Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Architect Associate > Security - Protecting network and host-level boundaries > Flashcards

Security - Protecting network and host-level boundaries Flashcards

1
Q

EC2 - Security groups considerations 1

A
  • At host-level boundary. At ENI level
  • Stateful: tracks the state of the connections to and from your instance. Automatically it will allow to reply traffic even if there’s no corresponding outbound rule, or viceversa
  • Can specify allow rules, but not deny rules
  • The rules are unnumbered. There is no priority
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

EC2 - Security groups considerations 2

A
  • The default security group allows all inbound and all outbound traffic
  • The custom security group, by default, denies all inbound traffic, but, all outbound traffic is allowed
  • Security groups are associated with an ENI. If you change the security group of an instance, the security group of the primary ENI also changes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

EC2 - Instance profiles

A
  • It allow to pass an IAM role to an EC2 instance
  • For example, with an IAM role your applications can securely make API requests from your instances, without requiring you to manage the security credentials that the applications use
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

VPC - Network ACLs considerations 1

A
  • At network-level boundary. At subnet level
  • Stateless: responses to allowed inbound traffic are subject to the rules for outbound traffic, and viceversa
  • The rules are numbered, and processed in ascending order
  • Have explicit allow / deny rules
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

VPC - Network ACLs consideration 2

A
  • The default NACL allows all inbound and all outbound traffic
  • The custom NACL, by default, denies all inbound and all outbound traffic
  • Can associate them with multiple subnets. But a subnet can be associated with only one NACL at a time
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

VPC - VPC Endpoints characteristics

A
  • Enables connections between a VPC and supported services, without requiring an internet gateway, NAT device, VPN connection, or Direct Connect connection. So, the VPC is not exposed to the public internet
  • Can establish a VPC endpoint policy to control what actions can be done on that service while using it
  • Can be redundant with an instance profile, but doesn’t override it
  • Are cheaper than public endpoints because the traffic goes through public networks. They are also more secure
  • VPC endpoints doesn’t have egress traffic compared to public endpoints
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

VPC - VPC Interface Endpoints

A
  • It’s an ENI with a private IP address
  • It’s an entry point for traffic destined to a service owned by AWS, an AWS customer, or a partner.
  • Not all services can be integrated. Charged for hourly usage
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

VPC - VPC Gateway Load Balancer Endpoints

A
  • It’s an ENI with a private IP address
  • It’s an entry point to intercept traffic and route it to a network or security service configured on a Gateway Load Balancer
  • Charged for hourly usage
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

VPC - VPC Gateway Endpoints

A
  • When a gateway is a target in the route table for traffic destined to S3 or DynamoDB
  • There is no additional charge for using them
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

AWS Architect Associate (30 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions