[Recap] Day 3: Security Management on AWS [AWS Solution Architect Associate] [SAA-C03]

AWS WAF

Q5. On which layer does AWS WAF work?
Ans. AWS WAF is a web application firewall (WAF) that helps you protect your websites and web applications against various attack vectors at the application layer (OSI Layer 7).

Q6. Is AWS WAF global or regional?
Ans. For a CloudFront distribution, AWS WAF is available globally, but you must use the Region US East (N. Virginia) for all of your work. You must create your web ACL using the Region US East (N. Virginia).

Also Check: What is AWS SNS?

AWS Shield

AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. When you use AWS Shield Standard with Amazon CloudFront and Amazon Route 53, you receive comprehensive availability protection against all known infrastructure (Layer 3 and 4) attacks.

Q7. What is the difference between AWS Shield and WAF?
Ans. AWS WAF is a firewall that can protect you from multiple types of attacks and provide various options for whitelisting. AWS Shield is a single-purpose service. In contrast, AWS Shield is a managed Distributed Denial of Service (DDoS) protection tool for your AWS-based applications.

Q8. Is AWS Shield automatic?
Ans. AWS Shield Standard is automatically enabled for all AWS customers at no additional cost. AWS Shield Advanced provides additional protections against more sophisticated and larger attacks for your applications running on Amazon EC2, Elastic Load Balancing (ELB), Amazon CloudFront, AWS Global Accelerator, and Route 53.

Also Check: What is AWS Auto Scaling?

AWS Key Management Service (KMS)

AWS Key Management Service (KMS) makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications. AWS KMS is integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.

Q9. Does AWS have access to my KMS keys?
Ans. When you create a key in KMS, it is called a Customer Master Key, or CMK. The CMK is actually a data structure that contains your symmetric key and metadata about the key. The CMK is protected by an Amazon HSM key. The AWS Key Management Service provides encryption keys, and both you and Amazon have access to the key.

Q10. What is the maximum data size supported by AWS KMS?
Ans. The size limit is 4KB. If you want to digitally sign data larger than 4KB, you have the option to create a message digest of the data and send it to AWS KMS.

Also Check Our blog post on Amazon AWS Cognito.

Quiz Time (Sample Exam Questions)!

With our AWS Solution Architect Associate training program, we cover 250+ sample exam questions to help you prepare for the certification SAA-C03.

Check out one of the questions and see if you can crack this…

Ques. Which of the following services can be used as a web application firewall in AWS?

A. AWS EC2
B. AWS WAF
C. AWS Firewall
D. AWS Protection

Comment down your answer below in the comment box. The right answer will be revealed in my next week’s blog.

Here is the answer to the question shared last week.

Ques. Which AWS service or feature can be used to monitor CPU usage?

A. AWS CloudTrail
B. VPC Flow Logs
C. Amazon CloudWatch
D. AWS Config

Correct Answer: C
Explanation:– Amazon CloudWatch is a monitoring and management service that provides data and actionable insights for AWS, hybrid, and on-premises applications and infrastructure resources.

Also Read: Our blog post on AWS Solution Architect Interview Questions.

Feedback

We always work on improving and being the best version of ourselves from the previous session hence constantly asking for feedback from our attendees.

Here are the feedbacks that we received from our trainees who attended the session…