SECURITY, DEPLOYMENT & OPERATIONS Flashcards

1
Q

product which can manage secrets within AWS

A

AWS Secrets Manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Does secrets manager support automatic rotation using Lambda?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Can Secrets Manager directly integrate with RDS?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Can Layer 7 Friirewalls identify normal or abnormal requests?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Can Data at Layer 7 be inspected,b blocked, replaced or tagged?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Are layer 7 Firewalls able to identify block and adjust specific applications?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Helps protect your web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources.

A

web application firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Controls if traffic is allowed or blocked

A

WebACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Can one web ACL be associated with many resources?

A

yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Can rule groups be referenced by multiple WEBACLs?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Rules designed to match if something occurs

A

Regular Rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Rules designed to match if something occurs at a certain rate

A

Rate-based Rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS

A

AWS Shield

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

AWS Shield is protection at the perimeter in the region or edge of the AWS network

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Protects against Common (L3) Network Attacks or Transport (L4) Layer attacks

A

AWS Shield Standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

AWS Shield Advanced protections are not enabled by default and must be explicitly enabled

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Does Shield Advanced offer cost protection for unmitigated attacks that should be stopped by Shield Advanced?

18
Q

AWS Shield Response Team is a feature of Shield Advanced that contacts you when your application is affected due to a possible attack

19
Q

Does Shield Advanced protect against Application (L7) Layer attacks?

20
Q

Shield Advanced provides real-time visibility of DDOS events and attacks

21
Q

service has multi-tenant access that uses hardware security modules that make it easy for you to create and control your encryption keys

A

AWS Key Management Service

22
Q

True single tenant Hardware Security Module hosted in the AWS Cloud

23
Q

Fully FIPS 140-2 Level 3, accessed with industry-standard APIs (PCKS, JCE, CryptoNG)

24
Q

Can KMS use CloudHSM as a custom key store?

25
Does CloudHSM have native AWS integration
No
26
Can CloudHSM be used for offloading the SSL/TLS processing for web servers?
Yes
27
Can CloudHSM enable Transparent Data Encryption for Oracle Databases
Yes
28
Can CloudHSM protect the private keys for an issuing Certificate Authority?
Yes
29
Primary job is to record configuration changes over time on resources, used for auditing changes and compliance with standards
AWS Config
30
Can AWS Config support cross-region and cross account?
Yes
31
Can AWS Config generate SNS notifications and near-realtime events with Lambda & Eventbridge?
Yes
32
Data security and Data privacy service used to discovere, monitor and protect data stored in S3 buckets.
Amazon Macie
33
Used for Automated discovery of PII, PHI, Finance data
Amazon Macie
34
Scans ec2 instances, the instance OS, or containers for vulnerabilities and deviations against best practices
Amazon Inspector
35
Provides a report of findings of vulnerabilities and deviations ordered by priority
Amazon Inspector
36
Does a network assessment in Amazon Inspector use an Agent?
No
37
Does a Network and Host Assessment use an Agent?
Yes
38
Is an Inspector agent required for package assessments such as common vulnerabilities and exposures (CVE) or Center for Internet Security (CIS) Benchmarks
Yes
39
Continuous security monitoring service that analyses supported data sources
Amazon Guard Duty
40
identifies unexpected and unauthorised activity
Amazon Guard Duty