Module 4 - Security

1. Core Knowledges

  1. AWS Shared Responsible Model

  2. AWS Identity & Access Management (IAM)

  3. Amazon Inspector

  4. Protect your infrastructure from DDoS attacks

  5. AWS Shield

2. Quiz

Q1 - How would an AWS customer easily apply common access controls to a large set of users?

A. Apply an IAM policy to an IAM group.

B. Apply an IAM policy to an IAM role.

C. Apply the same IAM policy to all IAM users with access to the same workload.

D. Apply an IAM policy to an Amazon Cognito user pool.

Q2 - Under the shared responsibility model, which of the following tasks are the responsibility of the AWS customer? (Choose two.)

A. Ensuring that application data is encrypted at rest

B. Ensuring that AWS NTP servers are set to the correct time

C. Ensuring that users have received security training in the use of AWS services

D. Ensuring that access to data centers is restricted

E. Ensuring that hardware is disposed of properly

Q3 - Which of the following services falls under the responsibility of the customer to maintain operating system configuration, security patching, and networking?

A. Amazon RDS

B. Amazon EC2

C. Amazon ElastiCache

D. AWS Fargate

Q4 - Amazon Relational Database Service (Amazon RDS) offers which of the following benefits over traditional database management?

A. AWS manages the data stored in Amazon RDS tables.

B. AWS manages the maintenance of the operating system.

C. AWS automatically scales up instance types on demand.

D. AWS manages the database type.

Q5 - Which of the following is a component of the shared responsibility model managed entirely by AWS?

A. Patching operating system software

B. Encrypting data

C. Enforcing multi-factor authentication

D. Auditing physical data center assets

Q6 - Which of the following tasks is the responsibility of AWS?

A. Encrypting client-side data

B. Configuring AWS Identity and Access Management (IAM) roles

C. Securing the Amazon EC2 hypervisor

D. Setting user password policies

Q7 - According to the AWS shared responsibility model, what is the sole responsibility of AWS?

A. Application security

B. Edge location management

C. Patch management

D. Client-side data

Q8 - Which AWS IAM feature is used to associate a set of permissions with multiple users?

A. Multi-factor authentication

B. Groups

C. Password policies

D. Access keys

Q9 - Which of the following services provides on-demand access to AWS compliance reports?

A. AWS IAM

B. AWS Artifact

C. Amazon GuardDuty

D. AWS KMS

Q10 - As part of the AWS shared responsibility model, which of the following operational controls do users fully inherit from AWS?

A. Security management of data center

B. Patch management

C. Configuration management

D. User and access management

3. Read More

  1. AWS Shared Responsibility Model* https://aws.amazon.com/compliance/shared-responsibility-model/

  2. AWS IAM* https://aws.amazon.com/iam/

  3. Amazon Inspector https://aws.amazon.com/inspector/

  4. AWS Shield https://aws.amazon.com/shield/

  5. AWS Compliance Center https://atlas.aws/

  6. AWS Artifact https://aws.amazon.com/artifact/

  7. AWS DDoS Best practice https://d1.awsstatic.com/whitepapers/Security/DDoS_White_Paper.pdf

  8. Amazon GuardDuty https://aws.amazon.com/guardduty/

  9. AWS Config https://aws.amazon.com/config/

  10. AWS Trusted Advisor Best Practice https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/

  11. AWS Shield Standard vs Advanced https://console.aws.amazon.com/wafv2/shield?#/ddp/onboard/info

  12. How AWS Shield works https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html