What is a DDOS attack?
Distributed denial of service
Flooding your server with requests
What is a Layer 4 DDOS attack, and what else is it known by?
- AKA “Syn Flood”.
- The attacker sends SyN packets and ignores the AYN-ACK.
- Makes the server hang
- This exhausts the supply of TCP connections.
What is a common Layer 7 attack?
Floods, GET/POST requests
What is CloudTrail for?
- Logging AWS API Calls.
- Every API call in AWS is logged.
- User Activity
What does CloudTrail Log?
- API Call metadata
- Identity of the API caller
- Time of call
- Source IP of the call
- Request
- Response
What is AWS Shield?
Free DDOS protection
Layer 3 and 4 attacks
What does AWS Shield Advanced give you? How much is it?
- Enhanced protection against more sophisticated attacks
- Real-time protection
- 24/7 access to a live DDOS response team
- Protect your bill against higher fees due to DDOS
- $3000/month
What Protects against Layer 7 attacks?
What protects against Layer 3 and 4 attacks?
- Layer 7 - AWS WAF
- Layer 3 and 4 - AWS Shield/Shield Advanced
What is AWS WAF?
- Web Application Firewall
- Protects against application layer 7 attacks
- Common attacks
- HTTP/HTTPS
- Cross-site scripting
- SQL Injection
What can you control for using WAF?
- IP addresses
- Query strings
- Country of origin
- Request headers
- Presence of SQL code (SQL injections)
- Presence of scripts (cross-site scripting)
What is Guard Duty?
- Machine learning-based threat detection
- looks for things like known malicious IPs, port scanning, etc.
How can you use AI and automation to protect your AWS account
Guard Duty -→ Lambda!
What is AWS Macie for?
Automated monitoring S3 buckets for PII
Can send alerts
What is AWS Inspector?
- Automated security assessment service
- Works with
- Network
- EC2’s
- think “vulnerability scans”
What types of assessments does AWS Inspector do?
- Network Assessments
- Host Assessments (with an installed agent)
What is KMS
Key management system
Managed service you use to generate keys.
Starts with the customer managed Key
What is Secrets Manager? How is it accessed?
- Secures, encrypts, rotates database and other credentials
- Accessed programmatically rather than being hardcoded
What happens when you enable rotation in secrets manager?
- The credential is immediately rotated. This could be a good scenario question
What is Parameter Store
- Stores secret values inside systems manager.
- Plain text or encrypted data.
- Free
What are the limits in Parameter store?
- Limited to 10,000 values
- Does not rotate the keys
- Cannot generate keys using Cloud Manager
How can you temporarily share S3 objects?
- Pre-signed URL
- Pre-signed cookie
How can you share an S3 object in a shared bucket?
Pre-signed URL
How can you grant access to multiple objects in a private bucket?
Pre-signed cookies
What can you apply policies to?
- Identities (group, user)
- Resource
-
VPC52
-
Elastic Cloud Compute (EC2)30
-
Elastic Block Storage (EBS) and Elastic File Storage (EFS)41
-
Elastic Load Balancers (ELB)14
-
S340
-
High Availability and Scaling (EC2, Databases)29
-
Route 5310
-
Databases32
-
Decoupling Workflows29
-
Security28
-
Big Data (Redshift)10
-
IAM10
-
Disaster Recovery2
-
Serverless20
-
Migration (AWS Snow)19
-
Governance9
-
Caching23
-
Automation10
-
Unix Commands and CLI1
-
Scenarios and Use-Cases2
-
CSOA-A Domain 1 - Monitoring, Logging, Remediation (20%)19
-
CSOA-A Domain 3: Deployment, Provisioning and Automation (18%)11
-
CSOA-A Domain 5 - Networking and Content Delivery (18%)0
-
CSOA-A Domain 2 - Reliability and Business Continuity (16%)0
-
CSOA-A Domain 4 - Security and Compliance (16%)0
-
CSOA-A Domain 6 - Cost and Performance Optimization (12%)8
