Security, Identity, and Compliance

Question 1

Lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Authenticate users through social identity providers such as Facebook, Twitter, or Amazon and save data locally on users’ devices, allowing your applications to work even when the devices are offline

Answer 1

Amazon Cognito

Question 2

Enables you to build flexible, cloud-native directories for organizing hierarchies of data along multiple dimensions

Answer 2

Amazon Cloud Directory

Question 3

Makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities. Automatically collects log data from your AWS resources and uses machine learning, statistical analysis, and graph theory to build a linked set of data that enables you to easily conduct faster and more efficient security investigation

Answer 3

Amazon Detective

USE CASE: Can analyze trillions of events from multiple data sources such as Virtual Private Cloud (VPC) Flow Logs, AWS CloudTrail, and Amazon GuardDuty, and automatically creates a unified, interactive view of your resources, users, and the interactions between them over time

Question 4

Threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads

Answer 4

Amazon GuardDuty

USE CASE: It monitors for activity such as unusual API calls or potentially unauthorized deployments that indicate a possible account compromise. GuardDuty also detects potentially compromised instances or reconnaissance by attackers. It identifies suspected attackers through integrated threat intelligence feeds and uses machine learning to detect anomalies in account and workload activity.

Question 5

An automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Automatically assesses applications for exposure, vulnerabilities, and deviations from best practices

Answer 5

Amazon Inspector

Question 6

Security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS.

Answer 6

Amazon Macie

USE CASE: Recognizes sensitive data such as personally identifiable information (PII) or intellectual property, and provides you with dashboards and alerts that give visibility into how this data is being accessed or moved.

Question 7

Central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements.

Answer 7

AWS Artifact

Question 8

Helps you continuously audit your AWS usage to simplify how you assess risk and compliance with regulations and industry standards

Answer 8

AWS Audit Manager

USE CASE: automates evidence collection to reduce the “all hands on deck” manual effort that often happens for audits and enable you to scale your audit capability in the cloud as your business grows. With Audit Manager, it is easy to assess if your policies, procedures, and activities – also known as controls – are operating effectively.

Question 9

Service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.

Answer 9

AWS Certificate Manager

Question 10

Cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud

Answer 10

AWS CloudHSM

Question 11

Microsoft Active Directory, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud

Answer 11

AWS Directory Service

Question 12

A security management service that makes it easier to centrally configure and manage AWS WAF rules across your accounts and applications.

Answer 12

AWS Firewall Manager

USE CASE: you can easily roll out AWS WAF rules for your Application Load Balancers and Amazon CloudFront

Question 13

IAM allows you to do the following:

Answer 13

1. Manage IAM users and their access
2. Manage IAM roles and their permissions
3. Manage federated users and their permissions

Question 14

Makes it easy for you to create and manage keys and control the use of encryption across a wide range of AWS services and in your applications.

Answer 14

AWS Key Management Service

Question 15

Managed service that makes it easy to deploy essential network protections for all of your Amazon Virtual Private Clouds (VPCs)

Answer 15

AWS Network Firewall

USE CASE: lets you define firewall rules that give you fine-grained control over network traffic, such as blocking outbound Server Message Block
(SMB) requests to prevent the spread of malicious activity. You can also import rules

Question 16

Helps you securely share your resources across AWS accounts, within your organization or organizational units (OUs) in AWS Organizations, and with IAM roles and IAM users for supported resource types.

Answer 16

AWS Resource Access Manager

Question 17

Helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle

Answer 17

AWS Secrets Manager

Question 18

Gives you a comprehensive view of your high-priority security alerts and compliance status across AWS accounts.

Answer 18

AWS Security Hub

USE CASE: single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as from AWS Partner solutions

Question 19

SSO service that makes it easy to centrally manage SSO access to multiple AWS accounts and business applications

Answer 19

AWS Single Sign-On

• you can easily manage SSO access and user permissions to all of your accounts in AWS Organizations centrally.

Question 20

Web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources

Answer 20

AWS WAF

USE CASE: gives you control over which traffic to allow or block, includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules