Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS - Cloud Practicioner > Security & Compliance > Flashcards

Security & Compliance Flashcards

1
Q

What is the Shared Responsibility Model?

A

Simplified Definition:
The Shared Responsibility Model defines what you (as an AWS account holder/user) and Amazon Web Services are responsible for when it comes to security and compliance.

AWS Definition:
Security and compliance is a shared responsiblity between AWS and the customer. This shared model can help relieve ducomster’s operational burden as AWS operates, manages, and controls the componets from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. The customer assumes responsiblity and amangement of the guest operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the cusotmer responsible for under the Shared Responsibility Model?

A

Customer is responsible for security “in” the cloud. Includes:

  • Customer data,
  • Platform, applications, identity and access management.
  • Operating system, network, & firewall configuration.
  • Client-side data encription & data integrity authentication
  • Server-side encryption (file system and/or data)
  • Networking traffic protection (encryption, integriy, identity)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is AWS responsible for under the Shared Responsibility Model?

A

AWS is responsible for security “of” the cloud:

  • Software inlcuding, compute, storage, database, networking.
  • Hardware/AWS Global Infrastructure including, regions, availability zones, edge locations.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What 8 services does Amazon allow customers to carry out security assessment or penetration tests without prior approval?

A
  1. EC2 isntances, NAT Gatewarys, and Elastic Load Balancers.
  2. RDS
  3. CloudFront
  4. Aurora
  5. API Gateways
  6. Lambda and Lambda Edge functions
  7. Lightsail resources
  8. Elastic Beanstalk environments
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which security assessment or penetration tests does Amazon NOT allow customers to carry out ?

A
  1. DNS zone walking via Route 53 hosted zones.
  2. Denial of Service (DoS), distributed denial of service (DDoS), simulated DoS, simulated DDoS
  3. Port flooding
  4. Protocol flooding
  5. Request flooding (login request flooding, API request flooding)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

6 other AWS security-related services?

A
  1. AWS Organizations
  2. Amazon GuardDuty
  3. Amazon Inspector
  4. AWS Shield
  5. AWS Web Application Firewall (WAF)
  6. AWS Artifact
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is AWS Organizations?

A

AWS Organizations allows for centralized management of AWS accounts and billing, but it can also define policies that restrict, at the account level, what services and actions member accounts may take.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Amazon GuardDuty?

A

Amazon GuardDuty is a threat detection service that provides a way to continuously monitor and protect AWS accounts and workloads. GuardDuty uses threat intelligence feeds to detect threats to the environment. GuardDuty is designed to actively protect the environment from threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Amazon Inspector?

A

Amazon Inspector analyzes the VPC environment for potential security issues. Inspector uses a defined template and assesses the environment. It provides the findings and recommends steps to resolve any potential security issues found.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is AWS Shield?

A

AWS Shield provides management DDoS protection. DDoS attacks happen when multiple compromised systems attempt to flood a target with traffec. That target could be DNS, a web application, or a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is AWS Web Application Firewall (WAF)?

A

WAF monitors web requests forwarded by an ELB, CloudFront, or API Gateway. WAF can allow or deny access to content based on specified conditions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is AWS Artifact?

A

AWS Artifact is a portal that provides access to AWS’ compliance documentation, such as payment card industry (PCI) and ISO certifications, and System and Organization Control (SOC) reports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does KMS stand for?

A

Key Management Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Key Management Service (KMS)?

A

AWS KMS enables encryption of data and provides centralized encryption key storage, management, and auditing. The data may be encrypted for use with applications or to encrypt data stored on AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Key facts about KMS?

A

Key Management Storage:

  • Keys may be generated in KMS, in an AWS CloudHSM hardware cluster, or you may import keys from your own encryption key service.
  • Data is submitted directly to KMS for encryption/decryption using the master keys.
  • KMS integrates with other AWS services, including:
  • S3 and Glacier
  • Storage Gateway
  • EBS and RDS
  • DynamoDB
  • SNS
  • CloudTrail
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

AWS - Cloud Practicioner (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions