Security & Compliance Flashcards
What AWS service allows you to control access to your AWS services and resources?
Identity and Access Management (IAM)
What AWS service helps protect your web applications against common web attacks?
Web Applications Firewall (WAF)
What AWS product provides a managed Distributed Denial of Service (DDoS) protection service?
Sheild
What AWS product helps you discover and protect sensitive data?
Macie
What AWS product allows you to assess, audit, and evaluate the configurations of your resources?
Config
What AWS service provides an intelligent threat detection system that uncovers unauthorized behavior?
GuardDuty
What AWS service works with EC2 instances to uncover and report vulnerabilities?
Inspector
What AWS service offers on-demand access to AWS security and compliance reports?
Artifact
What AWS product helps you control user/customer access to mobile and web applications?
Cognito
What AWS service allows you to generate and store encryption keys?
Key Management Service (KMS)
What AWS product provides a hardware security module used to generate encryption keys?
CloudHSM
What AWS service allows you to manage and retrieve secrets (passwords or keys)?
Secrets Manager
What outlines your responsibilities vs AWS when it comes to security and compliance?
Shared Responsibility Model
What describes design principles and best practices for running workloads in the cloud?
Well-Architected Framework
What are the 6 Pillars of the Well-Architected Framework?
Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, Sustainability
What type of AWS Security object defines permissions that can be attached to a user or group?
Policy
What type of security object is an identity you can create, has specific permissions with credentials that are valid for short durations, can be temporarily assumed by entities that you trust, and is not associated with a specific user or group?
Roles
What type of security object defines an identity with long-term credentials that is used to interact with AWS in an account?
IAM User
What type of security object is used to specify permissions for a collections of users?
User Group
What type of security object is used to secure S3 buckets?
Bucket Access Policy
What type of security object is used to protect an EC2 instance?
Security Group