Section 20: AWS Security and Encryption Flashcards Preview

AWS Associate Developer Exam > Section 20: AWS Security and Encryption > Flashcards

Flashcards in Section 20: AWS Security and Encryption Deck (10)
Loading flashcards...
1

To enable encryption in flight, we need to have
A) an HTTP endpoint with a SSL certificate
B) an HTTPS endpoint with a SSL certificate
C) a TCP endpoint

B) an HTTPS endpoint with a SSL certificate

encryption in flight = HTTPS, and HTTPs cannot be enabled without an SSL certificate

2

Server side encryption means that the data is sent encrypted to the server first
A) true
B) false

B) false

Server side encryptions means the server will encrypt the data for us. We don't need to encrypt it beforehand

3

In server side encryption, only the encryption happens on the server. Where does the decryption happen?

A) The Server
B) The Client

A) The Server

In server side encryption, the decryption also happens on the server (in AWS, we wouldn't be able to decrypt the data ourselves as we can't have access to the corresponding encryption key)

4

In client side encryption, the server must know our encryption scheme to accept the data
A) true
B) false

B) false

With client side encryption, the server does not need to know any information about the encryption being used, as the server won't perform any encryption or decryption tasks

5

We need to create User Keys in KMS before using the encryption features for EBS, S3, etc...
A) true
B) false

B) false

we can use the AWS Managed Service Keys in KMS, therefore we don't need to create our own keys

6

We'd like our Lambda function to have access to a database password. We should
A) Embed in the code
B) Have it as a plaintext environment variable
C) Have it as an encrypted environmental variable

C) Have it as an encrypted environmental variable

This is the most secure solution amongst the options

7

We would like to audit the values of an encryption value over time
A) We should use AWS KMS versioning feature
B) We should use S3
C) We should use SSM Parameter Store

C) We should use SSM Parameter Store

SSM Parameter Store has versioning and audit of values built-in directly

8

Under the shared responsibility model, what are you responsible for in RDS?
A) Security Group Rules
B) OS patching
C) Database Patching
D) Underlying Hardware Security

A) Security Group Rules

This are configured by us and we've done that extensively in the course

9

Your user-facing website is a high risk target for DDoS attack and you would like to get 24/7 support in case they happen, as well as AWS bill reimbursement for the incurred costs during the attacks. What service should you use?
A) AWS Shield Advanced
B) AWS WAF
C) AWS Shield
D) AWS DDoS OpsTeam

A) AWS Shield Advanced

10

You need an encryption service that supports asymmetric encryption schemes, and you want to manage the security keys yourself. Which service could you use?
A) CloudHSM
B) KMS
C) Parameter Store

A) CloudHSM