Security, Identity & Compliance

Question 1

Allows you to manage users and their levels of access to the AWS resources.

Answer 1

IAM (Identity and Access Management)

Question 2

Used for device authentication / OAuth service. This service provides end users temporary access to AWS resources.

Answer 2

Cognition

Question 3

Used to monitor for malicious activity on your AWS account.

Answer 3

Guard Duty

Question 4

An agent installed on your virtual machine, and you can run tests for security vulnerabilities etc.

Answer 4

Inspector

Question 5

Check your entire suite of applications for personally identifiable information. It is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS.

Answer 5

Macie

Question 6

Give certificates to any domain you have registered via AWS/Routes 53. This also helps in maintaining and updating certificates that are about to expire.

Answer 6

Certificate Manager

Question 7

Dedicated hardware to store your hardware private and public keys, that are used to securely access your application/EC2 instances. You can also store a variety of exception keys.

Answer 7

Cloud HSMHardware Security Module

Question 8

Integrates your Microsoft active directory services with AWS services.

Answer 8

Directory Services

Question 9

Sits in front of your web server and it mitigates against injection, cross-scripting. WAF primarily protects your application layer from any malicious attacks.

Answer 9

WAF – Web Application Firewall

Question 10

A DDoS mitigation service that prevents DDoS Attacks. Come by default with your load balancers, cloud front, and Route 53.

Answer 10

Shield

Question 11

AWS will not charge you for any auto-scaling or added utilization of the AWS services during the DDOS attack.

Answer 11

Advance Shield

Question 12

It is used for compliance and audit. Gives access to AWS SOC 1, 2, 3, PCI reports, etc. And provides on-demand access to AWS’ security posture.

Answer 12

Artifact