Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Computer Science Skills > Security and Compliance > Flashcards

Security and Compliance Flashcards

You may prefer our related Brainscape-certified flashcards:
Biology 101 flashcards
1
Q

AWS Security in the Cloud

A
  • Global network of data centers built with security in mind
  • Safeguards to protect customer privacy
  • Dozens of compliance programs to help meet industry compliance requirements
  • High security standards without need for your own data centers
  • Scale your business quickly
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security and Compliance Domain

A
  • AWS shared responsibility model
  • AWS Cloud security, governance, and compliance concepts
  • AWS access management capabilities
  • Identify components and resources for security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Shared Responsibility Model

A
  • Security of cloud computing infrastructures and data is a shared responsibility
  • AWS: security of the cloud (data centers, hardware, software, networking)
  • Customer: security in the cloud (customer data, encryption, identity and access management, firewalls)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Cloud Security Well-Architected Framework

A
  • Identity and access management: principle of least privilege
  • Enable traceability
  • Security at all layers and automated security for scaling and cost-optimization
  • Data should be protected at-rest and in transit
  • Eliminate direct access and manual processing of data
  • Intervene, investigate, and respond incidents
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

AWS Cloud Security Services

A
  • Amazon Inspector
  • AWS Shield
  • Amazon GuardDuty
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AWS Compliance Programs

A
  • Compliance certifications
  • Security standards
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Self-Service Audit Artifact Retrieval Service

A
  • AWS Artifact
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Governance

A
  • The process of creating and enforcing decisions within an organization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Principle of Least Privilege

A
  • Only provide the least amount of access needed for an entity to do its job, and no more
  • Use IAM to provide access to resources to both users and other AWS services
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Identities in AWS (WHO)

A
  • Human identity
  • Workload: a collection of resources and code that provides business value
  • Federated identity: single sign-on (SSO), AWS IAM Identity Center
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Controlling Access to AWS

A
  • Roles
  • Policies: define what an identity or resource can do
  • Permissions: define whether an action is allowed or denied
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Traffic Control

A
  • Security groups: control traffic that is allowed to reach and leave AWS resources
  • Network access control lists (NACLs): deny specific inbound and outbound traffic at subnet level
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Security Groups

A
  • Protect at instance level
  • Stateful: traffic allowed in is allowed out (“remembers”
  • No explicit deny
  • All inbound traffic blocked and outbound traffic allowed by default
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

NACLs

A
  • Protect at subnet level
  • Stateless: in and out traffic needs to be defined separately (“forgets”)
  • Explicit deny
  • All inbound and outbound traffic allowed by default
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Identity Access Management (IAM)

A
  • Manage access to services and resources in the AWS Cloud
  • Manage users and groups
  • Can provide access to users or other AWS services
  • Permissions are global; any access setting will be true across all regions
  • Follow principle of least privilegeM
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

IAM: Manage Users

A
  • Create users in IAM and assign them security credentials
  • Users can have very precise permission sets
  • Users can access AWS through AWS Management Console
  • Programmatic access to data and resources
17
Q

IAM: Manage IAM Roles

A
  • Create roles to manage permissions and what these roles can do
  • An entity assumes a role to obtain temporary security credentials to make API calls to your resources
  • Used to provide a user from another AWS account with access to your AWS account
18
Q

IAM: Manage Federated Users

A
  • Enable identity federation: allow existing identities in your enterprise to access AWS without having to create an IAM user for each identity
  • Can use any identity management solution that uses SAML 2.0 or one of the AWS federation samples
19
Q

Benefits of IAM

A
  • Enhanced security
  • Granular control
  • Ability to provide temporary credentials
  • Flexible security credential management
  • Federated access
  • Seamless integration across AWS services
20
Q

Security Credentials

A
  • Password policy: password requirements and rotation of passwords
  • Temporary access keys to make programmatic calls to AWS
21
Q

Multi-factor Authentication (MFA)

A
  • Two-factor authentication (2FA)
  • User presents at least two pieces of evidence that verify they should access the said account
22
Q

AWS Secrets Manager

A
  • Saves all of your “secrets”
  • Secrets: passwords, credentials, tokens, access keys
  • Integrates with key AWS services
23
Q

AWS Systems Manager

A
  • Centralized control tower to manage AWS resources in multi-cloud and hybrid environments
  • Visualize and operate on multiple AWS services from one place
  • Create logical groups of resources and select a resource group to view metrics and take action
  • Helps IT admins make sure infrastructure is running smoothly and alerts them when resources are not meeting internal compliance policies
24
Q

AWS Web Application Firewall (WAF)

A
  • Protects web apps running on the AWS Cloud from common web exploits compromising security, availability, or resources
25
Q

Distributed Denial-of-Service (DDOS) Attack

A
  • An attempt to make a machine or network unavailable
  • Most often by making excessive repeated requests to the website using thousands of unique IP addresses
26
Q

AWS Shield: Standard

A
  • Free and automatically enabled
  • Protects against a majority of DDoS attacks
  • Comprehensive availability protection against all known infrastructure attacks when used with CloudFront and Route 53
27
Q

AWS Shield: Advanced

A
  • Integrates with AWS WAF
  • Provides higher-level protections, network and transport layer protections, and automated traffic monitoring
  • Financial protection against DDoS-related spikes in charges for EC2, elastic load balancers, CloudFront, and Route 53
  • Available on all CloudFront and Route 53 edge locations
28
Q

Amazon Inspector

A
  • Automated security assessment service for applications
  • Assesses for exposure, vulnerabilities, and deviations from best practices
  • Generates detailed vulnerability reports and reports validating tests were performed
  • Define custom standards and best practices or use AWS standards
29
Q

AWS Trusted Advisor

A
  • Guides provisioning of resources to follow AWS best practices
  • Scans infrastructure and provides action recommendations to meet best practices
  • Based on cost optimization, performance, security, fault tolerance, and service limits
30
Q

Seven Core AWS Trusted Advisor Checks

A
  • S3 bucket permissions
  • Security groups
  • IAM use
  • MFA on root account
  • Elastic Block Store (EBS) public snapshots
  • Relational Database Service (RDS) public snapshots
  • Service limits
31
Q

Full AWS Trusted Advisor Checks

A
  • Weekly update notifications
  • Automated actions in response to alerts using CloudWatch
  • Programmatic access to scan results via AWS support API
32
Q

Amazon GuardDuty

A
  • 24/7 threat detection service to AWS Cloud
  • Monitors for malicious activity and unauthorized behavior
  • Analyzes events to send actionable alerts via CloudWatch
  • Uses machine-learning, anomaly detection, and integrated threat intelligence to identify potential threats
33
Q

AWS Artifact

A
  • On-demand self-service portal to download AWS security and compliance documents and independent software vendor (ISV) compliance reports
  • Review, accept, and track status of AWS agreements specific to your organization’s industry
34
Q

Amazon CloudWatch

A
  • Monitors application performance
  • Set alarms and automated actions to activate at predetermined thresholds to mitigate potential issues
35
Q

AWS CloudTrail

A
  • Generates audit trails of every action taken by a user, role, or AWS service in your account
36
Q

AWS Audit Manager

A
  • Automates evidence collection to generate audit-ready reports to prove system compliance for audits
37
Q

AWS Config

A
  • Provides detailed views of AWS resource configurations in your AWS account

Computer Science Skills (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions