Bash, the Crucial Exams Chat Bot
AI Bot
AWS Security and Identity Management Flashcards
AWS Certified Solutions Architect Associate SAA-C03 Flashcards
| Front | Back |
| Describe the principle of least privilege in AWS IAM | Grant only the permissions required to perform a task |
| Explain the difference between an IAM role and an IAM user | IAM user has credentials for long term access; IAM role provides temporary credentials assumed by services or users |
| How can you enforce MFA for IAM users | Create an IAM policy with a condition that requires MFA authentication |
| How do NACLs differ from security groups | NACLs operate at the subnet level and are stateless; security groups are stateful at the instance level |
| How do you implement resource based policies | Attach policies directly to AWS resources like S3 buckets or SNS topics to control access |
| How do you secure data in transit in AWS | Use TLS for all communications; enable VPC endpoints for secure AWS service traffic |
| How does AWS CloudHSM differ from AWS KMS | CloudHSM provides dedicated hardware key storage; KMS is a managed key service that uses HSMs behind the scenes |
| How does AWS Shield protect resources | Provides DDoS protection at network and application layers with automated detection and mitigation |
| How does IAM policy evaluation logic work | It checks for explicit deny then explicit allow and defaults to deny |
| What are AWS Security Hub best practices | Enable continuous compliance checks consolidate findings and automate remediations |
| What is a VPC security group | A virtual firewall that controls inbound and outbound traffic at the instance level |
| What is Amazon Cognito | A user identity management service for web mobile and IoT apps; supports authentication authorization and user pools |
| What is an AWS Organizations service control policy | It defines permission guardrails for AWS accounts within an organization |
| What is an IAM managed policy | A standalone policy created and administered by AWS or your account that can be attached to multiple identities |
| What is AWS KMS | AWS Key Management Service used to create manage and control encryption keys |
| What is AWS Single Sign On | A cloud service to manage SSO access to multiple AWS accounts and business applications |
| What is AWS WAF | A web application firewall that protects applications from common web exploits |
| What is envelope encryption | Use a data key to encrypt data then encrypt the data key with a master key |
| What is the purpose of AWS IAM Access Analyzer | It analyzes resource policies to identify public or cross account access risks |
| What is the purpose of IAM policies | They define permissions that allow or deny actions on AWS resources |
Focuses on AWS security services and best practices, including IAM roles and policies, VPC security, encryption, compliance, and identity management strategies for securing AWS environments.