Bash, the Crucial Exams Chat Bot
AI Bot
AWS Security and Compliance for DevOps Flashcards
AWS DevOps Engineer Professional DOP-C02 Flashcards
Study our AWS Security and Compliance for DevOps flashcards for the AWS DevOps Engineer Professional DOP-C02 exam with 30+ flashcards. View as flashcards, a searchable table, or as a fun matching game.
| Front | Back |
| How can Amazon Macie contribute to security compliance | By discovering, classifying, and protecting sensitive data such as Personally Identifiable Information (PII) |
| How can AWS Inspector assist with application security | By automatically assessing vulnerabilities and compliance in applications running on AWS resources |
| How can AWS Key Management Service (KMS) enhance data security | By managing encryption keys used to secure data within your AWS environment |
| How can encryption protect data at rest in AWS | By encoding data so unauthorized users cannot access it without the encryption key |
| How can resource policies enhance security in AWS | By defining conditions under which a resource can be accessed |
| How can security groups improve instance-level security | By allowing you to define inbound and outbound traffic rules for EC2 instances |
| How can Systems Manager Parameter Store improve secrets management | By securely storing configuration data and sensitive information |
| How can tags be utilized for compliance in AWS resources | By labeling resources for easier auditing and management |
| How does AWS Shield protect against DDoS attacks | By providing managed protection against volumetric and application-layer attacks |
| How does AWS Trusted Advisor help improve security in your AWS account | By providing security recommendations on best practices and identifying potential vulnerabilities |
| How does AWS WAF increase application security | By letting you create rules to block or allow unexpected traffic patterns |
| How does Multi-Factor Authentication (MFA) add security to AWS accounts | By requiring a password and a secondary form of verification to access accounts |
| What AWS feature allows restricting access to resources based on the originating IP address | Network Access Control Lists (NACLs) |
| What AWS service helps developers find application code vulnerabilities | Amazon CodeGuru |
| What AWS service provides centralized secrets management for applications | AWS Secrets Manager |
| What AWS tool helps enforce compliance through automated security checks | AWS Security Hub |
| What is AWS Organizations' role in managing compliance | By centralizing governance and management across multiple AWS accounts |
| What is the benefit of automating security in DevOps workflows | By consistently applying security measures across development, testing, and deployment stages |
| What is the benefit of enabling AWS GuardDuty | To detect and protect against unauthorized and malicious activity such as account compromise |
| What is the importance of logging in AWS security workflows | To provide visibility into events and activities for analysis and troubleshooting |
| What is the principle of least privilege in IAM | Granting users and services only the permissions they need to perform their tasks |
| What is the purpose of IAM roles in AWS workflows | To grant permissions to trusted entities like services or applications for secure resource access |
| What is the purpose of using VPC endpoints in AWS security | To securely connect to AWS services without exposing traffic to the internet |
| What is the role of AWS Config in maintaining compliance | To track resource configurations and evaluate them against compliance rules |
| What is the Shared Responsibility Model in AWS | A framework dividing security responsibilities between AWS and the customer |
| What is the significance of using S3 Bucket Policies | To customize access permissions for data stored in specific S3 buckets |
| Which AWS service allows secure storage and retrieval of encryption keys in FIPS 140-2 validated hardware | AWS CloudHSM |
| Which AWS service enables you to monitor API calls and account activity for security auditing purposes | AWS CloudTrail |
| Why is it essential to perform routine audits of IAM policies and roles | To identify overly permissive permissions and improve security posture |
| Why is rotating IAM access keys an essential security practice | To reduce the risk of unauthorized access in case keys become compromised |
About the Flashcards
Flashcards for the AWS DevOps Engineer Professional exam give you a concise way to review the core security and governance skills tested on AWS. Each card drills you on Identity and Access Management roles, encryption options, secrets storage, and the shared responsibility model so you can quickly recall how permissions, keys, and data protections work in the cloud.
The deck also reinforces monitoring, logging and threat-detection services such as CloudTrail, GuardDuty, Inspector, and Security Hub, plus network safeguards like security groups, NACLs, WAF, and Shield. Compliance tools-Config, Organizations, tags, and policy automation-round out coverage, ensuring you understand how to audit resources and apply least-privilege principles in DevOps pipelines.
Topics covered in this flashcard deck:
- IAM and least privilege
- Encryption & key management
- Monitoring and logging
- Threat detection services
- Network & application firewalls
- Compliance automation