Bash, the Crucial Exams Chat Bot
AI Bot
AWS Security and Identity Management Flashcards
| Front | Back |
| Describe the principle of least privilege in AWS IAM | Grant only the permissions required to perform a task |
| Explain the difference between an IAM role and an IAM user | IAM user has credentials for long term access; IAM role provides temporary credentials assumed by services or users |
| How can you enforce MFA for IAM users | Create an IAM policy with a condition that requires MFA authentication |
| How do NACLs differ from security groups | NACLs operate at the subnet level and are stateless; security groups are stateful at the instance level |
| How do you implement resource based policies | Attach policies directly to AWS resources like S3 buckets or SNS topics to control access |
| How do you secure data in transit in AWS | Use TLS for all communications; enable VPC endpoints for secure AWS service traffic |
| How does AWS CloudHSM differ from AWS KMS | CloudHSM provides dedicated hardware key storage; KMS is a managed key service that uses HSMs behind the scenes |
| How does AWS Shield protect resources | Provides DDoS protection at network and application layers with automated detection and mitigation |
| How does IAM policy evaluation logic work | It checks for explicit deny then explicit allow and defaults to deny |
| What are AWS Security Hub best practices | Enable continuous compliance checks consolidate findings and automate remediations |
| What is a VPC security group | A virtual firewall that controls inbound and outbound traffic at the instance level |
| What is Amazon Cognito | A user identity management service for web mobile and IoT apps; supports authentication authorization and user pools |
| What is an AWS Organizations service control policy | It defines permission guardrails for AWS accounts within an organization |
| What is an IAM managed policy | A standalone policy created and administered by AWS or your account that can be attached to multiple identities |
| What is AWS KMS | AWS Key Management Service used to create manage and control encryption keys |
| What is AWS Single Sign On | A cloud service to manage SSO access to multiple AWS accounts and business applications |
| What is AWS WAF | A web application firewall that protects applications from common web exploits |
| What is envelope encryption | Use a data key to encrypt data then encrypt the data key with a master key |
| What is the purpose of AWS IAM Access Analyzer | It analyzes resource policies to identify public or cross account access risks |
| What is the purpose of IAM policies | They define permissions that allow or deny actions on AWS resources |
Front
What is AWS WAF
Click the card to flip
Back
A web application firewall that protects applications from common web exploits
Front
What is Amazon Cognito
Back
A user identity management service for web mobile and IoT apps; supports authentication authorization and user pools
Front
How does IAM policy evaluation logic work
Back
It checks for explicit deny then explicit allow and defaults to deny
Front
What is the purpose of AWS IAM Access Analyzer
Back
It analyzes resource policies to identify public or cross account access risks
Front
What is envelope encryption
Back
Use a data key to encrypt data then encrypt the data key with a master key
Front
Explain the difference between an IAM role and an IAM user
Back
IAM user has credentials for long term access; IAM role provides temporary credentials assumed by services or users
Front
How does AWS Shield protect resources
Back
Provides DDoS protection at network and application layers with automated detection and mitigation
Front
Describe the principle of least privilege in AWS IAM
Back
Grant only the permissions required to perform a task
Front
What is a VPC security group
Back
A virtual firewall that controls inbound and outbound traffic at the instance level
Front
What are AWS Security Hub best practices
Back
Enable continuous compliance checks consolidate findings and automate remediations
Front
How can you enforce MFA for IAM users
Back
Create an IAM policy with a condition that requires MFA authentication
Front
How do you secure data in transit in AWS
Back
Use TLS for all communications; enable VPC endpoints for secure AWS service traffic
Front
How do you implement resource based policies
Back
Attach policies directly to AWS resources like S3 buckets or SNS topics to control access
Front
What is an IAM managed policy
Back
A standalone policy created and administered by AWS or your account that can be attached to multiple identities
Front
What is the purpose of IAM policies
Back
They define permissions that allow or deny actions on AWS resources
Front
How do NACLs differ from security groups
Back
NACLs operate at the subnet level and are stateless; security groups are stateful at the instance level
Front
What is AWS Single Sign On
Back
A cloud service to manage SSO access to multiple AWS accounts and business applications
Front
What is AWS KMS
Back
AWS Key Management Service used to create manage and control encryption keys
Front
What is an AWS Organizations service control policy
Back
It defines permission guardrails for AWS accounts within an organization
Front
How does AWS CloudHSM differ from AWS KMS
Back
CloudHSM provides dedicated hardware key storage; KMS is a managed key service that uses HSMs behind the scenes
1/20
Focuses on AWS security services and best practices, including IAM roles and policies, VPC security, encryption, compliance, and identity management strategies for securing AWS environments.