Cloud Foundations - D282 (Security and Compliance)

Cloud Foundations - D282 (Security and Compliance) Leave the first rating Students also studied Terms in this set (63) Western Governors UniversityD 282 Save Cloud Foundations - D282 (Cloud C...37 terms shaunacontumelio Preview AWS Cloud Practitioner Exam Quest...195 terms psighPreview AWS Certified Cloud Practitioner CL...Teacher 100 terms Tutorials_Dojo Preview

D385 S

69 terms sde Practice questions for this set Learn1 / 7Study using Learn Can you retrieve a deleted access key?What is the number of security groups per VPX or per region?500 Which AWS feature provides a constant monitoring service that assists in locating and solving malicious security breaches within your AWS infrastructure?Amazon GuardDuty What mode within IPSec has both the source and destination hosts performing cryptographic functions?Transport Mode Choose an answer 1Yes2No Don't know?

According to the AWS shared responsibility model, which entity is responsible for protecting the AWS infrastructure that runs all of the services offered in the AWS Cloud?

AWS Which service protects again SQL injection and cross-site scripting attacks?AWS Web Application Firewall (WAF) Which tool checks the compliance in IAM configurations to make sure it has a secure access to respective AWS resource, and validates ports 22, 3389, and 5500?Trusted Advisor Tool According to the AWS shared responsibility model, which entity is responsible for the patching of guest OSes and applications?the customer Which section of the IAM policy determines what assets the IAM policy will use?The Resource section What are two security options used within Amazon S3 that can be used for preventing accidental delete action?Versioning and MFA Delete Which AWS service would you use to review the full history of changes made to your application's data?Amazon Quantum Ledger Database (QLDB) Which specific security component manages several IAM users and gives you the ability to specify security permissions for a given set of users?An AWS Identify and Access Management (IAM) group Which section of an IAM policy determines the behaviors and actions of what policy will allow?The Effects section Which section of AWS Artifact provides you with compliance reporting from third-party auditors?Artifact Reports According to the AWS shared responsibility model, who is responsible for maintaining the infrastructure for virtualization?

AWS Which standard requires companies to guarantee the secure processing and handling of the storing and transmission of credit card information?Payment Card Industry Data Security Standard (PCI-DSS) According to the AWS shared responsibility model, who is responsible for managing Availability Zones, Regions, and Edge Locations?

AWS What are software packages/services offered as a single package, which automate cloud security?Orchestration Systems Which IAM policies are created and managed by AWS? Manages Policies

Which document defines the security for a company's cloud controls, policies, responsibilities, and underlying technologies?Security Policy Document Which service provides DDoS protection?AWS Shield What allows multiple organizations to be able to use the same date for identification purposes?Federations Which component is a way of defining allowed or denied permissions for a user or resource by attaching this component?AWS Identity and Access Management (IAM) policies What is the term for a zone defined by a group of ports? Hard Zoning According to the AWS shared responsibility model, who needs to perform patching of the RDS database engines?

AWS Which cloud component focuses on firewalls, intrusion detection, and encryption?Security component Which AWS resource is considered a federated tool that allows you to have your own single sign-on using identity providers such as Microsoft Active Directory Federation Services (ADFS) or Google?AWS Cognito Which type of control involves passing control from AWS specifically back to the customer?Inherited Controls According to the AWS shared responsibility model, who needs to set up security groups for EC2 instances?The customer What would you use to ensuring the integrity of digital messages as they are sent from one system to another?Digital Signatures In which two locations does Amazon recommend you store access keys for IAM users?In the AWS credentials file and in the environment variables.Which type of control under the shared responsibility model is considered a shared control between customers and AWS?Patching, configuration, and training Can you retrieve a deleted access key?No What access control method determines access rights based on the data comparing with the security properties of the system?Mandatory Access Control (MAC)

What is defined as a framework/architecture which uses different protocols to provide integrity, confidentiality, and authentication of data over a TCP/IP network?IP Security (IPSec) How many access keys can you have for an IAM user or a root user?Two What is the type of AWS IAM policy that allows you to grant or deny permissions on AWS accounts or IAM users on specific objects within the Amazon S3 environment?A bucket policy According to the AWS shared responsibility model, which entity is responsible for identity and access management?The customer Which security mechanism secures access to storage resources by using an ordered list of permit and deny statements?A Storage Access Control list (ACL) Which service increases application compliance and reduces security concerns by continually scanning AWS workloads for vulnerabilities and unintended network exposure?Amazon Inspector What reduces the need to sign onto multiple systems to gain access?Single Sign-On (SSO) Where can you locate AWS compliance reports and access agreements made with AWS?AWS Artifact Which federal program outlines and standardizes security assessments, authorization, and continuous monitoring for cloud products/services?Federal Risk and Authorization Management Program (FedRAMP) According to the AWS shared responsibility model, which entity or entities is/are responsible for configuration management?It is shared by AWS and the customer.What is the security advantage of AWS Storage Snowball?It bypasses a connection to the Internet and avoids the cost and security concerns of network data transfer.According to the AWS shared responsibility model, who is responsible for upholding compliance standards in the cloud?Both the customer and AWS Which service allows you to perform data encryption using cryptographic keys?AWS Key Management Service (KMS) As a best practice what will you use for granting temporary access to employees?AWS Identity and Access Management (IAM) role