Data sitting on an RDS instance would be referred to as?
Data at rest
Data at rest means data stored or archived on a device.
According to the Shared Responsibility Model, who is responsible for firewall and network configuration for EC2 Instances?
The customer
The customer is responsible for firewall and network configuration. Customers are responsible for "Security IN the Cloud". It also includes server-side encryption, client-side data protection, customer data protection, etc.
Which of the following services can you use to discover and protect your sensitive data in AWS?
Macie
Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS, such as personally identifiable information (PII) or intellectual property.
Which AWS service lets you quickly find the root of potential security issues to take faster actions?
Detective
Amazon Detective makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities.
A company would like to protect its web applications from common web exploits that may affect availability, compromise security, or consume excessive resources. Which AWS service should they use?
Web Application Firewall (WAF)
AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources.
Where can you find on-demand access to AWS compliance documentation and AWS agreements?
Artifact
AWS Artifact is your go-to, central resource for compliance-related information that matters to you.
You can perform any kind of penetration testing on any AWS service without prior approval.
False
Penetration Testing is allowed without prior approval on 8 services. DDoS, port flooding and protocol flooding are examples of prohibited activities.
You want to record configurations and changes over time. Which service allows you to do this?
Config
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
According to the Shared Responsibility Model, who is responsible for Patch Management?
AWS and the customer
AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. Shared Controls also includes Configuration Management, and Awareness and Training.
You want to centrally automate security checks across several AWS accounts. Which AWS service can you use?
Security Hub
AWS Security Hub provides you with a comprehensive view of your security state within AWS and your compliance with security standards and best practices.
Which of the following services is managed by AWS and is used to manage encryption keys?
KMS
AWS KMS is a managed service that enables you to easily create and control the keys used for cryptographic operations. It is managed by AWS.
A company would like to automate security on EC2 instances to assess security and vulnerabilities in these instances. Which AWS service should it use?
Inspector
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It helps you test the network accessibility of your Amazon EC2 instances and the security state of your applications running on the instances.
Which of the following actions does NOT require the root user?
Access the billing dashboard
This is an action that does not require the root user. By default, only the root user can access the billing dashboard, but you can attach a policy to an IAM user for it to access the billing dashboard
According to the Shared Responsibility Model, who is responsible for protecting hardware?
AWS
AWS is responsible for protecting hardware. AWS is responsible for "Security OF the Cloud". AWS is also responsible for the infrastructure that runs all services in the AWS Cloud, etc.
Which AWS service's ONLY role is to safeguard running applications from DDoS attacks?
Shield
Shield is only used to safeguard running applications from DDoS attacks.
Which service is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads?
GuardDuty
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads.
Which of the following options is NOT a situation where you should contact the AWS Abuse team?
Losing your MFA device
This is not a situation where you should contact the AWS Abuse team. The situations where you should contact the AWS Abuse team are: Spam, Port scanning, DoS or DDoS attacks, Intrusion attempts, Hosting objectionable or copyrighted content, Distributing malware.