Security & Compliance Flashcards
What are the resposibily of AWS?
- Security of the Cloud
- Manged Services (Lambda, S3, etc)
Page 332
What are the responsibilies of Customer?
- The Data in AWS
- Manage all the services that are no Managed by AWS, like services on EC2 Instances.
- Security data, encrypting data
Page 332
What are the share responnsibility of AWS and Customer?
- Patch Managmet
- Configuration Managment
- Awareness
- Trainning
Page 332
What is a DDOS Attack?
Distributed Denail of Service.
Happens when the service receive high level of work from several sources (Bots) with the intention of running out the resources of the platform.
Page 336
Does AWS Shield Standar works against DDoS?
Yes, it works for Apps and Websites
Page 337
What is the difference between AWS Shield and AWS Shield Advance?
- AWS Shield Advance provides a 24/4 premium protection.
- In AWS Shield standar, you will have a fee on Highe Loads.
Page 337
Does AWS WAF works against DDoS Attack?
Yes, AWS Web Application Firewall work filtering requests on base of rules.
Page 337
How Cluoud Route 53 can be used against DDoS Attaks?
- Distributing all the load along several servers, avoidin concentrate all the trafin in one server.
- It is impleenting on the edge, providing a high level security along with AWS Shield.
Page 337
Auto Scaling is a good thecnic agains DDoS Attack?
Yes, you can increase you capacity accoriding the load but you must specify a limit.
Page 337
Talking about OSI Model, what are the Layers where AWS Shield works with?
On Layer 3 (TCP) and 4 (Internet)
Page 339
Talking about OSI Model, what are the Layers where AWS WAF works with?
Layer 7 (Application/HTTP Layer) HTTP Protocol is considered as a Application Protocol.
page 340
On what of these services is deployed AWS WAF?
a. EC2
b. Application Lod Balancer
c. ECS
d. Route53
e. API Gateway
f. NACL
g. CloudFront
h. AWS AppSync
i. Amazon Cognito resources.
B. Application Load Balancer (Works with HTTP requests)
E. API Gateway (Works with HTTP requests)
G, H, I. Are service management as a Webservice.
Page 340
What is Web ACL?
Web Access Control List
It’s a set of configuratioon of AWF where you can filter with more detail:
+ By IP
+ By Coutnry Origin
+ String match or regular expression (regex) match in a + part of the request
+ Size of a particular part of the request
+ Detection of malicious SQL code or scripting
+ Frequency, against DDoS.
Basicaly, it analize most of the HTTP Request to see if it meets some of these filtered characteritics.
Page 340
https://docs.aws.amazon.com/waf/latest/developerguide/web-acl.h
What is Penetration Testing on AWS?
It’s a simulated cyber attack against your computer system to check for exploitable vulnerabilities.
Stages:
1. Planning and reconnaissance. Define de Goal of the attack
2. Scanning. Assesment how the system response againts attaks.
3. Gain Access. Evaluate if it’s possible access to the system.
4. Maintaning Access. Evaluate how long can the intrution has been accessed.
5. Analysis and WAF Configuration. With the outcomes, set the proper configurations on WAF.
Page 341
https://www.imperva.com/learn/application-security/penetration-testing/
What are Data in Rest and Data in Transit?
Data in Rest: Any data that is kept/stored/achived.
Data in Transit: Any data that is travelint long communication paths, like public or private networks.
Page 343
What are Encryption Keys?
They’re keys to encrypt and decrypt data in motion or rest.