Security Automation

Question 1

What is DevSecOps?

Answer 1

is certainly about security, but it is just as much about the processes you use to build applications and helping to ensure security is built in to those processes by design

Question 2

Temporary Credentials

Answer 2

Trusted user can:

• Assume roles on a temporary basis
• Use temporary credentials to access your AWS resources 15 mins - 36 hours

Not always necessary

AWS security token service

Question 3

Switching roles

Answer 3

allows practice of least-privilege principle

• only permission to perform the current task
• use elevated permissions only if the task requires them
• permissions can be removed after task is completed

Question 4

How to switch roles?

Answer 4

1. create a role for cross-account access
2. Establish trust from the account that owns the role the resources to the account that contains the user
   3.

Question 5

MFA

Answer 5

Multi-factor Authentication - requires users to enter a unique authentication code when accessing AWS website or service:

Question 6

AWS IAM Policy Validator

Answer 6

Examines IAM policies for compliance with IAM policy grammar
runs automatically when policy is created or updated
checks only JSON policy syntax and grammar
if it policy validation fails, it will not allow you

Question 7

AWS Config

Answer 7

safety can be added using AWS Config rules

Question 8

AWS Secrets Manager

Question 9

AWS Secrets Manager

Question 10

AWS Systems Manager Parameter Store

Answer 10

• store parameters as plaintext or as encrypted objects
• reference parameters in scripts and commands
• reference parameters
• integrates with IAM and AWS KMS

Question 11

What are Secure String parameters?

Answer 11

Secure

Question 12

The Security Perspective of the Cloud Adoption Framework

Answer 12

Directive
Preventive
Detective
Responsive

Question 13

The Security Perspective of the Cloud Adoption Framework

Answer 13

Directive
Preventive
Detective
Responsive

Question 14

Security of the Pipeline

Answer 14

focus on

• user management
• least privilege
• detective controls
• infrastructure controls

Question 15

Threat detection tools

Answer 15

AWS Guard Duty
AWS Security Hub
Amazon Inspector

Question 16

AWS Security Hub

Answer 16

Centrally manage and aggregate security alerts and compliance status across your AWS accounts, like Amazon GuardDuty, Amazon inspector, Amazon Macie and partner solutions. has a range of tools from firewalls and compliance scanners

Question 17

Amazon Inspector

Answer 17

automated security assessment service that improves the security and compliance of applications deployed

• can automate with Amazon SNS, AWS Lambda, and AWS SSM:
  
  • agent installation
  • issue management and tracking
  • inspector runtimes
  • remediation