Security, Identity & Compliance

Question 1

Is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements.

Answer 1

“AWS Artifact”
• Online portal that provides access to security and compliance documentation
• Can be accessed for audit purposes

Question 2

Is a service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.

Answer 2

"AWS Certificate Manager"
• Issues SSL certificates for Https communication with website
• Integrates with 
	• Route 53 
	• Cloud front
• These are free

Question 3

___________ enables you to build flexible, cloud-native directories for organizing hierarchies of data along multiple dimensions.

Answer 3

“Amazon Cloud Directory”
• Cloud based directory services
• Online LDAP directory service, can have data in multiple dimensions

Question 4

__________ for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud

Answer 4

“Amazon Directory Services”
• Fully managed
• Microsoft active directory service

Question 5

Is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud.

Answer 5

“AWS CloudHSM”
• Dedicated hardware security module in AWS cloud
• Allows you to retrieve corporate and regulatory compliance
• Reduces cost as you do not need to have your own HSM

Question 6

__________ enables you to securely control access to AWS services and resources for your users.

Answer 6

“Amazon Identity and Access Management (IAM)”
• Allows you to manage user access to AWS services and resources
• Users and group of users have individual permissions that allow/deny access to resources
* Using this you can manage :
– IAM users and their access
– IAM roles and their permissions
– Fderated users and their permissions

Question 7

Amazon Organizations

Answer 7

• Policy based management for multiple accounts

* Central management of access management across the enterprise

Question 8

Is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.

Answer 8

“Amazon Inspector”
• Automated security assessment service
• Identify vulnerability or areas of improvement

Question 9

Is a managed Distributed Denial of Service (DDoS) protection service that safeguards web applications running on AWS.

Answer 9

“AWS Shield”
• Protection against DDOS attacks
• Standard version is implemented on all AWS accounts

Question 10

AWS Shield Advanced Features

Answer 10

• 24x7 access to the AWS DDoS Response Team (DRT)
• Protection against DDoS related spikes in your EC2, ELB, CloudFront, and Route 53 charges
• Additional detection and mitigation against large and sophisticated DDoS attacks
• Near real-time visibility into attacks, and integration with AWS WAF, a web application firewall

Question 11

This service gives you control over which traffic to allow or block to your web application by defining customizable web security rules

Answer 11

AWS WAF (Web Application Firewall)

• Protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.
• Create custom rules for your specific application such that it block common attack patterns, such as SQL injection or cross-site scripting