Service Definitions 3

Question 1

• Stateless, subnet rules for inbound and outbound
• Firewall which controls traffic from and to subnet
• Can have ALLOW and Deny rules
• Attached at subnet level

Answer 1

NACL (Network ACL)

Question 2

• Stateful, operate at the EC2 instance level or ENI
• Firewall that controls traffic to and from an ENI/EC2
  instance
• Can have ONLY allow rules
• Rules include IP addys and other __________

Answer 2

Security Groups (SGs)

Question 3

Connect two VPC with non overlapping IP ranges, nontransitive

Answer 3

VPC Peering

Question 4

• Provide private access to AWS Services within VPC
• Endpoints allow you to connect to AWS services using a
  Private network instead of public network
• Give enhanced security and lower latency

Answer 4

VPC Endpoints

Question 5

Connect thousands of VPC and on-premises networks together

Answer 5

Transit Gateway

Question 6

VPN over public internet between on-premises Datacenter and AWS.

• On prem use Customer Gateway (CGW)
• AWS use Virtual Private Gateway (VPW)

Answer 6

Site to Site VPN

Question 7

protects against DDOS attack for your website and applications,
for all customers at no additional costs

Answer 7

AWS Shield and shield Advanced for 24/7 premium protection

Question 8

Filter specific requests based on rules

• Layer 7 Http level
• Deploy on Application Load Balancer, API Gateway, Cloudfront

Answer 8

AWS Web Application Firewall (WAF)

Question 9

• Anytime you hear “encryption” for an AWS service, it’s most likely _____
• AWS manages the encryption keys for us

Answer 9

AWS KMS (Key Mgmt Service)

Question 10

• Let you easily provision, manage, deploy SSL/TLS Certificates

Answer 10

AWS Certificate Manager (ACM)

Question 11

• Intelligent Threat (ML) discovery to protect AWS Account

- find in VPC, DNS, CloudTrail logs

Answer 11

Amazon GuardDuty

Question 12

• analyzes, investigates and quickly identifies THE ROOT CAUSE OF SECURITY ISSUES (using ML and graphs)

Answer 12

Amazon Detective

Question 13

• Find objects, people, text, scenes, in images or videos using ML
• Facial analysis/searching

Answer 13

Amazon Rekognition

Question 14

• Central security tool to manage security across several AWS accounts and automate security checks

Answer 14

AWS Security Hub

Question 15

• auditing and recording compliance of your AWS resources

- Track record configurations and compliance changes over time

Answer 15

AWS Config

Question 16

• Convert speech to text, speech recognition

- subtitles

Answer 16

Amazon Transcribe

Question 17

• Turn text to speech

Answer 17

Amazon Polly

Question 18

• Natural and accurate language translation

Answer 18

AWS Translate

Question 19

_________: same tech as Alexa, conversational Bots, chatbots

________: virtual/cloud contact center, receive calls and create contact flows

Answer 19

Amazon Lex & Connect

Question 20

• Natural Language Processing – NLP

- ML to gain insights and relationships in text

Answer 20

Amazon Comprehend

Question 21

• Fully managed service for developers/ data scientists, build ML models

Answer 21

Sagemaker

Question 22

• fully managed service, use ML to deliver accurate forecasts

Answer 22

Amazon Forecast

Question 23

• fully managed document search service, using ML

- Extract info from document, search engine

Answer 23

Amazon Kendra

Question 24

• ML service, to build apps with real time personalized recommendations
• same tech used by Amazon.com

Answer 24

Amazon Personalize

Question 25

• Global Service
• Manage multiple AWS accounts in one place
• Consolidated billing across accounts
• Restrict account privileges using service control policies (SCP)

Answer 25

AWS Organizations

Question 26

• Whitelist/blacklist IAM actions
• Applied at OU or Account level
• SCP applied to all users and roles of account, including root
• SCP must have explicit Allow

Answer 26

Service Control Policies (SCP)

Question 27

• easy way setup and govern a secure and compliant multi-account AWS environment
• Runs on top of AWS Organizations
  AWS Compute Optimizer:
• reduce costs and improve performance
• uses ML to see resource configurations and utilization CloudWatch metrics

Answer 27

AWS Control Tower

Question 28

Analyze your AWS accounts and provide recommendations for 5 categories:

• cost optimization
• performance
• security
• fault tolerance
• service limits

Answer 28

AWS Trusted Advisor