Shared Responsibility | Identity and Access Management (IAM) | Organizations | Compliance | Potpourri |
---|---|---|---|---|
e.g. Physical location
What is something AWS is responsible for securing? (many answers possible)
|
False
True or false: IAM groups can be nested inside of each other.
|
True
True or false: Organizations can be nested inside of each other.
|
AWS Config
What is the name of the service that keeps a history of your configurations, then monitors and flags same?
|
AWS Key Management Services (KMS)
This AWS service manages security keys for many other services.
|
e.g. application security
What is something the customer is responsible for securing? (many answers possible)
|
No
A user is granted access to an S3 bucket by a policy but has an explicit "deny" rule for that bucket in their account policy. Do they get access?
|
Organizational Unit
What does OU stand for in the context of Organizations?
|
AWS Artifact
What is the name of the AWS service that provides on demand compliance/security documents?
|
AWS Shield
This security service primarily safeguards against DDoS (Distributed Denial of Serivce) attacks.
|
The Customer
Who is responsible for security "inside" of the cloud?
|
The Principle of Least Privilege
By default, new IAM user accounts have no access to anything. This is an example of what?
|
The "master" account.
What is the name of the account that manages other accounts and is usually related to the root account?
|
HIPAA
Name the particular privacy-related Act of Congress that Jorge gave us in the video.
|
Multi-Factor Authentication
What does MFA stand for in the AWS security context?
|
AWS
A team of commandos has broken into the physical data center and ran off with a hard drive that contains your data. According to Shared Responsibility, who is responsible (AWS or the customer)?
|
AWS Role
I want to give Joe temporary access to the database server just for tonight so he can do upkeep. Is this better done through a new user account, a role, or a group?
|
It sets the maximum access for whomever the policy is attached to. It does not grant access or deny access.
What type of permissions does a Service Control Policy (SCP) set?
|
AWS GovCloud
What is the name of the Region used by the US government to meet agency requirements for regulatory compliance?
|
AWS Certificate Manager
What is the name of the service that manages TLS and SSL certificates?
|
Customer
A black hat hacker has accessed your secure data.
According to Shared Responsibility, who is responsible (AWS or the customer)? |
Organizations manages AWS accounts, IAM manages IAM/customer-created accounts
What is the key difference between IAM and Organizations?
|
A HTTPS query program.
OK, this is *really* obscure: In Module 2, it was explained that you could access AWS via AWS Management Console, AWS CLI, AWS SDKs, or what method?
|
alignments/frameworks (basically software reasons to need compliance)
The three broad categories of types of compliance issues is: Certifications/attestations, laws/regulations/privacy, or what?
|
Access Control Lists (ACLs)
Jorge briefly mentioned an older security approach that you can technically use with AWS but it is not encouraged.
|