Shield could protect Layer ____ and Layer ____	3 and 4
If is necessary protection against Layer 3 and 4 about DDoS, think in .....?	AWS Shield
Cloudtrail is like a ________ for your AWS Account	CCTV
What kind of logs store CloudTrail?	Logs all API call made to your AWS Account
In which place is store the CloudTrail logs?	These logs in S3
App have EC2 behind an ELB. They need next requirements: a) Ensure that notifications are sent when the read request go beyond 1000 request per minute. b) Ensure that notifications are sent when the latency goes beyond 10 seconds. c) Monitor all AWS API request activities	a) and b) is possible with cloudwatch metrics c) is possible with cloudtrail
Monitor API activity for all regions and for future regions. How we could fulfill requirement?	Ensure one Cloudtrail is enable for all regions. Once enable it's apply for future regions.
If is necessary protection against Layer 7 about DDoS, think in .....? If is necessary protection against SQL injections and cross-site think in?	WAF
GuardDuty monitor	GuardDuty is a intelligent threat detection and monitor CloudTrail logs, VPC flow logs, DNS logs
Macie	Macie uses AI to analyze data in S3 Usefull to HIPAA and GDPR compliance
Inspector is usefull to	It's used to perform vulnerability scans on EC2 and VPCs
how often do you can run Host assessments and network assessment with Inspector	weekly and you could run alternatively or once.
what is a KMS	It is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data.
3 ways to control permissions	Use the key policy. Means the full scope of access to the CMK is defined in a single document. Use IAM policies in combination with the key policy. Use grants in combination with the key policy.
KMS VS CloudHSM	KMS Shared tenancy of underlying hardware Automatic key rotation Automatic key generation CloudHSM (Hardware Security Module) Dedicated HSM to you Full control of underlying hardware Full control of users, groups, key No automatic key rotation
Ho encrypt data in Redshift database?	Use AWS KMS Customer Default master key. Use hardware security module (HSM) to manage the top-level encryption keys.
app use Amazon kinesis Producer Library (KPL) to put records to an encrypted Kinesis data stream. However, when your application runs, there is an unauthorized KMS master key permission error. How would resolve the problem?	In the KMS key policy, assign the permission to the application to access the key.
Using S3 buckets to save sensitive information. You need all data at rest in the bucket are encrypted. All the key need to be managed by the in-house Security team. what are the best practice to encrypt all data?	Generate a data key using Customer Managed Key (CMK. Encrypt data with plaintext data key & delete plaintext data key. Store encrypted data key & data in S3 buckets. For decryption, use CMK to decrypt the Encrypted data key into the plaintext data key & then decrypt data using the Plaintext data key.
Secret Manager can be used to securely store your applications secrets for:	Database credentias, API keys, SSH keys, passwords, etc
Applications use the ______________ to keep safe or recover the secrets	Secrets Manager API
Secrets Manager can be used to securely store your application secrets from:	Database credentisl API Keys SSH keys password
If is necessary to share private files from S3 buckets	Presigned URLs is the answer
Not explicitly allowed	Equal to implicitly denied
Explicity deny	> everything else
AWS Certificate Manager	Service to integrate or provide SSL certificates. Automatically renew SSL Certificates and rotate the old certificates with the new certificates.
What allow CloudTrail?	After-the-fact incident investigation Near real-time intrusion detection Industry and regulatory compliance

Descubre

Crear Tarjetas

Acerca de Nosotros

Explore Tarjetas

Comparta este Set de Tarjetas de Aprendizaje

Certified Solutions Arquitect-Associate

Cómo estudiar sus tarjetas

Rango de Cartas a estudiar

26 Cartas en este set