A Managing AWS Identity and Access Management IAM B Securing edge locations C

A managing aws identity and access management iam b

This preview shows page 132 - 144 out of 184 pages.

A. Managing AWS Identity and Access Management (IAM) B. Securing edge locations C. Monitoring physical device security D. Implementing service organization Control (SOC) standards
Image of page 132
151 Question 3 Which of the following security requirements are managed by AWS customers? Select 2 answers from the options given below. A. Password Policies B. User permissions C. Physical security D. Disk disposal E. Hardware patching
Image of page 133
152 Question 4 How can the AWS Management Console be secured against unauthorized access? A. Apply Multi-Factor Authentication (MFA) B. Set up a secondary password C. Request root access privileges D. Disable AWS console access
Image of page 134
153 Question 5 When giving permission to users via the AWS Identity and Access Management tool, which of the following principles should be applied when granting permissions? A. Principle of least privilege B. Principle of greatest privilege C. Principle of most privilege D. Principle of lower privilege
Image of page 135
154 Security Services Summary 1 Layered Security Approach 2 Identity and Access Management IAM Users Groups Roles 3 Best Practices Roles Root Account 3 AWS Directory Services 4 Key Management Services 5 AWS Shield
Image of page 136
155 AWS Management Services Amazon EC2 Amazon ECS AWS Lambda Auto Scaling Compute Amazon RDS Amazon DynamoDB Amazon Aurora Amazon ElastiCache Databases Security IAM AWS KMS AWS Shield AWS WAF Elastic Load Balancing* Amazon VPC* Amazon Route 53 VPN connection Application Load Balancer AWS Direct Connect Networking Storage Amazon S3 Amazon Glacier Amazon EBS Amazon CloudWatch AWS CloudFormation AWS CloudTrail AWS Config Management Amazon EC2 Systems Manager Amazon EFS AWS Storage Gateway
Image of page 137
156 Monitoring service for AWS cloud resources and applications Collect and track metrics, monitor log files, and set alarms Gain visibility into resource utilization, application performance, and operational health Set alarms to send notifications or take other automated actions Supports custom dashboards Use cases: Cost management; billing alerts AWS CloudWatch
Image of page 138
157 Amazon CloudWatch Alarms AWS resources that support CloudWatch Amazon CloudWatch Available statistics Statistics Consumer AWS Management Console CloudWatch Metrics CPUUtilization StatusCheckFailed Custom Application- Specific Metrics PageViewCount Amazon CloudWatch alarm Amazon SNS email notification Auto Scaling
Image of page 139
158 CloudWatch Metrics Examples
Image of page 140
159 Permits governance, compliance, audit. Logs API calls. Security analysis. Tracking of resource changes. Problems solution. AWS CloudTrail CloudTrail provides the event history of AWS account activity Who did that?!
Image of page 141
160 CloudFormation: Infrastructure as Code AWS CloudFormation allows you to launch, configure, and connect AWS resources with JSON or YAML templates. Template Stack AWS CloudFormation Engine JSON/YAML-formatted file describing the resources to be created Treat it as source code: put it in your repository AWS service component Interprets AWS CloudFormation template into stacks of AWS resources A collection of resources created by AWS CloudFormation Tracked and reviewable in the AWS Management Console
Image of page 142
161
Image of page 143
Image of page 144

You've reached the end of your free preview.

Want to read all 184 pages?

  • Spring '16
  • Amazon Web Services, AWS, Amazon Elastic Compute Cloud

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture