Security & Compliance Flashcards
What service protects against DDoS attacks for all customers at no additional costs
AWS Shield Standard
Premium service that protects against more sophisticated attacks at a cost of $3,000 per month per org.
AWS Shield Advanced
What service is a web application firewall that helps you protect against common web exploits and bots that can affect availability, compromise security, or consume excessive resources?
AWS WAF
What two services help mitigate DDoS attacks by utilizing the Edge?
CloudFront & Route53
What are prohibited activities when doing penetration test?
DNS
DoS or DDoS
Port Flooding
Protocol Flooding
Request Flooding
True or False: You can do any type of penetration testing on your applications within AWS?
False
At what two points does encryption need to take place for data?
At Rest & In Transit
Which service lets you create, manage, and control cryptographic keys across your applications and AWS services?
AWS KMS
What service does AWS provision encryption hardware where users manage encryption keys?
CloudHSM
What service provisions, manages, and deploys SSL/TLS Certificates?
AWS Certificate Manager
Helps you manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycles.
AWS Secrets Manager
Provides on-demand access to security and compliance reports from AWS and ISVs who sell their products on AWS Marketplace.
AWS Artifact
Threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation. Uses ML and 3rd, party data.
AWS GuardDuty
What service can protect against CryptoCurrency attacks?
AWS GuardDuty
Automated vulnerability/security management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure.
AWS Inspector
What service continually assesses, audits, and evaluates the configurations and relationships of your resources on AWS, on premises, and on other clouds to check for compliance issues?
AWS Config
Data security service that uses machine learning (ML) and pattern matching to discover and help protect your sensitive data, like PII (personally identifiable information).
AWS Macie
What central security tool manages security across several AWS Accounts and is a cloud security posture management service that performs security best practice checks, aggregates alerts, and enables automated remediation?
Security Hub
What service analyzes, investigates, let’s the user visualize, and quickly identifies the root cause of security issues or suspicious activities?
Amazon Detective
What should you do if you encounter AWS services being used for abusive or illegal purposes?
Report it to the AWS Abuse Team
What actions can only be performed by the Root User account?
Change account settings
Close your AWS account
Change or cancel AWS Support Plans
Register as a seller on the Reserved Instance Marketplace
