Here are the top interview questions on AWS security.
Security in AWS
1.What is ACL?
ACL is also called Access control list. ACL controls access AWS objects or resources. You can create access control list for the resources you want.
You can create inbound/outbound rules in ACL.
2. What is Security group in AWS?
A security group is different from ACL. A security group is virtual firewall for an instance( example EC2). Where you can define inbound/outbound rules.
3. What is AWF?
AWF is called AWS web application firewall. It is useful for web applications and APIs to protect them from exploits or SQL injections.
You can write your own rules.
4. What is AWS shield?
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection. There are two tiers of AWS Shield – Standard and Advanced.
5. What is Amazon inspector?
It is an automated security assessment service on AWS cloud. It enhances both security and compliance.
It provides detailed list of security findings in the form of variety of reports.
6. What is AWS GuardDuty?
It is fully managed anomalies detector. It is a kind of threat detecting service. It monitors flow-logs, CloudTrail, S3 data events, DNS activities etc.
7. What is AWS KMS?
KMS is also called Key management service. By default a key is created for each resource in a region.
Customers can can also create keys, and rules to control/manage them.
The purpose of KMS is to encrypt/decrypt the data. For example you can encrypt or decrypt the data that is present in S3 bucket.
Related
Srinimf 