Security and Compliance Flashcards
What is a NAT Gateway?
A NAT Gateways allow your instances in your private subnets to access the Internet while remaining private, and are managed by AWS.
You would like to connect hundreds of VPCs and your on-premises data centers together. Which AWS service allows you to do link all these together efficiently?
A Transit Gateway.
It connects thousands of VPC and on-premises networks together in a single gateway.
What is Amazon Macie?
A security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS, such as personally identifiable information (PII) or intellectual property.
What is Amazon Detective?
A tool that lets you quickly find the root of potential security issues to take faster actions.
What is AWS WAF?
Web Application Firewall:
AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources.
Where can you find on-demand access to AWS compliance documentation and AWS agreements?
AWS Artifact.
You want to centrally automate security checks across several AWS accounts. Which AWS service can you use?
AWS Security Hub.
What is AWS KMS?
Key Management Service. Manage the cryptographic keys in use for your encryption.
Which AWS service’s ONLY role is to safeguard running applications from DDoS attacks?
Amazon Shield.
What is AWS CloudHSM?
AWS CloudHSM is a cloud-based Hardware Security Module (HSM) that enables you to easily generate and use your encryption keys on the AWS Cloud. With CloudHSM, you can manage your encryption keys using FIPS 140-2 Level 3 validated HSMs. It is a fully-managed service that automates time-consuming administrative tasks for you, such as hardware provisioning, software patching, high-availability, and backups.
What is Amazon GuardDuty?
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3.
What is AWS Sheild?
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS.
What is AWS Firewall Manager?
AWS Firewall Manager is a security management service which allows you to centrally configure and manage firewall rules across your accounts and applications in AWS Organizations.
What is an AWS Service Control Policy (SCP)?
Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization.
They define maximum permissions for users in an account, to further restrict individuals and roles (even if an IAM allows access to something). They can’t be used alone to give permissions, only restrict.
What is AWS Control Tower?
AWS Control Tower provides the easiest way to set up and govern a secure, multi-account AWS environment based on best practices established through AWS’ experience working with thousands of enterprises as they move to the cloud.
