Security and Compliance

Question 1

What framework specified requirements for establishing implementing operating monitoring reviewing maintaining and improving a documented information security management system

Answer 1

ISO 27001:2005

Question 2

What framework is government wide program that provides a standardized approach to security assessment authorization and continuous monitoring for cloud services

Answer 2

Fed ramp

Question 3

What framework has the goal of the level to make it easier for people keep health insurance protect confidentiality and security of health information

Answer 3

HIPAA

Question 4

What framework is focused on critical infrastructure cyber security

Answer 4

NIST

Question 5

What framework is a widely accepted set of policies to optimize the scrutiny of card transactions

Answer 5

PCI

Question 6

What AWS service protects against DDOS attacks

Answer 6

AWS shield

Question 7

What technologies mitigate a DDOS attack?

Answer 7

ELB
Route53
Cloudfront
wAF
Auto scaling
Cloudwatch

Question 8

Do you need to request pen test authorization if you plan on using a pen testing product from the AWS marketplace?

Answer 8

Yes

Question 9

What tools can you use to create custom policies?

Answer 9

JSON

Visual editor

Question 10

When can you attach roles to EC2 instances?

Answer 10

Anytime

Question 11

When does a policy change take effect when made

Answer 11

Immediately

Question 12

How can you enable MFA

Answer 12

CLI

Console

Question 13

What service enables you to enforce MFA at the command line?

Answer 13

STS

Question 14

What service allow temporary access to AWS resources?

Answer 14

STS

Question 15

What are three STS sources

Answer 15

Federation AD
Federation mobile apps
Cross account access

Question 16

What are the four logging services in AWS?

Answer 16

Cloudtrail
Config
Cloudwatch logs
VPC flow logs

Question 17

What logging service tracks API calls?

Answer 17

Cloudtrail

Question 18

What log service track all configure changes?

Answer 18

AWS config

Question 19

What log service tracks network traffic?

Answer 19

VPC flow logs

Question 20

Who can access AWS hypervisors?

Answer 20

AWS administrators

Question 21

Do you need to scrub you EC2 instances before dcom?

Answer 21

No AWS will scrub post dcom and reallocation

Question 22

Can you deploy a Linux system with HVM?

Answer 22

No. Windows only.

Question 23

How is PV configured?

Answer 23

Hardware in ring 0

Guest in layer 1 and apps in layer 3

Question 24

Can AWS staff access you EC2 instance?

Answer 24

No

Question 25

You need to deploy an instance and ensure sockets, cored and host is is visible. As well as the affinity between host and instance. The instance placement must be targeted

Answer 25

Dedicated hosts

Question 26

Your software is server bound. What AWS option can fulfill this need?

Answer 26

Dedicated hosts

Question 27

Your administrator discovered a bug and you need to change a setting in thousands of instances

Answer 27

Ensure instances are tagged
Specify tag in run command
Ensure instances have a system manager role assigned

Question 28

Can you use SSM with on prem?

Answer 28

Yes, you will need to install SSM agent

Question 29

What service allows you to store information such as users, passwords, license keys to pass to a bootstrap script?

Answer 29

System manager parameter store

Question 30

T or F

System manger parameter store forces you to store values as encrypted?

Answer 30

False

You can use plain text also

Question 31

What is a S3 pre-signed URL?

Answer 31

T

Question 32

What is the command to created an S3 pre-signed URL from the CLI? Also ensure it expires in 300 seconds

Answer 32

aws s3 presign S3://bucket name/file name —expires-in 300

Question 33

What is the default length of time presigned urls exist for?

Answer 33

1 hour

Question 34

What are two key AWS S3 config rules

Answer 34

Bucket write prohibited

Bucket read prohibited

Question 35

What service does AWS inspector provide

Answer 35

Security assessment to improve security and compliance

Question 36

Your manager has asked for detailed list of security issues prioritized by severity and put into a report

Answer 36

Use AWS inspector

Question 37

Your manager has asked you to review the AWS infrastructure to identify ways to reduce cost, increase performance and improve security. What service should you use?

Answer 37

Trusted advisor

Question 38

What subscription do you need to unlock all trusted advisor recommendations?

Answer 38

Business or enterprise

Question 39

What are the 4 AWS inspector rules packages?

Answer 39

Common vuln
CIS operating system sec config bench
Sec BP
Runtime behaviour analysis

Question 40

What are the 4 things trusted advisor will check?

Answer 40

Cost optimization
Availability
performance
Security

Question 41

Sec groups are state full what does that mean?

Answer 41

If you open an inbound port the outbound port is also opened

Question 42

What port does SQL use

Answer 42

1433

Question 43

What port does http use?

Answer 43

80

Question 44

What port does ssh use

Answer 44

22

Question 45

You want to know you keeps provisioning instances in a large env when you have hundreds of developers with access?

Answer 45

Cloudtrail stores logs in S3, use Athena to grep out

Question 46

You are being audited and it has been requested you provide all the AWS compliance docs. How can you gather all these?

Answer 46

AWS artifact

Question 47

What is cloudHSM?

Answer 47

Cloud based hardware security module

Question 48

What is the difference between KMA and cloudHSM?

Answer 48

KMS is shared tenancy

CloudHSM provides isolated hardware to store and provides FIPS

Question 49

What services can be encrypted instantly

Answer 49

S3

Question 50

What services would require a migration to occur to facilitate a requirement to encrypt existing data

Answer 50

DynamoDB
RDS
EFS
EBS