Security & Compliance

Question 1

In a shared responsibility Model AWS is responsible for

Answer 1

protecting and securing their infrastructure

Question 2

In a shared responsibility Model you are responsible for how the services are implemented and

Answer 2

managing your application’s data

Question 3

What are AWS responsibilities regarding EC2 instances (2)

Answer 3

• Patching the host operating system
• Security of the physical server

Question 4

What are AWS responsibilities regarding Lamda (2)

Answer 4

• Operating system
• Software dependencies

Question 5

With Lambda the Customer is responsible for (2)

Answer 5

• Storage of sensitive data
• IAM for permissions

Question 6

With EC2 the Customer is responsible for (3)

Answer 6

• Patching the guest operating system
• Security controls
• Installed applications

Question 7

The 5 pillars of the Well-Architected Framework describe design principles and best practices for running workloads in the cloud. They are;

C.O.R.P.S.

Answer 7

• Cost OptimIzation
• Operational Excellence
• Reliability
• Performance Efficiency
• Security

Question 8

Operational Excellence involves Creating applications that support production workloads 3 key takeaways are:

• Script
• Plan
• Deploy

Answer 8

• Script Operations as Code
• Plan for failure
• Deploy Smaller reversible changes

Question 9

Performance Efficiency involves the effective use of computing resources to meet

Answer 9

system and business needs while removing bottlenecks

Question 10

Security focuses on putting mechanisms in place that protect your systems and data you can do this by (3)

• Track
• Encrypt

Answer 10

• Encrypt Data in transit and at rest
• Track who did what and when
• Automate Security Tasks

Question 11

Reliability Design systems that work consistently and recover quickly (3)

• Scale
• Reduce
• Test

Answer 11

• Scale horizontally for resilience
• Reduce Idle resources
• Test Recovery Procedures

Question 12

Cost OptimIzation has three main takeaways (3)

• Use consumption-based
• Implement cloud
• Measure

Answer 12

pricing
financial management
overall efficiency

Question 13

Use Cases for Operational Excellence: You can use AWS CodeCommit for version control to enable

Answer 13

tracking of code changes

Question 14

Use Cases for Performance Efficiency: You can use AWS Lambda to

Answer 14

run code with zero administration.

Question 15

Use Cases for Security: You can use CloudTrail to configure central logging of

Answer 15

all actions performed in your account

Question 16

Use Cases for Reliability: You can use Multi-AZ deployments for enhanced availability and reliability of

Answer 16

RDS databases.

Question 17

Use Cases for Cost OptimIzation: You can use S3 Intelligent-Tiering to automatically move your data

Answer 17

between access tiers based on your usage patterns.

Question 18

In AWS Users are entities you create in IAM to represent

Answer 18

the person or application needing access to your AWS resources.

Question 19

A group is a collection of IAM users that helps you apply common

Answer 19

access controls to all group members.

Question 20

In AWS Roles can be assumed by

Answer 20

any user or service that needs them.

Question 21

AWS Policies help you manage permissions for IAM users, groups, and roles by creating a policy document in

Answer 21

JSON format and attaching it.

Question 22

Real-world use cases for IAM: Using Roles help you avoid sharing long-term credentials

Answer 22

like access keys

Question 23

IAM credential report: Lists all users and status of passwords, access keys, and MFA device. This is best used for

Answer 23

auditing and compliance

Question 24

Do not confuse security groups for EC2 with IAM groups. EC2 security groups

Answer 24

act as firewalls, while IAM groups are collections of users.

Question 25

What can only the root user do? (3)

Answer 25

• Modify your support plan
• Modify email address
• Close your account

Question 26

What changes can AWS Config help you identify within EC2?

Answer 26

Network

Software

OS/system-level updates, and more.

Question 27

GuardDuty identifies malicious or unauthorized activities in your AWS account using

Answer 27

machine learning

Question 28

GuardDuty identifies threats by continuously monitoring _________ activity and ________ within your AWS environment.

Answer 28

network, account behavior

Question 29

Inspector has built-in rules to access your EC2 instances to find

Answer 29

vulnerabilities and report by the level of severity.

Question 30

Artifact is a central repository for

Answer 30

compliance reports from third-party auditors who have audited AWS

Question 31

Artifact Use Case? (2)

Answer 31

• Service Organization Controls (SOC) reports
• Payment Card Industry (PCI) reports

Question 32

Cognito controls access to mobile and web applications by assisting with user ______________ & ____________

Answer 32

Sign-up and sign-in

Provides authentication and authorization

Question 33

Cognito- Use Case: allows your users to sign in to your application through

Answer 33

social media accounts like Facebook and Google

Question 34

Key Management Service (3)

Answer 34

• Generate, Store, and Control Keys

Question 35

• Enable MFA for privileged users.
• Implement strong password policies.

Are examples of which Service best practices?

Answer 35

IAM best practices

Question 36

Cloud HSM allows you to meet corporate, and regulatory compliance requirements for data security by using

Answer 36

dedicated hardware for security in the cloud.

Question 37

CloudHSM is a Hardware Security Module (HSM) used to

Answer 37

Generate and manage your own encryption keys

Question 38

When using CloudHSM AWS does not have access

Answer 38

to your encryption keys

Question 39

Secrets Manager Allows you to manage and retrieve

Answer 39

secrets (passwords or keys).

Question 40

Secrets Manager integrates with which three services?

Answer 40

RDS
Redshift
DocumentDB

Question 41

Amazon Inspector helps to improve the security and compliance of applications by

Answer 41

running automated security assessments.

Question 42

Amazon Inspector is a service that checks applications for

Answer 42

security vulnerabilities and deviations from security best practices.

Question 43

From within AWS Artifact you can review,

Answer 43

accept, and manage agreements with AWS.

Question 44

With AWS Roles you can assume a role to perform a task in a single session and access is assigned

Answer 44

using policies.

Question 45

• Create individual users instead of using root.
• Use roles for Amazon EC2 instances.

Answer 45

IAM Best Practices

Question 46

Using Roles helps you protect your instances from

Answer 46

unauthorized access.

Question 47

GuardDuty works by looking for threats on your account that are associated with

Answer 47

common techniques used by attackers.