AWS Certified Cloud Practitioner Module 6 - Security
Which tasks can you complete in AWS Artifact? (Select TWO.)
-Review, accept, and manage agreements with AWS. -Access AWS compliance reports on-demand.
Which task can AWS Key Management Service (AWS KMS) perform?
Create cryptographic keys.
Which statement best describes the principle of least privilege?
Granting only the permissions that are needed to perform specific tasks
IAM groups
collection of IAM users that assigns an IAM policy to a group with the same granted permissions
AWS Organizations
consolidates and manages multiple AWS accounts within a central location
Customer Compliance Center
contains resources to help you learn more about AWS compliance
IAM roles
identity you can assume to gain temporary access to permissions
MFA
multi-factor authentication -adding an extra layer of security to signing in
Distributed denial of Service (DDos)
multiple sources are used to start an attack that aims to make a website or application unavailable
OUs
organizational units -grouping of accounts to make managing accounts with similar business or security requirements easier
root
parent container for all the accounts in your organization
Amazon Inspector
performs automated security assessments -checks for security vulnerabilities and deviations from security best practices -provides a list of security findings and list is organized by priority security level
cryptographic key
random string of digits used for locking(encrypting) and unlocking(decrypting) data
shared responsibility model for customers
responsible for the security of everything that they create and put in the AWS Cloud including content, who has access to the content, and how access rights are managed, granted, and revoked
shared responsibility model for AWS
security of the cloud and global infrastructure that runs on all of the services offered in the AWS cloud including AWS Regions, Availability Zones, and edge locations -physical security of data centers, hardware and software infrastructure, network infrastructure, and virtualization of infrastructure
least privilege
security principles that prevents users or roles from having more permissions than needed to perform their tasks
SCPs
service control policies -enable you to place restrictions in the AWS services, accounts, and individual API actions that users and roles in each account access
AWS Shield
service that protects applications against DDoS attacks
AWS WAF
web application firewall that lets you monitor network requests that come into your web applications
AWS Shield Standard
automatically protects all AWS customers at no cost from DDoS attacks
You are configuring service control policies (SCPs) in AWS Organizations. Which identities and resources can SCPs be applied to? (Select TWO.)
-An individual member account -An organizational unit (OU)
Which tasks are the responsibilities of customers? (Select TWO.)
-Setting permissions for Amazon S3 objects -Patching software on Amazon EC2 instances
root user
-accessed by signing in with the email address and password that you used to create your AWS account -has complete access to all the AWS services and resources in the account
AWS Shield Advanced
-paid service that provides detailed diagnostics and the ability to detect and mitigate sophisticated DDoS attacks -integrates Amazon CloudFront, Amazon Route 53, Elastic Load-Balancing
AWS Artifact Reports
-provide compliance reports from third-party auditors -global, regional, and industry-specific security standards and regulations
IAM users
-represents the person or application that interacts with AWS services and resources consisting of a name and credentials -root user must give IAM users permissions
AWS Artifact
-service that provides on-demand access to AWS security and compliance reports and select online agreements
Which statement best describes an IAM policy?
A document that grants or denies permissions to AWS services and resources
AWS IAM
AWS Identity and Access Management -enables you to manage access to AWS services and resources securely
AWS KMS
AWS Key Management Service -enables you to perform encryption operations through the use of cryptographic keys -create, manage, and use cryptographic keys
Which service helps protect your applications against distributed denial-of-service (DDoS) attacks?
AWS Shield
An employee requires temporary access to create several Amazon S3 buckets. Which option would be the best choice for this task?
IAM role
Best practice for IAM roles
IAM roles are ideal for situations in which access to services or resources needs to be granted temporarily, instead of long-term
Denial-of service attack (DoS)
deliberate attempt to make a website or application unavailable to users
IAM policies
document that allows or denies permissions to use AWS services and resources
Amazon GuardDuty
service that provides intelligent threat detection for your AWS infrastructure and resources -continuously analyzes data from multiple AWS resources reviewable inAWS Management Console
AWS Artifact Agreemnts
used to review, accept, and manage agreements for an individual account for all of your accounts in AWS Organizations -ex, HIPAA
