Security

Question 1

Which service provide single sign-on access for its employees on AWS Using its existing identity source

Answer 1

AWS IAM identify center (centralizes iam accross AWS account and application)

Question 2

What is used to encrypt data in transit

Answer 2

SSL/TLS certificates

Question 3

Which provide centralized way to create and manage encryption keys that protect its data on AWS

Answer 3

AWS KMS

Question 4

Which is used to verify identity of user through credentials and which is used to grant users certain access rights and permissions they can perform in application

Answer 4

Authentication
Authorization

Question 5

Is cloud security shared responsibility between customer n aws

Answer 5

Teue5

Question 6

Who manage security of data,systems n application and controlling who has access to envt n resources and what data to store or run workload on AWS,which aws service to use

Answer 6

Custoenrs

Question 7

Who operates ,managed and controls the components at all layers of information

Answer 7

AWS (SECURITY OF CLOUD:- like virtualization layer, hardware n global infrastructure which support data centre and support protection of AWS region,AZ AND EDGE LOCATION)

Question 8

How to prevent SECURITY incidents or security managing identities and access to AWS services and resources

Answer 8

AWS identity and access management ( when u grant permission u should provide access only on need-tohave- basis which is called Principle of least privilege )

Question 9

Who is the account owner and having permission to do anything inside AWS account

Answer 9

Root user( for protection use strong pwd n ena kr MFA)

Question 10

Difference between iam role and group and policy

Answer 10

IAM role: is identity u can assume to gain temporary access to permissions
IAM gp: collection of iam users
IAm policy: json doc that allows or denies permissions to access AWS services n resources.e.g. U can allow access to all employees to access all Amazon S3 bucket or specific bucket

Question 11

Which is used to allow users to access multiple applications,services or domain using single set of credentials

Answer 11

Federated identify management

Question 12

Which provide secure way to manage ,rotate and retrieve db credentials,API keys and other secrets throughout their lifecycle

Answer 12

AWS secrets manager

Question 13

_ used to provide centralized view of nodes across ur organization’s account and region and multi cloud n hybrid envt.

Answer 13

AWS system manager

Question 14

Components of providing secure environment on AWS i.e. AWS security control

Answer 14

1..prevent unauthorised access
2.prevent network and application
3. Protecting data
4.detecting and responding to security incident
5. Additional security resources

Question 15

Ways to protect AWS through Infrastructure

Answer 15

1.Security groups: operate at network level
2.Elastic load balancing (ELB): run at region level
3. AWS region: massively expensive

Question 16

How to do AWS protection using services

Answer 16

1. AWS Shield:used to protect frequently occuring types of DDoS attack at no cost

2 .AWS Shield advanced: paid service that provide detailed attack diagnostics and ability to detect and mitigate sophisticated DDoS attack,
It also integrated with other services like Amazon cloudfront,route 53,ELB

3. AWS WAF:protect ur network and application from blocked ip address defined by a web ACL

Question 17

How to protect data

Answer 17

Encryption and it’s 2 form:
Encryption at rest: data idle and not moving
Encryption at transit: data moving between location

Question 18

Name 3 different method of AWS built in data protection

Answer 18

1. Amazon S3: all S3 buckets have encryption configured n all uploaded object are encrypted at rest
2. Amazon EBS: ebs volume (root and data volume) and snapshot can encrypted at rest
3. Amazon Dynamodb: server side encryption at rest is enabled on all Dynamodb table data using encryption keys stored in AWS KMS

Question 19

Which service used to monitor ur sensitive data at rest to make sure it’s safe, assess security posture HELPFUL for meeting compliance requirements,use ML

Answer 19

Amazon Macie

Question 20

_ centralizes management of ur ssl/TLS certificates that provide data encryption in transit and use to protect various AWS services and ur connect3d onpremises resources

Answer 20

AWS certificate manager(ACM)

Question 21

Which is used to improve security and compliance of application by running automated security assessments for Amazon EC2 instances, containers and lambda functions

Answer 21

Amazon Inspector (also check application for security vulnerabilities and deviation from security best practices)

Question 22

Which provide intelligent threat detection across ur infrastructure and resources and identity threat by continuously monitoring streams of ur account metadata and network activity in ur envt.

Answer 22

Amazon GuardDuty

Question 23

_ is used to identify root cause when threat is detected using interactive virtualization contained in unified AWS management console view

Answer 23

Amqzon detective

Question 25

- is used to bring multiple security services into single place and format

Answer 25

AWS Security Hub(automatically aggregate security findings from AWS and partner service and organize them into actionable meaningful grouping called insights and can accelerate time to resolution(TTR) with automated remediation

Question 26

Additional security resources

Answer 26

Security, identity and compliance service: refer to security, identity and compliance on AWS To find answer to question, troubleshooting issues : knowledge center To search through documentation by product category: AWS security documentation For expert insights ,best practices and update on security features : AWS Security Blog