AWS Module 6 Security

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

DDoS (Distributed Denial of Service)

Attack comes from multiple services to make website or application inaccessible.

An employee requires temporary access to create several Amazon S3 buckets. Which option would be the best choice for this task? A.) AWS account root user B.) IAM group C.) IAM role D.) Service control policy (SCP)

C

AWS Identity and Access Management (IAM)

Enables you to access to AWS service and resources securely.

AWS Artifact

On-demand secure and compliance reports and selects online agreements.

Service Control Policies (SCPs)

Organization policy you can use to manage permissions in your organization, and set limits on admins or delegate IAM users.

Multi-factor authentication

Password and second form of authentication.

AWS Shield Standard

Protects from common and frequent DDoS attacks at no cost.

AWS Shield Advanced

Provides detailed diagnostics and ability to detect and mitigate sophisticated DDoS at a price.

Customer Compliance Center

Resources that assist in learning about AWS compliance.

AWS WAF

Web app firewall that lets you monitor network requests that come into your web.

AWS Key Management Service (KMS)

create and manage keys and control the use of encryption across a wide range of AWS services.

AWS Shield

Service that protects against DDoS

Which tasks can you complete in AWS Artifact? (Select TWO.) A.) Access AWS compliance reports on-demand. B.) Consolidate and manage multiple AWS accounts within a central location. C.) Create users to enable people and applications to interact with AWS services and resources. D.) Set permissions for accounts by configuring service control policies (SCPs). E.) Review, accept, and manage agreements with AWS.

A and E

IAM policy

A document that allows or denies permissions to AWS services and resources.

AWS Organizations

Allows you to centrally manage and govern your environment.

Amazon Inspector

Automated security assessment.

Shared responsibility model

Aws is responsible for AWS and I am responsible for the services I use.

Which statement best describes an IAM policy? A.) An authentication process that provides an extra layer of protection for your AWS account B.) A document that grants or denies permissions to AWS services and resources C.) An identity that you can assume to gain temporary access to permissions D.) The identity that is established when you first create an AWS account

B

Which tasks are the responsibilities of customers? (Select TWO.) A.) Maintaining network infrastructure B.) Patching software on Amazon EC2 instances C.) Implementing physical security controls at data centers D.) Setting permissions for Amazon S3 objects E.) Maintaining servers that run Amazon EC2 instances

B and D

Which statement best describes the principle of least privilege? A.) Adding an IAM user into at least one IAM group. B.) Checking a packet's permissions against an access control list. C.) Granting only the permissions that are needed to perform specific tasks. D.) Performing a denial of service attack that originates from at least one device.

C

Which task can AWS Key Management Service (AWS KMS) perform? A.) Configure multi-factor authentication (MFA). B.) Update the AWS account root user password. C.) Create cryptographic keys. D.) Assign permissions to users and groups.

C

You are configuring service control policies (SCPs) in AWS Organizations. Which identities and resources can SCPs be applied to? (Select TWO.) A.) IAM users B.) IAM groups C.) An individual member account D.) IAM roles E.) An organizational unit (OU)

C and E

IAM Groups

Collection of IAM users.

Which service helps protect your applications against distributed denial-of-service (DDoS) attacks? A.) Amazon GuardDuty B.) Amazon Inspector C.) AWS Artifact D.) AWS Shield

D

IAM Roles

ID you can assume to gain temporary access to permissions.

IAM User

Identity created in AWS which represents a person or application that interacts with AWS or resources.

Root user

Identity you begin with when creating first AWS account.

AWS Artifact Reports

Info for complying with certain regulatory standards.

Amazon GuardDuty

Intelligent threat detection for your AWS infrastructure and resources.

DoS denial-of-service

Shut down website or application to make it inaccessible to users.

AWS Agreements

Sign agreement in AWS for certain types of info.


Kaugnay na mga set ng pag-aaral

Module 5 - FP513 | Alternative Investments & Derivatives

View Set

ITD 256 Final Exam Review (Questions from Quiz 2)

View Set

Life in the UK, 3rd edition (2013)

View Set

13. Hemoglobin and Oxygen Transport

View Set

The Later Judean/Perean Ministry and Passion Week

View Set

OB chapter 3-individual differences and emotions

View Set

MKT 320 CHAPTER 6, mkt 320 chapter 7, MKT 320 CH 8, marketing chapter 12, marketing chapter 13, marketing chapter 16 and 17yyy

View Set