Security Automation Flashcards

1
Q

What is DevSecOps?

A

is certainly about security, but it is just as much about the processes you use to build applications and helping to ensure security is built in to those processes by design

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Temporary Credentials

A

Trusted user can:

  • Assume roles on a temporary basis
  • Use temporary credentials to access your AWS resources 15 mins - 36 hours

Not always necessary

AWS security token service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Switching roles

A

allows practice of least-privilege principle

  • only permission to perform the current task
  • use elevated permissions only if the task requires them
  • permissions can be removed after task is completed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How to switch roles?

A
  1. create a role for cross-account access
  2. Establish trust from the account that owns the role the resources to the account that contains the user
    3.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

MFA

A

Multi-factor Authentication - requires users to enter a unique authentication code when accessing AWS website or service:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AWS IAM Policy Validator

A

Examines IAM policies for compliance with IAM policy grammar
runs automatically when policy is created or updated
checks only JSON policy syntax and grammar
if it policy validation fails, it will not allow you

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

AWS Config

A

safety can be added using AWS Config rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

AWS Secrets Manager

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

AWS Secrets Manager

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

AWS Systems Manager Parameter Store

A
  • store parameters as plaintext or as encrypted objects
  • reference parameters in scripts and commands
  • reference parameters
  • integrates with IAM and AWS KMS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are Secure String parameters?

A

Secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The Security Perspective of the Cloud Adoption Framework

A

Directive
Preventive
Detective
Responsive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The Security Perspective of the Cloud Adoption Framework

A

Directive
Preventive
Detective
Responsive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Security of the Pipeline

A

focus on

  • user management
  • least privilege
  • detective controls
  • infrastructure controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Threat detection tools

A

AWS Guard Duty
AWS Security Hub
Amazon Inspector

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

AWS Security Hub

A

Centrally manage and aggregate security alerts and compliance status across your AWS accounts, like Amazon GuardDuty, Amazon inspector, Amazon Macie and partner solutions. has a range of tools from firewalls and compliance scanners

17
Q

Amazon Inspector

A

automated security assessment service that improves the security and compliance of applications deployed

  • can automate with Amazon SNS, AWS Lambda, and AWS SSM:
    • agent installation
    • issue management and tracking
    • inspector runtimes
    • remediation