Security & Compliance COPY 2 Flashcards
________ works by looking for threats on your account that are associated with common techniques used by attackers.
GuardDuty
- Modify your support plan
- Modify email address
- Close your account
What can only the root user do?
Which AWS service can help you identify the network, software, and OS/system-level updates within EC2?
AWS ConfiG
In the Shared responsibility model what are the three customer’s responsibilities regarding EC2? (3)
- Patching the guest operating system
- Security controls
- Installed applications
In the Shared responsibility model what are the two of the customer’s responsibilities regarding Lamda?
- Storage of sensitive data
- IAM for permissions
Using ____ helps you protect your instances from unauthorized access.
Roles
IAM credential report: Lists all users and status of passwords, access keys, and MFA device. This is best used for _______ and _______.
auditing and compliance
______ ___allows you to meet corporate, and regulatory compliance requirements for data security by using dedicated hardware for security in the cloud.
Cloud HSM
_______ is a central repository for compliance reports from third-party auditors who have audited AWS.
Artifact
In AWS ____ can be assumed by any user or service that needs them.
Roles
- Use consumption-based pricing
- Implement cloud financial management
- Measure overall efficiency
Which pillar of the Well-Architectured framework is represented above?
Cost Optimization
_________ identifies threats by continuously monitoring network activity and account behavior within your AWS environment.
GuardDuty
Use Cases for Cost OptimIzation: You can use ___________ to automatically move your data between access tiers based on your usage patterns.
S3 Intelligent-Tiering
In the Shared responsibility model what are the two AWS responsibilities regarding Lamda?
- Operating system
- Software dependencies
- Scale horizontally for resilience
- Reduce Idle resources
- Test Recovery Procedures
Which pillar of the Well-Architectured framework is represented above?
Reliability
Which tell you to Design systems that work consistently and recover quickly
When using CloudHSM ____ does not have access to your encryption keys
AWS
- Enable MFA for privileged users.
- Implement strong password policies.
Are examples of which Service best practices?
IAM best practices
- Encrypt Data in transit and at rest
- Track who did what and when
- Automate Security Tasks
Which pillar of the Well-Architectured framework is represented above?
Security tell you to focus on putting mechanisms in place that protect your systems and data you can do this by:
___________ allows your users to sign in to your application through social media accounts like Facebook and Google.
Cognito
In AWS Users are entities you create in IAM to represent
the person or application needing access to your AWS resources.
______ _______ integrates with these 3 services:
RDS
Redshift
DocumentDB
Secrets Manager
____ ________ has built-in rules to access your EC2 instances to find vulnerabilities and report by the level of severity.
AWS Inspector
_______ identifies malicious or unauthorized activities in your AWS account using machine learning.
GuardDuty
Use Cases for Security: You can use ______ to configure central logging of all actions performed in your account
CloudTrail
A _____ is a collection of IAM users that helps you apply common access controls to all group members.
Group
Use Cases for Reliability: You can use ______ ______ for enhanced availability and reliability of RDS databases.
Multi-AZ deployments
What are the 2 AWS responsibilities regarding EC2 instances?
- Patching the host operating system
- Security of the physical server
Use Cases for Performance Efficiency: You can use ___ _____ to run code with zero administration.
AWS Lambda
___ _________ controls access to mobile and web applications by assisting with user Sign-up and sign-in & Provides authentication and authorization
AWS Cognito
AWS Policies help you manage permissions for IAM users, groups, and roles by creating a policy document in ____ ______ and attaching it.
JSON format
___ __________ is a service that checks applications for security vulnerabilities and deviations from security best practices.
AWS Inspector
What service helps to improve the security and compliance of applications by running automated security assessments?
Amazon Inspector
is a Hardware Security Module (HSM) used to generate and manage your own _____ ______.
CloudHSM
Real-world use cases for IAM: Using Roles help you avoid sharing long-term credentials
like access keys
From within ___ ________ you can review, accept, and manage agreements with AWS.
AWS Artifact
______________ involves the effective use of computing resources to meet system and business needs while removing bottlenecks.
Performance Efficiency
________ ________ allows you to manage and retrieve secrets (passwords or keys).
Secrets Manager
Do not confuse security groups for EC2 with IAM groups. EC2 security groups acts as…
firewalls, while IAM groups are collections of users.
Operational Excellence involves Creating applications that support production workloads 3 key takeaways are
- Script Operations as Code
- Plan for failure
- Deploy Smaller reversible changes
- Create individual users instead of using root.
- Use roles for Amazon EC2 instances.
IAM Best Practices
The 5 pillars of the Well-Architected Framework describe design principles and best practices for running workloads in the cloud. They are:
C.O.R.P.S.
- Cost OptimIzation
- Operational Excellence
- Reliability
- Performance Efficiency
- Security