Security & Compliance COPY 2

Question 1

________ works by looking for threats on your account that are associated with common techniques used by attackers.

Answer 1

GuardDuty

Question 2

• Modify your support plan
• Modify email address
• Close your account

Answer 2

What can only the root user do?

Question 3

Which AWS service can help you identify the network, software, and OS/system-level updates within EC2?

Answer 3

AWS ConfiG

Question 4

In the Shared responsibility model what are the three customer’s responsibilities regarding EC2? (3)

Answer 4

• • Patching the guest operating system
• • Security controls
• • Installed applications

Question 5

In the Shared responsibility model what are the two of the customer’s responsibilities regarding Lamda?

Answer 5

• Storage of sensitive data
• IAM for permissions

Question 6

Using ____ helps you protect your instances from unauthorized access.

Answer 6

Roles

Question 7

IAM credential report: Lists all users and status of passwords, access keys, and MFA device. This is best used for _______ and _______.

Answer 7

auditing and compliance

Question 8

______ ___allows you to meet corporate, and regulatory compliance requirements for data security by using dedicated hardware for security in the cloud.

Answer 8

Cloud HSM

Question 9

_______ is a central repository for compliance reports from third-party auditors who have audited AWS.

Answer 9

Artifact

Question 10

In AWS ____ can be assumed by any user or service that needs them.

Answer 10

Roles

Question 11

• • Use consumption-based pricing
• • Implement cloud financial management
• • Measure overall efficiency

Which pillar of the Well-Architectured framework is represented above?

Answer 11

Cost Optimization

Question 12

_________ identifies threats by continuously monitoring network activity and account behavior within your AWS environment.

Answer 12

GuardDuty

Question 13

Use Cases for Cost OptimIzation: You can use ___________ to automatically move your data between access tiers based on your usage patterns.

Answer 13

S3 Intelligent-Tiering

Question 14

In the Shared responsibility model what are the two AWS responsibilities regarding Lamda?

Answer 14

• Operating system
• Software dependencies

Question 15

• Scale horizontally for resilience
• Reduce Idle resources
• Test Recovery Procedures

Which pillar of the Well-Architectured framework is represented above?

Answer 15

Reliability

Which tell you to Design systems that work consistently and recover quickly

Question 16

When using CloudHSM ____ does not have access to your encryption keys

Answer 16

AWS

Question 17

• Enable MFA for privileged users.
• Implement strong password policies.

Are examples of which Service best practices?

Answer 17

IAM best practices

Question 18

• Encrypt Data in transit and at rest
• Track who did what and when
• Automate Security Tasks

Which pillar of the Well-Architectured framework is represented above?

Answer 18

Security tell you to focus on putting mechanisms in place that protect your systems and data you can do this by:

Question 19

___________ allows your users to sign in to your application through social media accounts like Facebook and Google.

Answer 19

Cognito

Question 20

In AWS Users are entities you create in IAM to represent

Answer 20

the person or application needing access to your AWS resources.

Question 21

______ _______ integrates with these 3 services:

RDS
Redshift
DocumentDB

Answer 21

Secrets Manager

Question 22

____ ________ has built-in rules to access your EC2 instances to find vulnerabilities and report by the level of severity.

Answer 22

AWS Inspector

Question 23

_______ identifies malicious or unauthorized activities in your AWS account using machine learning.

Answer 23

GuardDuty

Question 24

Use Cases for Security: You can use ______ to configure central logging of all actions performed in your account

Answer 24

CloudTrail

Question 25

A _____ is a collection of IAM users that helps you apply common access controls to all group members.

Answer 25

Group

Question 26

Use Cases for Reliability: You can use ______ ______ for enhanced availability and reliability of RDS databases.

Answer 26

Multi-AZ deployments

Question 27

What are the 2 AWS responsibilities regarding EC2 instances?

Answer 27

• Patching the host operating system
• Security of the physical server

Question 28

Use Cases for Performance Efficiency: You can use ___ _____ to run code with zero administration.

Answer 28

AWS Lambda

Question 29

___ _________ controls access to mobile and web applications by assisting with user Sign-up and sign-in & Provides authentication and authorization

Answer 29

AWS Cognito

Question 30

AWS Policies help you manage permissions for IAM users, groups, and roles by creating a policy document in ____ ______ and attaching it.

Answer 30

JSON format

Question 31

___ __________ is a service that checks applications for security vulnerabilities and deviations from security best practices.

Answer 31

AWS Inspector

Question 32

What service helps to improve the security and compliance of applications by running automated security assessments?

Answer 32

Amazon Inspector

Question 33

is a Hardware Security Module (HSM) used to generate and manage your own _____ ______.

Answer 33

CloudHSM

Question 34

Real-world use cases for IAM: Using Roles help you avoid sharing long-term credentials

Answer 34

like access keys

Question 35

From within ___ ________ you can review, accept, and manage agreements with AWS.

Answer 35

AWS Artifact

Question 36

______________ involves the effective use of computing resources to meet system and business needs while removing bottlenecks.

Answer 36

Performance Efficiency

Question 37

________ ________ allows you to manage and retrieve secrets (passwords or keys).

Answer 37

Secrets Manager

Question 38

Do not confuse security groups for EC2 with IAM groups. EC2 security groups acts as…

Answer 38

firewalls, while IAM groups are collections of users.

Question 39

Operational Excellence involves Creating applications that support production workloads 3 key takeaways are

Answer 39

• Script Operations as Code
• Plan for failure
• Deploy Smaller reversible changes

Question 40

• Create individual users instead of using root.
• Use roles for Amazon EC2 instances.

Answer 40

IAM Best Practices

Question 41

The 5 pillars of the Well-Architected Framework describe design principles and best practices for running workloads in the cloud. They are:

C.O.R.P.S.

Answer 41

• Cost OptimIzation
• Operational Excellence
• Reliability
• Performance Efficiency
• Security