Security Products Flashcards

1
Q

Which of the following services can alert you to malware on an EC2 instance?

A. AWS GuardDuty
B. AWS Inspector
C. AWS Shield
D. AWS Web Application Firewall

A

A. GuardDuty looks for potentially malicious activity.

Inspector looks for vulnerabilities that may result in compromise.

Shield and Web Application Firewall protect applications from attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does GuardDuty monitor?

A
  • VPC flow logs
  • CloudTrail management event logs
  • Route 53 DNS query logs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the target of GuardDuty findings?

A
  • Inappropriate use of AWS credentials

- The presence of malware on an EC2 instance (e.g. Trojan, Cryptocurrency)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Amazon Inspector?

A

Amazon Inspector is an agent-based service that looks for vulnerabilities on your EC2 instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Amazon Detective?

A

Amazon Detective takes information from VPC flow logs, CloudTrail, and GuardDuty and places this information into a graph database.

Detective is designed to help you correlate events and see how a given event affects particular resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Security Hub?

A

Security Hub collects security information from various AWS services, including Inspector, GuardDuty, and Macie. In addition, Security Hub assesses your account against AWS security best practices and the Payment Card Industry Data Security Standard (PCI DSS).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the difference between AWS Sheild Standard and Advanced?

A
  • Standard: defend against layer 3/4 DDoS attack
  • Advanced: defend against layer 7 DDoS attack; protect specific EC2 instance, access to AWS DDoS team; AWS WAF is included at no charge
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How long does it take for Shield to mitigate DDoS attacks?

A
  • 99% attack is mitigated in 5 minutes or less
  • Attacks against CloudFront and Route 53 is mitigated under 1 second
  • Attack against ELB is under 5 minutes
  • All other attack: 20 minutes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Can you directly encrypt a volume at rest?

A

No,

  • Create a snapshot from the volume
  • Copy the snapshot with encryption enabled.
  • Create a new volume with the encrypted snapshot
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Macie?

A

Macie is a service that automatically locates and classifies your sensitive data in S3 buckets?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Can you encrypt an existing EFS system?

A

No, the only option to encrypt the data using KMS is to create a new EFS filesystem and copy the data to it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the typical DDoS attacks?

A
  • Application layer (HTTP flood)
  • Transport layer (SYN flood)
  • DNS Amplification
How well did you know this?
1
Not at all
2
3
4
5
Perfectly