, rates the severity of the vulnerability, and provides remediation guidance.