Security & Compliance COPY 2 Flashcards
________ works by looking for threats on your account that are associated with common techniques used by attackers.
GuardDuty
- Modify your support plan
- Modify email address
- Close your account
What can only the root user do?
Which AWS service can help you identify the network, software, and OS/system-level updates within EC2?
AWS ConfiG
In the Shared responsibility model what are the three customer’s responsibilities regarding EC2? (3)
- Patching the guest operating system
- Security controls
- Installed applications
In the Shared responsibility model what are the two of the customer’s responsibilities regarding Lamda?
- Storage of sensitive data
- IAM for permissions
Using ____ helps you protect your instances from unauthorized access.
Roles
IAM credential report: Lists all users and status of passwords, access keys, and MFA device. This is best used for _______ and _______.
auditing and compliance
______ ___allows you to meet corporate, and regulatory compliance requirements for data security by using dedicated hardware for security in the cloud.
Cloud HSM
_______ is a central repository for compliance reports from third-party auditors who have audited AWS.
Artifact
In AWS ____ can be assumed by any user or service that needs them.
Roles
- Use consumption-based pricing
- Implement cloud financial management
- Measure overall efficiency
Which pillar of the Well-Architectured framework is represented above?
Cost Optimization
_________ identifies threats by continuously monitoring network activity and account behavior within your AWS environment.
GuardDuty
Use Cases for Cost OptimIzation: You can use ___________ to automatically move your data between access tiers based on your usage patterns.
S3 Intelligent-Tiering
In the Shared responsibility model what are the two AWS responsibilities regarding Lamda?
- Operating system
- Software dependencies
- Scale horizontally for resilience
- Reduce Idle resources
- Test Recovery Procedures
Which pillar of the Well-Architectured framework is represented above?
Reliability
Which tell you to Design systems that work consistently and recover quickly
When using CloudHSM ____ does not have access to your encryption keys
AWS
- Enable MFA for privileged users.
- Implement strong password policies.
Are examples of which Service best practices?
IAM best practices
- Encrypt Data in transit and at rest
- Track who did what and when
- Automate Security Tasks
Which pillar of the Well-Architectured framework is represented above?
Security tell you to focus on putting mechanisms in place that protect your systems and data you can do this by:
___________ allows your users to sign in to your application through social media accounts like Facebook and Google.
Cognito
In AWS Users are entities you create in IAM to represent
the person or application needing access to your AWS resources.
______ _______ integrates with these 3 services:
RDS
Redshift
DocumentDB
Secrets Manager
____ ________ has built-in rules to access your EC2 instances to find vulnerabilities and report by the level of severity.
AWS Inspector
_______ identifies malicious or unauthorized activities in your AWS account using machine learning.
GuardDuty
Use Cases for Security: You can use ______ to configure central logging of all actions performed in your account
CloudTrail
