Security & Compliance Quiz Flashcards
According to the Shared Responsibility Model, who is responsible for firewall and network configuration for EC2 Instances?
1 - AWS
2 - The Customer
3 - AWS & The Customer
The Customer
The customer is responsible for firewall and network configuration. Customers are responsible for “Security IN the Cloud”. It also includes server-side encryption, client-side data protection, customer data protection, etc.
A company would like to protect its web applications from common web exploits that may affect availability, compromise security, or consume excessive resources. Which AWS service should they use?
1 - Auto Scaling Group (ASG)
2 - Shield
3 - Cloud HSM
4 - Web Application Firewall (WAF)
Web Application Firewall (WAF)
AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources.
Where can you find on-demand access to AWS compliance documentation and AWS agreements?
1 - Artifact
2 - Personal Health Dashboard
3 - Secrets Manager
4 - Shared Responsibility Model
Artifact
AWS Artifact is your go-to, central resource for compliance-related information that matters to you.
You can perform any kind of penetration testing on any AWS service without prior approval.
TRUE or FALSE
FALSE
Penetration Testing is allowed without prior approval on 8 services. DDoS, port flooding and protocol flooding are examples of prohibited activities.
According to the Shared Responsibility Model, who is responsible for Patch Management?
1 - AWS
2 - The Customer
3 - AWS & The Customer
AWS & The Customer
AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. Shared Controls also includes Configuration Management, and Awareness and Training.
Which of the following services is managed by AWS and is used to manage encryption keys?
1 - Cloud HSM
2 - Secrets Manager
3 - KMS
4 - IAM
KMS
AWS KMS is a managed service that enables you to easily create and control the keys used for cryptographic operations. It is managed by AWS.
A company would like to automate security on EC2 instances to assess security and vulnerabilities in these instances. Which AWS service should it use?
1 - Config
2 - Trusted Advisor
3 - Inspector
4 - Systems Manager
Inspector
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It helps you test the network accessibility of your Amazon EC2 instances and the security state of your applications running on the instances.
According to the Shared Responsibility Model, who is responsible for protecting hardware?
1 - AWS
2 - The Customer
3 - AWS & The Customer
AWS
AWS is responsible for protecting hardware. AWS is responsible for “Security OF the Cloud”. AWS is also responsible for the infrastructure that runs all services in the AWS Cloud, etc.
Which AWS service’s ONLY role is to safeguard running applications from DDoS attacks?
1 - WAF
2 - Shield
3 - CloudFront
4 - KMS
Shield
Shield is only used to safeguard running applications from DDoS attacks.
You want to record configurations and changes over time. Which service allows you to do this?
1 - Config
2 - Inspector
3 - Guard Duty
4 - Secrets Manager
Config
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
Which service is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads?
1 - KMS
2 - WAF
3 - Inspector
4 - Guard Duty
Guard Duty
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads.
