Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS 2 > Security & Compliance > Flashcards

Security & Compliance Flashcards

1
Q

DDOS Protection on AWS

A
  • Shield Standard (free)
  • Sheild Advanced (paid)
  • WAF
  • Cloud front & Route 53
  • Auto Scaling
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

AWS Sheild

A
  • Sheild Standard
  • Free for every user
  • Sheild Advanced
  • Optional DDoS mitigation service (3k/month)
  • Protect against more sophisticated attacks
  • 24/7 access to DDoS response team (DRP)
  • Protect against higher fees during spikes due to DDoS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

AWS WAF (Web Application Firewall)

A
  • Protects web apps from common web exploits
  • Lyaer 7 HTTP
  • Deploy on Application Load Balancer, API Gateway, CloudFront
  • Define Web ACL (Web Access Control List)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Network Firewall

A
  • Protect your entire VPC
  • Layer 3 to Layer 7
  • Any direction you can inspect
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Firewall Manager

A
  • Manage security rules in all accounts of an AWS org
  • Rules are applied to new resources as they are created (compliance) across all and future accounts in your organization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Penetration Testing Approved

A
  • EC2 instances
  • NAT Gateways
  • Elastic Load Balancer
  • RDS
  • CloudFront
  • Aurora
  • API Gateways
  • AWS Lambda and Lambda Edge
  • Amazon LightSail
  • Amazon Elastic Beanstalks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Penetration Testing Prohibited

A
  • DNS zone walking via Route 53
  • Dos, DDoS, Simulated DDoS
  • Port flooding
  • Protocol flooding
  • Request flooding
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

KMS (Key Management Service)

A
  • Anytime you hear encryption for AWS service, most likely KMS
  • AWS manages encryption keys
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

CloudHSM (Hardware Security Module)

A
  • AWS provision encryption hardware
  • You manage keys
  • Dedicated Hardware (HSM, Hardware Security Module)
  • Device is tamper-resistant, FIPS 140-2 Level 3 compliance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

KMS Key types

A
  • Customer Managed
  • AWS Managed
  • AWS Owned
  • CloudHSM Keys (custom keystore
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Certificate Manager (ACM)

A
  • Easily provision, manage, and deploy SSL/TLS Certificates
  • Provide in-flight encryption for websites (HTTPS)
  • Public and private TLS certs
  • Publlic TLS certs free
  • Automatic renewal
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Secrets Manager

A
  • New service for storing secrets
  • Can force rotation of secrets every x days
  • Automate generate secrets (Lambda)
  • Encrypted using KMS
  • Mostly meant for RDS integration
    pword manager
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

AWS Artifact (Not really a service)

A
  • Portal with on-demand access to AWS compliance documentation and AWS agreements
  • Audit or compliance
  • Artifact reports
  • Artifact Agreements BAA or HIPPA
  • Support internal audit or compliance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Amazon GuardDuty

A
  • Intelligent Threat discovery to protect your AWS Account
  • Use machine learning algorithms, anomaly detection, 3rd party data
  • One click to enable (30 day trial), no install
  • Input data
    CloudTrail Events
    VPC Flow Logs
    DNS Logs
    Optional Features
  • Can set up EventBridge rules
  • Good to protect against Crypto Currency attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Amazon Inspector

A
  • Automated Security Assessments
  • Reporting & integration with AWS Security Hub
  • Send finding to Amazon Event Bridge
  • Only for EC2 instances, Container Images, & Lambda functions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

AWS Config

A
  • Auditing and recording compliance
  • Record configs and changes overtime
  • Can store config data into S3 (analyzed by Athena)
  • Alerts through SNS
  • Per region
  • Can aggregate across regions and accounts
17
Q

Questions solved by AWS Config

A
  • Unrestricted SSH access to my sec group?
  • Buckets have public access?
  • How has ALB config changed over time?
18
Q

Amazon Macie

A
  • Full manage data sec and privacy service
  • Uses machine learning and pattern matching to discover and protect sensitive data
  • Identify and alert
19
Q

AWS Security Hub

A
  • Central security tool
  • Manage security across several AWS accounts
  • Automate sec checks
  • Integrated security dashboards
  • Aggregates alerts in predefined or personal finding from various AWS services & partner tools
20
Q

Amazon Detective

A

Analyze, investigate, and quickly identify root cause of sec issues or suspicious activities

  • Machine learning and graphs
  • Automatically collect and process events from VPC Flow Logs, CloudTrail, GuardDuty, and create a unified view
21
Q

AWS Abuse

A
  • Report suspected AWS resource used for abusive or illegal purposes
  • Spam
  • Port scanning
  • DDoS
  • Intrusion attempts
  • Hosting objectionable or copyrighted content
  • Distributing Malware
22
Q

Actions exclusive to Root User

A
  • Change acct settings (name, email, root user pwd and access key)
  • Close AWS account
  • Change or cancel AWS Support plan
  • Register as a seler in the Reserved Instance Marketplace
23
Q

IAM Access Analyzer

A
  • Find out which resource are shared externally
  • Define Zone of Trust (AWS Account or Org)
  • Access outside zone of trusts is a finding

AWS 2 (37 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions