Question
click below
click below
Question
Normal Size Small Size show me how
AWS-CFM4-CS
Module 4 AWS Cloud Security - AWS Academy Cloud Foundations MOOC
Question | Answer |
---|---|
What is the shared responsibility model in AWS? | The costumer is responsable of the security in the cloun and AWS is responsable of the security of the cloud |
AWS is responsible for the security of: | Hardware, software, networking and facilities (availability zones, edge points and data centers) |
The costumer is responsible for the security of: | The data it puts in aws, (either in rest or in transit), management of user sessions and logins, and the configure secure networks |
What permissions have IAM users (Identity and Access Management) when they are created | By default they don't have permissions for anything |
What is the functions of the permission in IAM users? | Assign which resources and operations are available to which users |
How do you grant permissions to an IAM user? | By creating an IAM policy |
How is the scope of IAM configurations? | The scope is global, and it's set over all AWS regions |
How IAM does determine permissions? | It uses implicit deny, if a resource is not explicitly allowed, is assumed it's deny. |
Ways to assign permissions in AWS? | Only two ways: |
Essential components of IAM | IAM users, IAM groups, IAM permission policies, IAM roles |
Types of IAM polices | There are twi, identity based and resource based |
Every call to an was service is an API call? | true |