Security, Deployment, Ops Flashcards
What advantage does AWS Secrets manager provide over SSM Parameter Store?
AWS Secrets manager supports automatic rotation
What two services automatically comes with AWS Shield Standard?
Route53 and CloudFront
What is the type of attack AWS Shield protects against?
DDOS
What do you need if you want DDOS protection for EC2, ELB, or Global Accelerator?
Shield Advanced! $3k per month.
What does WAF stand for?
Web Application Firewall
What types of attacks does WAF help guard against?
Common web layer (layer 7 attacks). SQL injections, cross site scripting
With WAF, what is used in order to evaluate rules against arriving traffic?
WEBACL - Web Access Control List.
Where is CloudHSM deployed to?
A VPC.
Why might you want to use CloudHSM over KMS?
You want encryption keys that are solely managed by your organization
What does AWS Config provide audits of?
Configuration changes on resources and compliance with standards.
What might you use for automatic resource remediation if AWS Config detects a problem?
EventBridge to invoke a lambda function.
What AWS Service enables discovey, monitoring, and protection of data stored in S3 buckets?
Amazon Macie
True or False: It is possible to use custom data identifiers with Macie.
True
What AWS service does Amazon Inspector inspect?
EC2 instances and the instance OS
What does Amazon Inspector ultimately do after inspecting EC2 instance?
Provides a report of findings ordered by priority. Makes recommendations based on best practices.
