Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
36 Cards in this Set
- Front
- Back
What is the AWS shared responsibility model? |
|
|
What is an ISMS, and what is its significance? |
Information Security Management System - this can be thought of as a domain where you own a part and AWS owns a part |
|
Which 3 parts are WE broadly responsible for keeping secure across the AWS set of technology? |
|
|
Which types of services can have security applied? |
|
|
In the example of EC2, what would AWS be responsible for keeping secure? |
|
|
In the example of EC2, what 7 things would we be responsible for securing, or using to secure? |
|
|
What is IAM? |
The service to manage users/groups, credentials and permission policies |
|
What are access keys used for? |
Programmatic interaction with the API (via SDK or CLI) |
|
What are infrastructure services defined as? Which level of technology must we keep secure? |
|
|
What are containers services defined as? Which level of technology must we keep secure? |
|
|
What are abstracted services? |
|
|
EC2 instances allow access via SSH when they you create one from an AMI - how is this different from access keys? |
These are for access to the operating system of the EC2 instance, not to the AWS API |
|
What security options do I have the option of when using infrastructure services to secure user data? |
|
|
What security options do I have the option of when using infrastructure services to access a given set of resources? |
|
|
With container services, AWS takes responsibility for the infrastructure AND the O/S. What must you set up? |
|
|
When it comes to abstracted services, there is very little left for us to configure. What options are we left with to secure these kinds of resources? |
|
|
What is the Trusted Advisor tool? |
A tool for analysing your security configuration for mistakes and optimisation opportunities |
|
What would the AWS account be defined as? |
The account that represents a relationship between you and AWS - where the billing gets done. |
|
What are IAM users and their relationship to the AWS account? There are 2 parts to the answer. |
|
|
What is the best practice for creating users? |
One IAM user per individual, i.e. no two people sharing an AWS identity. |
|
What is the best practice for the permissions of a user? |
|
|
What is a policy? |
The mapping between a resource (e.g. EC2 instance, S3 bucket) and a set of permissions on that resource |
|
How do IAM roles with temporary credentials work? |
|
|
How would an IAM role work with temp credentials allow an EC2 resource access to read from an S3 bucket? |
|
|
How do IAM roles work to allow cross-account access? |
You create a policy in your AWS account that allow access to a subset of your resources to another AWS Account |
|
How do IAM roles work with federated access? |
|
|
What kind of policies are there to authorise access to a resource? |
|
|
Which 5 strategies are there for protecting data at rest and what are their use cases? |
|
|
Which strategies are there for protecting data in transit and what is their use case? |
|
|
What is VPC used for? |
You can build private clouds within the AWS public cloud |
|
If I want to ensure my VPC isn't reachable from the internet, how can I achieve this? |
Use a private subnet. e.g a 172. or 10. space as per RFC 1918 |
|
If I want to allow internet connections to say EC2 instances, but not to the DB server behind it, how can I achieve this? |
Create a VPC just for the EC2 instances, and then allocate an elastic IP address to those (TBC) |
|
What is the concept of an security zones vs a traditional network segment ? |
|
|
What 6 methods are there to control access to network segments? |
|
|
What are ACLS and how do they work? |
They are an additional layer of security for a network VPC. You modify this to tighten/relax access |
|
What is a threat protection layer? |
An extra level of servers between your apps and the ELB. |