Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Whitepapers > Well Architected Framework WP - Security > Flashcards

Well Architected Framework WP - Security Flashcards

1
Q

Design Principles

A

Apply security at all layers

Enable traceability

Automate responses to security events

Automate security best practices

Focus on securing your system (your responsibilities in shared model)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Definition, remember for exam

A

Security in the cloud consists of 4 areas

Data protection
Privilege management
Infrastructure protection
Detective controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Data Protection Pillar

A

Data should be classified before you architect security practices

Organize and classify data, i.e. what’s public and what’s private, user access roles, privileges, etc.

Encrypt everything at rest and in transit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Data Protection best practices

A

AWS makes it easy to encrypt with KMS
Detailed logging is available
AWS storage systems are highly resilient
Customers have full control of their data

Versioning can protect against accidental harm

AWS never initiates moving data between regions. Customers might do it, but not AWS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Data Protection questions for yourself

A

How are you encrypting data at rest and transit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Privilege Management

A

Ensures only authorized users can access resources, and in the way intended

Includes ACLs, Roles, password policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Privilege Management questions for yourself

A

How are you protecting access to and use of AWS root account?

How are you defining roles and responsibilities of users to control access to Console and API’s?

How are you limiting automated access to AWS resources (ie from apps, scripts, 3rd party tools and services)

How are you managing keys and credentials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Infrastructure Protection

A

How do you protect your data center (physical controls, which aWS provides

Security groups, NACL’s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Infrastructure Protection questions

A

How are you enforcing network and host protection

How are you enforcing AWS service level protection

How are you protecting integrity of OS on instances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Detective Controls best practices

A

Use detective controls to ID a breach

AWS Tools for this:
Cloudtrail
Cloudwatch
AWS Config
S3
Glacier
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Detective Control questions

A

how are you capturing and analyzing Cloudwatch / AWS logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Key AWS Services for security

A

Data Protection:
encrypt data using ELB, EBS, S3, RDS

Privilege Mgmt:
IAM, MFA

Infrastructure Protection:
VPC, Security Groups, NACLs, NAT instances

Detective Controls:
Cloudtrail, AWS Config, Cloudwatch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

AWS Whitepapers (14 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions