Security Deployment and OPS Flashcards
How can you interact with Secrets Manger ?
console, CLI, API or SDK’s (integration)
Benefits of Secrets Mangers
supports automatic rotation using lambda
Direct integrates with some AWS product
( ..Like RDS** automatically rotates the instance in RDS)
What is the main use case for AWS Shield ?
Provides AWS resources with protection against Layer 3 and Layer 4 DDos Attacks
What does AWS Shield Standard cover?
Route53 and CloudFront
What are the other applications are covered with AWS Shield Advanced?
extend functionality to other AWS resources Like : EC2 , ELB, CloudFront, Global Accelerator & R53
Also provides DDos Response Team & Financial Insurance
What is AWS WAF stand for and what is it’s used for ?
Web Application Firewall
Layer 7 (Http/s) Firewall
Protects against complex layer 7 attacks/exploits
What kind of attacks does WAF protect against ?
SQL injections
Cross-Site Scripting
Geo Blocks
Rates Awareness
What AWS services can WAF be integrated with ?
ALB
API gateway
CloudFront
What is CloudHSM?
an appliance that creates manage and secures cryptographic material or keys
AWS provisioned Fully customer managed
CloudHSM difference from KMS
True “single Tenant” Hardware security model (HSM) : meaning that it’s isolated from amazon and is not shared under the hood
Fully FIPS 140-2 Level 3
KMS is L2 Overall, some L3
What is the benefit of using CloudHSM with KMS ?
KMS can use CloudHSM as a custom Key store
What are some main use cases for CloudHSM
offload the SSL/TLS processing from web servers
Enable transport Data Encryption(TDE) for oracle Databases
Protect the private keys for an issuing certificate authority(CA)
AWS Config
records configuration changes over time on resources
Auditing of changes, compliance with standards
Does not prevent changes happening.. no protection
AWS Config resiliency
Regional service.. supports cross-region and account aggregation
What AWS resources can AWS Config be integrated with ?
changes can generate SNS notifications and near-Realtime events via EventBridge & Lambda