AWS Certified Cloud Practitioner Module 6 - Security

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Which tasks can you complete in AWS Artifact? (Select TWO.)

-Review, accept, and manage agreements with AWS. -Access AWS compliance reports on-demand.

Which task can AWS Key Management Service (AWS KMS) perform?

Create cryptographic keys.

Which statement best describes the principle of least privilege?

Granting only the permissions that are needed to perform specific tasks

IAM groups

collection of IAM users that assigns an IAM policy to a group with the same granted permissions

AWS Organizations

consolidates and manages multiple AWS accounts within a central location

Customer Compliance Center

contains resources to help you learn more about AWS compliance

IAM roles

identity you can assume to gain temporary access to permissions

MFA

multi-factor authentication -adding an extra layer of security to signing in

Distributed denial of Service (DDos)

multiple sources are used to start an attack that aims to make a website or application unavailable

OUs

organizational units -grouping of accounts to make managing accounts with similar business or security requirements easier

root

parent container for all the accounts in your organization

Amazon Inspector

performs automated security assessments -checks for security vulnerabilities and deviations from security best practices -provides a list of security findings and list is organized by priority security level

cryptographic key

random string of digits used for locking(encrypting) and unlocking(decrypting) data

shared responsibility model for customers

responsible for the security of everything that they create and put in the AWS Cloud including content, who has access to the content, and how access rights are managed, granted, and revoked

shared responsibility model for AWS

security of the cloud and global infrastructure that runs on all of the services offered in the AWS cloud including AWS Regions, Availability Zones, and edge locations -physical security of data centers, hardware and software infrastructure, network infrastructure, and virtualization of infrastructure

least privilege

security principles that prevents users or roles from having more permissions than needed to perform their tasks

SCPs

service control policies -enable you to place restrictions in the AWS services, accounts, and individual API actions that users and roles in each account access

AWS Shield

service that protects applications against DDoS attacks

AWS WAF

web application firewall that lets you monitor network requests that come into your web applications

AWS Shield Standard

automatically protects all AWS customers at no cost from DDoS attacks

You are configuring service control policies (SCPs) in AWS Organizations. Which identities and resources can SCPs be applied to? (Select TWO.)

-An individual member account -An organizational unit (OU)

Which tasks are the responsibilities of customers? (Select TWO.)

-Setting permissions for Amazon S3 objects -Patching software on Amazon EC2 instances

root user

-accessed by signing in with the email address and password that you used to create your AWS account -has complete access to all the AWS services and resources in the account

AWS Shield Advanced

-paid service that provides detailed diagnostics and the ability to detect and mitigate sophisticated DDoS attacks -integrates Amazon CloudFront, Amazon Route 53, Elastic Load-Balancing

AWS Artifact Reports

-provide compliance reports from third-party auditors -global, regional, and industry-specific security standards and regulations

IAM users

-represents the person or application that interacts with AWS services and resources consisting of a name and credentials -root user must give IAM users permissions

AWS Artifact

-service that provides on-demand access to AWS security and compliance reports and select online agreements

Which statement best describes an IAM policy?

A document that grants or denies permissions to AWS services and resources

AWS IAM

AWS Identity and Access Management -enables you to manage access to AWS services and resources securely

AWS KMS

AWS Key Management Service -enables you to perform encryption operations through the use of cryptographic keys -create, manage, and use cryptographic keys

Which service helps protect your applications against distributed denial-of-service (DDoS) attacks?

AWS Shield

An employee requires temporary access to create several Amazon S3 buckets. Which option would be the best choice for this task?

IAM role

Best practice for IAM roles

IAM roles are ideal for situations in which access to services or resources needs to be granted temporarily, instead of long-term

Denial-of service attack (DoS)

deliberate attempt to make a website or application unavailable to users

IAM policies

document that allows or denies permissions to use AWS services and resources

Amazon GuardDuty

service that provides intelligent threat detection for your AWS infrastructure and resources -continuously analyzes data from multiple AWS resources reviewable inAWS Management Console

AWS Artifact Agreemnts

used to review, accept, and manage agreements for an individual account for all of your accounts in AWS Organizations -ex, HIPAA


Set pelajaran terkait

BS 161 Homework #16 and #17-- Cell Signaling

View Set

Unit Circle Cos, Sin, Tan, Radians and Degrees

View Set

HRM Chapter 14—Risk Management and Worker Protection

View Set

Esame di stato medicina II sessione 2017

View Set

immune system function and organs

View Set

Chapter 17, 18, 20, 21, 22, 23 (NOT 19)

View Set

Ig Chapter 13 Study Guide (after the fact)

View Set

Llengua - Tema 13 - 5è - Temps verbals. Segona conjugació- Els dos punts

View Set

Romeo and Juliet Background Info and Literary Terms

View Set