Cloud Foundations - D282 (Security and Compliance)

What is the number of security groups per VPX or per region?

500

Which AWS feature provides a constant monitoring service that assists in locating and solving malicious security breaches within your AWS infrastructure?

Amazon GuardDuty

What mode within IPSec has both the source and destination hosts performing cryptographic functions?

Transport Mode

According to the AWS shared responsibility model, which entity is responsible for protecting the AWS infrastructure that runs all of the services offered in the AWS Cloud?

AWS

Which service protects again SQL injection and cross-site scripting attacks?

AWS Web Application Firewall (WAF)

Which tool checks the compliance in IAM configurations to make sure it has a secure access to respective AWS resource, and validates ports 22, 3389, and 5500?

Trusted Advisor Tool

According to the AWS shared responsibility model, which entity is responsible for the patching of guest OSes and applications?

the customer

Which section of the IAM policy determines what assets the IAM policy will use?

The Resource section

What are two security options used within Amazon S3 that can be used for preventing accidental delete action?

Versioning and MFA Delete

Which AWS service would you use to review the full history of changes made to your application's data?

Amazon Quantum Ledger Database (QLDB)

Which specific security component manages several IAM users and gives you the ability to specify security permissions for a given set of users?

An AWS Identify and Access Management (IAM) group

Which section of an IAM policy determines the behaviors and actions of what policy will allow?

The Effects section

Which section of AWS Artifact provides you with compliance reporting from third-party auditors?

Artifact Reports

According to the AWS shared responsibility model, who is responsible for maintaining the infrastructure for virtualization?

AWS

Which standard requires companies to guarantee the secure processing and handling of the storing and transmission of credit card information?

Payment Card Industry Data Security Standard (PCI-DSS)

According to the AWS shared responsibility model, who is responsible for managing Availability Zones, Regions, and Edge Locations?

AWS

What are software packages/services offered as a single package, which automate cloud security?

Orchestration Systems

Which IAM policies are created and managed by AWS?

Manages Policies

Which document defines the security for a company's cloud controls, policies, responsibilities, and underlying technologies?

Security Policy Document

Which service provides DDoS protection?

AWS Shield

What allows multiple organizations to be able to use the same date for identification purposes?

Federations

Which component is a way of defining allowed or denied permissions for a user or resource by attaching this component?

AWS Identity and Access Management (IAM) policies

What is the term for a zone defined by a group of ports?

Hard Zoning

According to the AWS shared responsibility model, who needs to perform patching of the RDS database engines?

AWS

Which cloud component focuses on firewalls, intrusion detection, and encryption?

Security component

Which AWS resource is considered a federated tool that allows you to have your own single sign-on using identity providers such as Microsoft Active Directory Federation Services (ADFS) or Google?

AWS Cognito

Which type of control involves passing control from AWS specifically back to the customer?

Inherited Controls

According to the AWS shared responsibility model, who needs to set up security groups for EC2 instances?

The customer

What would you use to ensuring the integrity of digital messages as they are sent from one system to another?

Digital Signatures

In which two locations does Amazon recommend you store access keys for IAM users?

In the AWS credentials file and in the environment variables.

Which type of control under the shared responsibility model is considered a shared control between customers and AWS?

Patching, configuration, and training

Can you retrieve a deleted access key?

No

What access control method determines access rights based on the data comparing with the security properties of the system?

Mandatory Access Control (MAC)

What is defined as a framework/architecture which uses different protocols to provide integrity, confidentiality, and authentication of data over a TCP/IP network?

IP Security (IPSec)

How many access keys can you have for an IAM user or a root user?

Two

What is the type of AWS IAM policy that allows you to grant or deny permissions on AWS accounts or IAM users on specific objects within the Amazon S3 environment?

A bucket policy

According to the AWS shared responsibility model, which entity is responsible for identity and access management?

The customer

Which security mechanism secures access to storage resources by using an ordered list of permit and deny statements?

A Storage Access Control list (ACL)

Which service increases application compliance and reduces security concerns by continually scanning AWS workloads for vulnerabilities and unintended network exposure?

Amazon Inspector

What reduces the need to sign onto multiple systems to gain access?

Single Sign-On (SSO)

Where can you locate AWS compliance reports and access agreements made with AWS?

AWS Artifact

Which federal program outlines and standardizes security assessments, authorization, and continuous monitoring for cloud products/services?

Federal Risk and Authorization Management Program (FedRAMP)

According to the AWS shared responsibility model, which entity or entities is/are responsible for configuration management?

It is shared by AWS and the customer.

What is the security advantage of AWS Storage Snowball?

It bypasses a connection to the Internet and avoids the cost and security concerns of network data transfer.

According to the AWS shared responsibility model, who is responsible for upholding compliance standards in the cloud?

Both the customer and AWS

Which service allows you to perform data encryption using cryptographic keys?

AWS Key Management Service (KMS)

As a best practice what will you use for granting temporary access to employees?

AWS Identity and Access Management (IAM) role

When should you give out the IAM user root ID and password to an end user for logging into the system?

never

According to the AWS shared responsibility model, who is responsible for training the customer's IT employees?

The customer

Which SAN security process restricts storage access between initiators and targets?

Zoning

According to the AWS shared responsibility model, who has responsibility for the security of customer data in the cloud?

The customer

Which networking component mimics the job of a firewall and also controls the outbound and inbound traffic?

A security group

Which Amazon service can increase application compliance and reduce security concerns within an EC2 environment by automatically assessing vulnerabilities or changes to a system?

The Amazon Inspector

Which security best practice should you follow when setting permissions in IAM policies?

Granting Least Priviledge

Within the Amazon shared responsibility model, who is responsible for the security of AMI configurations, policies, data stores, data at rest, data in transit, applications, and operating systems?

Customers

What is the term for a zone that has a worldwide name?

Soft Zoning

What will you use to view a list of IAM users and the status of all their credentials?

AWS Identity and Access Management (IAM) credentials report

Which AWS resource provides an additional layer of security when implemented on the VPC side, where it acts like a logical firewall?

AWS Network Access Control List (ACL)

Which security credentials do you need for making programmatic calls to AWS?

Access Keys

Which AWS service provides a way to manage a ledger system that provides complete immutability for multiple parties to perform transactions?

Amazon Managed Blockchain

Who is responsible for security within the cloud, and who is responsible for security of the cloud?

Security within = customer

Security of = AWS

Which AWS Trusted Advisor pillar indicates a lack of backups, like EBS volumes that do not have snapshots taken of them?

Fault Tolerance

What does FISMA stand for?

Federal Information Security Management Act