_ is the process of verifying the identity of a user or entity through credentials like a username and password combination.
Authentication
_ determines which actions users are permitted to perform in a system or application
Authorization
action = api call
How do you grant or deny permissions to an IAM user?
the way that you grant or deny permission is to associate what is called an IAM policy to an IAM user
temporary (time-bound) access is provided by _ .
assigning an IAM role
_ centralizes identity and access management across AWS accounts and applications.
IAM Identity Center
It can also connect to an existing identity source and provide your workforce with single sign-on access to all your connected AWS services and accounts. This is called federated identity management.
_ provides a secure way to manage, rotate, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.
Secrets Manager
Which AWS service helps you you can quickly access node information, such as ID and operating system details, and automate registry edits, user management, and security patching?
AWS Systems Manager
A financial services company wants to give its accountants access to a particular Amazon S3 bucket.
Which of these IAM controls is used to define this access?
1. IAM User
2. IAM Group
3. IAM Role
4. IAM Policy
4.
A software development team needs to centrally manage its database credentials and API keys on AWS.
Which of these services should the team choose?
AWS Secrets Manager
AWS _ protects AWS resources from the most common, frequently occurring types of DDoS attacks and is built into AWS managed services like Elastic Load Balancing, CloudFront, and Route 53 at no extra cost.
Shield Standard
security groups and ELB are regional services (T/F)
T
An online boutique has recently suffered a series of targeted distributed denial of service (DDoS) attacks. The owner wants to enhance the security of the boutique’s web application using AWS infrastructure.
Which components can the boutique use to protect the web application on AWS from DDoS attacks? (Select TWO.)
1. Auto scaling groups
2. Security groups
3. Compute instances
4. Public subnets
5. Elastic Load Balancing (ELB)
2, 5
new objects that are uploaded to an S3 bucket are automatically encrypted at rest. (T/F)
T
With SSL and TLS, you use _ to verify the identity and subsequently establish an encrypted network connection from one system to another
certificates
Amazon DynamoDB, server-side encryption at rest is enabled on all table data using encryption keys stored in _ .
AWS Key Management Service
(KMS)
KMS helps you create and manage cryptographic keys.
In KMS, is it possible to give access of cryptographic keys created by you, to another IAM user/role?
Yes.
You can set specific levels of access control for your keys. For example, you can specify which IAM users and roles are able to manage keys.
_ service is used to monitor your sensitive data at rest to make sure it’s safe. It uses machine learning (ML) and automation to discover sensitive data stored in Amazon S3
Amazon Macie
_ centralizes the management of your SSL/TLS certificates that provide data encryption in transit.
ACM
Which processes involve locking and unlocking data with a special key so only authorized users can access it?
1. Tokenization and masking
2. Encryption and decryption
3. Authentication and authorization
4. Hashing and salting
2.
A tax preparation company needs to secure sensitive customer data moving from its database to its web application on AWS.
Which of these services can help them secure the data in transit?
1. AWS KMS
2. Amazon DynamoDB
3. Amazon Macie
4. AWS Certificate Manager (ACM)
4.
_ runs automated security assessments against your infrastructure.
Amazon Inspector
It helps to check on deviations of security best practices, exposure of Amazon EC2 instances, and vulnerable software version installations.
_ service analyzes continuous streams of your account metadata and network activity as it looks for security threats. It uses integrated threat intelligence, such as known malicious IP addresses, anomaly detection, and machine learning to identify threats more accurately.
Amazon GuardDuty
_ service automatically collects log data from your AWS resources across your accounts and uses machine learning and graph analytics to build interactive visualizations of detected issues.
Amazon Detective
_ service, you can quickly see your AWS security and compliance state in one comprehensive view
Security Hub
