What is an Organizational Unit (OU)?
A: A logical grouping of AWS accounts used to apply governance and policies.
Q: What do Service Control Policies (SCPs) do?
A: They set the maximum permissions an AWS account can have in an organisation.
Q: Do SCPs grant permissions directly?
A: No, they only limit permissions.
Q: What is the relationship between IAM policies and SCPs?
A: Effective permissions are limited by both, so access must be allowed by IAM and not blocked by the SCP.
Q: Why are SCPs useful in AWS Organizations?
A: They centrally restrict what accounts in the organisation are allowed to do.
Q: What is AWS KMS used for?
A: Creating and managing encryption keys.
Q: What is the main security purpose of AWS KMS?
A: To control encryption across AWS services and applications.
Q: Why does AWS KMS integrate with CloudTrail?
A: To log and audit key usage.
Q: What protects keys inside AWS KMS?
A: Hardware Security Modules (HSMs).
Q: What standard are AWS KMS HSMs validated against?
A: FIPS 140-2.
Q: What is Amazon Cognito mainly used for?
A: Managing user sign-up, sign-in, and access control for apps.
Q: Why is Amazon Cognito suitable for large applications?
A: It scales to millions of users.
Q: What kind of providers can Amazon Cognito connect to?
A: Social and enterprise identity providers.
Q: What does AWS Shield Standard provide?
A: Automatic basic DDoS protection.
Q: What is AWS Shield designed to protect against?
A: DDoS attacks.
Q: What does AWS Shield Advanced add?
A: Enhanced detection and mitigation features.
Q: Why is AWS Shield important for availability?
A: It helps reduce downtime and latency during attacks.
Q: If IAM allows an action but an SCP blocks it, what is the result?
The action is denied
Q: Why might a company organise accounts into different OUs?
A: To apply different controls to different groups of accounts.
Q: What is the key difference between IAM policy and SCP?
A: IAM grants permissions, while SCP limits the maximum permissions.
Q: Why is key management important in cloud security?
A: Because data security depends on protecting encryption keys.
Q: Why might Cognito and IAM be used together?
A: To give authenticated app users secure access to AWS resources.
Q: What is the main governance benefit of AWS Organizations?
A: Consistent control across multiple AWS accounts.
Q: What is the main security benefit of using KMS instead of unmanaged keys?
A: Centralised and auditable key control.
-
AWS 1.1 Intro to cloud7
-
AWS 1.210
-
AWS 1.3 intro to AWS5
-
AWS Module 4.424
-
AWS 4.5: Encrytion/Security25
-
AWS 4.6: Working to ensure compliance25
-
aws 5.1 Networking and content delivery10
-
week 5.2: Amazon VPC16
-
AWS module 5.3 VPC networking24
-
week 5.4 VPC security24
-
aws 5.5 Rout 5325
-
AWS 5.6: CloudFront20
-
AWS- Module 6.2 Amazon EC2 part 126
-
AWS module 6.3 Amazon EC2 part 230
-
AWS 6.4 amazon EC2 part 327
-
AWS Module 6.5 Amazon EC2 cost optimisation31
-
AWS module 6.6 Container services30
-
AWS Module 6.7 introduction to lambda30
-
AWS Module 6.8 Elastic beanstalk27
-
AWS 7.1 Amazon EBS Block Storage32
-
AWS 7.2 Amazon s3 Object storage30
-
AWS 7.3 Amazon EFS, Elastic File Storage32
-
AWS 7.4 aws s3 glacier26
-
AWS 8.1 Amazon RDS10
-
AWS module 8.2 Amazon DynamoDB11
-
AWS module 8.3 amazon redshift10
-
AWS module 9.1 Well-architected framework5
-
AWS 9.2 Operational excellence pillar7
-
AWS module 9.3 Security5
-
AWS 9.4 Reliability5
-
AWS 9.5 performance efficiency pillar5
-
AWS 9.6 cost optimisation5
-
AWS 9.7 reliability and availability7
-
AWS 10.1 elastic load balancing7
-
AWS 10.2 amazon cloudFront5
-
AWS 10.3 amazon EC2 autoscaling10
-
AWS 1.4 moving to the AWS cloud6
-
AWS 2.1 fundamentals of pricing6
-
AWS 2.2 total cost of ownership7
-
AWS 2.3 organisation7
-
AWS 2.4 billing6
-
aws 2.5 technical support models7
-
AWS 3.1 Global Infrastructure8
-
AWS 3.2 Services10
-
AWS 4.1 shared responsibility6
-
AWS 4.2 AWS IAM12
