Security and Compliance

Question 1

What service would you use if you want access to 24/7 DDoS response team?

Answer 1

AWS Shield Advanced (Standard is free)

Question 2

What is AWS Inspector?

Answer 2

Runs checks against your instances to check for vulnerabilities

Question 3

How would you analyze ELB access logs?

Answer 3

Use Athena in conjunction with S3 and ELB logs

Question 4

What is GuardDuty?

Answer 4

It is Intelligent Threat Discovery using machine learning algorithms

Question 5

How do you enable emails for Trusted Advisor?

Answer 5

Via the UI

Question 6

What is Cloud HSM?

Answer 6

Cloud Hardware Security Model

Question 7

What would you use if you need FIPS 140-2 level 3 compliance?

Answer 7

CloudHSM

Question 8

How do we know if our users are using MFA?

Answer 8

Download the Credentials Report

Question 9

How can we make sure a user can assign a role to an AWS resource?

Answer 9

Assign the IAM:PassRole to the user

Question 10

What is STS?

Answer 10

It grants limited and temporary access to AWS resources

Question 11

What is Identity Federation?

Answer 11

Federation lets users outside of AWS assume a temporary role to access AWS resources

Question 12

How can I find compliance documentation on AWS?

Answer 12

Use AWS Artifact