SECURITY, DEPLOYMENT & OPERATIONS Flashcards
product which can manage secrets within AWS
AWS Secrets Manager
Does secrets manager support automatic rotation using Lambda?
Yes
Can Secrets Manager directly integrate with RDS?
Yes
Can Layer 7 Friirewalls identify normal or abnormal requests?
Yes
Can Data at Layer 7 be inspected,b blocked, replaced or tagged?
Yes
Are layer 7 Firewalls able to identify block and adjust specific applications?
Yes
Helps protect your web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources.
web application firewall
Controls if traffic is allowed or blocked
WebACL
Can one web ACL be associated with many resources?
yes
Can rule groups be referenced by multiple WEBACLs?
Yes
Rules designed to match if something occurs
Regular Rules
Rules designed to match if something occurs at a certain rate
Rate-based Rules
managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS
AWS Shield
AWS Shield is protection at the perimeter in the region or edge of the AWS network
True
Protects against Common (L3) Network Attacks or Transport (L4) Layer attacks
AWS Shield Standard
AWS Shield Advanced protections are not enabled by default and must be explicitly enabled
True
Does Shield Advanced offer cost protection for unmitigated attacks that should be stopped by Shield Advanced?
Yes
AWS Shield Response Team is a feature of Shield Advanced that contacts you when your application is affected due to a possible attack
True
Does Shield Advanced protect against Application (L7) Layer attacks?
Yes
Shield Advanced provides real-time visibility of DDOS events and attacks
True
service has multi-tenant access that uses hardware security modules that make it easy for you to create and control your encryption keys
AWS Key Management Service
True single tenant Hardware Security Module hosted in the AWS Cloud
CloudHSM
Fully FIPS 140-2 Level 3, accessed with industry-standard APIs (PCKS, JCE, CryptoNG)
CloudHSM
Can KMS use CloudHSM as a custom key store?
Yes