Week 2-Security

Question 1

What are the 4 key strategic benefits of AWS security services and solutions?

Answer 1

1. Prevent:
2. Detect
3. Respond
4. Remediate

Question 2

AWS supports more ________________ and _______________ than any other offering,
including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171, helping customers
satisfy compliance requirements for ____________________________________.

Answer 2

1. security standards
2. compliance certifications
3. virtually every regulatory agency around the globe

Question 3

What are the 4 benefits of compliance on AWS?

Answer 3

1. Third-Party validation for 1000s of global requirements:
2. Inherit the latest security controls AWS uses on its own infrastructure
3. Streamline and automate compliance:
4. Automated Compliance Reporting:

Question 4

_______ and ____________ is a shared responsibility between AWS and the customer.

Answer 4

1. Security

2. Compliance

Question 5

Security and Compliance is a shared responsibility between AWS and the customer. What is AWS responsible for here vs the customer?

Answer 5

AWS: AWS operates, manages
and controls the components from the host operating system and virtualization layer down to the
physical security of the facilities in which the service operates.
2. The customer assumes responsibility and management of the guest operating system (including
updates and security patches), other associated application software as well as the configuration of
the AWS provided security group firewall

Question 6

What is the difference between security in the cloud vs security on-premises?

Answer 6

• In the cloud, you don’t have to manage physical servers or storage devices.
• Instead, you use software-based security tools to monitor and protect the flow of information into and out
of your cloud resources.

Question 7

While AWS manages security of the cloud, you are responsible for security in the cloud. Explain what this means.

Answer 7

This means that you retain control of the security you choose to implement to protect your own content,
platform, applications, systems, and networks no differently than you would in an on-site data center.

Question 8

AWS security controls provides AWS customers with _____ and ______

Answer 8

Flexibility and agility

Question 9

What are 4 benefits of AWS Security?

Answer 9

1. Keep Your Data Safe
   – The AWS infrastructure puts strong safeguards in place to help protect your privacy.
   – All data is stored in highly secure AWS data centers.
2. Meet Compliance Requirements
   – AWS manages dozens of compliance programs in its infrastructure.
   – This means that segments of your compliance have already been completed.
3. Save Money
   – Cut costs by using AWS data centers. Maintain the highest standard of security without having to manage your own facility
4. Scale Quickly
   – Security scales with your AWS Cloud usage.
   – No matter the size of your business, the AWS infrastructure is designed to keep your data safe.

Question 10

What are 4 benefits of AWS Security?

Answer 10

1. Keep Your Data Safe
   – The AWS infrastructure puts strong safeguards in place to help protect your privacy.
   – All data is stored in highly secure AWS data centers.
2. Meet Compliance Requirements
   – AWS manages dozens of compliance programs in its infrastructure.
   – This means that segments of your compliance have already been completed.
3. Save Money
   – Cut costs by using AWS data centers. Maintain the highest standard of security without having to manage your own facility
4. Scale Quickly
   – Security scales with your AWS Cloud usage.
   – No matter the size of your business, the AWS infrastructure is designed to keep your data safe.

Question 11

What does AWS Cloud compliance enable?

Answer 11

Enables you to understand the robust controls in place at AWS to maintain security and data protection
in the cloud. As systems are built on top of AWS Cloud infrastructure, compliance responsibilities will be shared.

Question 12

List some programs with which AWS complies with:

Answer 12

-AWS provides customers a wide range of information on its IT control environment in whitepapers, reports, certifications, accreditations, and other third-party attestations.

Question 13

With AWS, the customer manages what things about your data? (hint: 4 things)

Answer 13

• The privacy controls of your data
• Control how your data is used
• Who has access to it,
• How it is encrypted.

Question 14

Describe the following:

1. Data control
2. Data Privacy
3. Data sovereignty

Answer 14

Data control: AWS tools determine where your data is stored, how it is secured, and who has access to it

Question 15

How do you implement privacy protection?

Answer 15

Based on your specific industry requirements and satisfy regulators and auditors using our services, tooling, and resources to control and protect your data.

Question 16

Maintaining customer trust involves AWS making ongoing commitments to its customers. These commitments include: (hint: 3)

Answer 16

• You own and control your data on AWS
• You control your data. You determine who can access your data.
• Using AWS Regions, you control where your data is stored, based on your specific needs.

Question 17

What sort of privacy safeguard capabilities does AWS provide? (hint 2)

Answer 17

1. The option to manage your own encryption keys with AWS Key Management Service
2. The ability to continuously monitor, log, and retain account activity with AWS Config and AWS CloudTrail.

