Week 3 - Cloud Security

Question 1

What is AWS responsible for in the Shared Responsibility Model?

Answer 1

Security OF the cloud, AWS is responsible for maintaining the security of the infrastructure, including hardware, software, networking, and facilities that run AWS services.

Question 2

What is the customer responsible for in the Shared Responsibility Model?

Answer 2

Security IN the cloud, Customers are responsible for securing their applications, data, access controls, and configurations within the AWS environment.

Question 3

Who is responsible in the shared responsibility model in the following situations? AWS or the customer?

1. Upgrades and patches to the operating system on the EC2 instace
2. Physical Security of the data centre?
3. Virtualization infrastructure?
4. EC2 security group settings?

Answer 3

1. The customer
2. AWS
3. AWS
4. The customer

Question 4

What is AWS Identity and Access Management (IAM), and what does it allow you to do?

Answer 4

AWS Identity and Access Management (IAM) is a feature of an AWS account that allows you to manage access to AWS resources at no additional charge. It enables you to specify:

• Which users can access which services (e.g., AWS EC2).
• The method of access (e.g., AWS Management Console).
• The level of actions allowed (e.g., full access or read-only).

Question 5

What are the four essential components of AWS Identity and Access Management (IAM)?

Answer 5

The four essential components of AWS Identity and Access Management (IAM) are:

1. AWS Users: Individual accounts representing people or applications.
2. AWS Groups: Collections of users sharing permissions.
3. AWS Roles: Assigned permissions for temporary access to AWS resources.
4. AWS Policies: Documents defining permissions and access levels.

Question 6

What is the AWS account root user, and what is its significance?

Answer 6

The AWS account root user is created when an AWS account is first set up. It has unrestricted access to all AWS resources and services in the account. Because of its high-level permissions, AWS recommends using the root user only for tasks that require it and securing it with multi-factor authentication (MFA).

Question 7

What are the recommended steps to secure a new AWS account?

Answer 7

1. Stop using the account root user as soon as possible and create IAM users and groups with specified access permissions.
2. Enable multi-factor authentication (MFA) for all users.
3. Use AWS CloudTrail to track and log user activity on your account.
4. Enable a billing report, such as the AWS Cost and Usage Report.

Question 8

What tools are available for securing an AWS account, and what are their purposes?

Answer 8

1. AWS Organizations: Assigns Service Control Policies (similar to IAM policies) to a group of AWS accounts, helping manage permissions across multiple accounts.
2. AWS Key Management Service (AWS KMS): Manages encryption keys to secure data.
3. Amazon Cognito: Adds sign-up, sign-in, and access control to web or mobile applications.
4. AWS Shield: Protects AWS services against Distributed Denial of Service (DDoS) attacks.

Question 9

How can data be secured on AWS, and what technologies are used for encryption?

Answer 9

1. Encryption of data at rest: Data stored in AWS can be encrypted using AWS Key Management Service (KMS) to manage encryption keys.
2. Encryption of data in transit: Data transmitted over networks can be secured using Transport Layer Security (TLS) to ensure data privacy and integrity during transfer.

Question 10

What AWS tools help ensure compliance, and what are their functions?

Answer 10

1. AWS Config: A service that allows you to assess, audit, and evaluate the configurations of your AWS resources to ensure compliance with internal policies and regulations.
2. AWS Artifact: Provides on-demand access to security and compliance documents from AWS, helping you manage your compliance requirements.