Security and Compliance Flashcards
Describe in few words the Shared Resposibility Model in AWS
AWS is in charge of the Cloud and customers are responsible of what is done in the cloud.
According to the Shared Responsibility Model, who is responsible for firewall and network configuration for EC2 Instances?
a) AWS
b) The customer
c) AWS and the customer
b) The customer
The customer is responsible for firewall and network configuration. Customers are responsible for “Security IN the Cloud”. It also includes server-side encryption, client-side data protection, customer data protection, etc.
A company would like to protect its web applications from common web exploits that may affect availability, compromise security, or consume excessive resources. Which AWS service should they use?
a) Auto Scaling Groups (ASG)
b) Shield
c) CloudHSM
d) Web Application Firewall (WAF)
d) Web Application Firewall (WAF)
AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources.
Where can you find on-demand access to AWS compliance documentation and AWS agreements?
a) Artifact
b) Personal Health Dashboard
c) Secrets Manager
d) Shared Responsibility Model
a) Artifact
AWS Artifact is your go-to, central resource for compliance-related information that matters to you.
You can perform any kind of penetration testing on any AWS service without prior approval.
True or False
False
Penetration Testing is allowed without prior approval on 8 services. DDoS, port flooding and protocol flooding are examples of prohibited activities.
According to the Shared Responsibility Model, who is responsible for Patch Management?
a) AWS
b) The customer
c) AWS and the customer
c) AWS and the customer
AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. Shared Controls also includes Configuration Management, and Awareness and Training.
Which of the following services is managed by AWS and is used to manage encryption keys?
a) CloudHSM
b) KMS
c) AWS Secrets Manager
d) IAM
b) KMS
AWS KMS is a managed service that enables you to easily create and control the keys used for cryptographic operations. It is managed by AWS.
According to the Shared Responsibility Model, who is responsible for protecting hardware?
a) AWS
b) The customer
c) AWS and the customer
a) AWS
AWS is responsible for protecting hardware. AWS is responsible for “Security OF the Cloud”. AWS is also responsible for the infrastructure that runs all services in the AWS Cloud, etc.
You want to record configurations and changes over time. Which service allows you to do this?
a) Config
b) Inspector
c) GuardDuty
d) Secrets Manager
a) Config
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
Which service is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads?
a) KMS
b) WAF
c) Inspector
d) GuardDuty
d) GuardDuty
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads.
What is AWS Shield and how many tiers of this service are available?
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS.
There are two tiers of AWS Shield - Standard and Advanced.
What is AWS Secrets Manager?
AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.
What is Amazon Inspector?
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.
It applies only to EC2 (an agent shall be installed), after performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API.
What is Amazon Macie?
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS.