Question 18

What is an AWS MSSP Partner?

Answer 18

• AWS MSSP Partners can provide full outsourcing or integrate and join forces with your internal security teams to help you fully operationalize your AWS security.
-Increases cloud security by allowing experts to watch it 24/7

Question 19

For this reason, cloud security is a ______________ between the customer and AWS, where
customers are responsible for “security in the cloud” and AWS is responsible for “security of the
cloud.”

Answer 19

Shared responibility

Question 20

What is Whitepapers, Technical Guides, and Reference Materials?

Answer 20

Technical content that is crafted by AWS security specialists that helps expand your knowledge of cloud security
-These references cover the best practices for leading trends in the industry, including incident response, compliance in the cloud, and privacy considerations

Question 21

Amazon still publishes _____ _______ to notify its customers of ________ and _______ events.

Answer 21

1. Security bulletins

2. security and privacy events

Question 22

What does AWS security hub do? (3 things)

Answer 22

• Detect deviations from security best 
practices with a single click.
• Automatically aggregate security 
findings in a standardized data 
format from AWS and partner 
services.
• Accelerate mean time to resolution 
with automated response and 
remediation actions.

Question 23

What is Amazon GuardDuty? (specifics of how it works)

Answer 23

A threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3
-Cost-effective option for continuous threat detection in AWS
-Service uses machine learning, anomaly detection, and integrated threat intelligence to identify
and prioritize potential threats.
-GuardDuty analyzes tens of billions of events across multiple AWS data sources, such as AWS
CloudTrail event logs, Amazon VPC Flow Logs, and DNS logs.
-GuardDuty alerts are easy to aggregate across multiple platforms
-Amazon GuardDuty threat detection identifies activity that can be associated with account
compromise, instance compromise, malicious reconnaissance, and bucket compromise.
-For example, GuardDuty detects unusual API calls, suspicious outbound communications to known
malicious IP addresses, or possible data theft using DNS queries as the transport mechanism.
• GuardDuty delivers more accurate findings using machine learning enriched by threat intelligence,
such as lists of malicious IPs and domains.

Question 24

What are the 3 core benefits of Amazon Guard-Duty?

Answer 24

1. Comprehensive threat identification
2. Strengthens security through automation: automated responses to threats
3. Enterprise scale and central management: Multi-account support

Question 25

What sort of events across your AWS account does GuardDuty analyze? (4 examples)

Answer 25

AWS CloudTrail Management
Events (AWS user and API activity in your accounts), AWS CloudTrail S3 Data Events (Amazon S3
activity), Amazon VPC Flow Logs (network traffic data), and DNS Logs (name query patterns).

Question 26

How is Amazon GuardDuty priced?

Answer 26

Amazon GuardDuty is priced based on the quantity of AWS CloudTrail Events analyzed and the volume of Amazon VPC Flow Log and DNS Log data analyzed.

Question 27

What is Amazon Inspector?

Answer 27

• Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.
• Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best
practices.
• After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity.
• These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API
• Pricing is based on two dimensions, the number of EC2 instances included in each assessment, and the type(s) of rules package you select.
-You only pay for what you use

Question 28

What is AWS Config?

Answer 28

• AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your
AWS resources.
• Config continuously monitors and records your AWS resource configurations and allows you to
automate the evaluation of recorded configurations against desired configurations.
• With Config, you can review changes in configurations and relationships between AWS resources,
dive into detailed resource configuration histories, and determine your overall compliance against
the configurations specified in your internal guidelines.
• This enables you to simplify compliance auditing, security analysis, change management, and
operational troubleshooting
-Charged based on the number of configuration items recorded, the
number of active AWS Config rule evaluations and the number of conformance pack evaluations in
your account.

Question 29

What is AWS Cloudtrail?

Answer 29

-Service that enables governance, compliance, operational auditing, and risk
auditing of your AWS account.
- You can log, continuously monitor, and retain account activity related to actions
across your AWS infrastructure.
- Provides event history of your AWS account activity
-Allows you to detect unusual activity

Question 30

What is Amazon Macie?

Answer 30

-Fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS
• Amazon Macie automates the discovery of sensitive data at scale and lowers the cost of protecting your data.
• Macie automatically provides an inventory of Amazon S3 buckets including a list of unencrypted buckets,
publicly accessible buckets, and buckets shared with AWS accounts outside those you have defined in AWS
Organizations
-Macie’s alerts, or findings, can be searched and filtered in the AWS Management Console and sent to Amazon
EventBridge, formerly called Amazon CloudWatch Events, for easy integration with existing workflow or event
management systems, or to be used in combination with AWS services