AWS Associate & Security L-2
Investigating a Security Incident
You are an AWS Certified Solutions Architect Associate with security expertise, working for an e-commerce company. A security alert is triggered due to unusual outbound traffic from an EC2 instance.
Investigation:
CloudTrail & GuardDuty detect unauthorized API calls from an IAM user.
IAM logs show multiple failed login attempts.
AWS Config reveals an open SSH port (22) to the public internet.
Mitigation & Response:
Disable compromised IAM user and rotate credentials.
Isolate the EC2 instance using VPC Security Groups.
Take snapshots for forensic analysis.
Implement MFA for all IAM users and enforce strict access control.
Use AWS Systems Manager Session Manager instead of SSH.
Update AWS WAF rules to block suspicious IPs.
Post-Incident Security Enhancements:
Enable AWS Security Hub for centralized security management.
Automate security responses using AWS Lambda (e.g., disabling compromised accounts).
Monitor continuously with Amazon GuardDuty and CloudWatch.
Question 1.
What AWS service provides compliance auditing and governance?
Question 2.
Which service is used for batch processing workloads?
Question 3.
What AWS service provides a pay-per-use API Gateway?
Question 4.
What AWS service provides distributed denial-of-service (DDoS) protection?
Question 5.
Which AWS service is used to automatically distribute traffic across multiple targets?
Question 6.
What service allows you to run containers without managing servers?
Question 7.
What AWS tool is used to create and manage access policies?
Question 8.
What AWS service helps manage machine learning models?
Question 9.
What service helps migrate databases to AWS?
Question 10.
Which AWS service allows you to securely store credentials and API keys?
Question 11.
What AWS service provides identity and access management?
Question 12.
What AWS service helps detect security anomalies in your AWS account?
Question 13.
Which AWS service is used to encrypt stored data?
Question 14.
What AWS service logs all API calls made in an AWS account?
Question 15.
What AWS service helps protect applications from SQL injection and XSS attacks?
Question 16.
What AWS service protects against DDoS attacks?
Question 17.
What AWS service scans your EC2 instances for vulnerabilities?
Question 18.
Which AWS security service continuously monitors AWS configurations?
Question 19.
Which AWS service enables secure secrets management?
Question 20.
What AWS service automatically detects and prevents fraud and abuse?
Question 21.
What AWS service helps classify sensitive data in S3?
Question 22.
What AWS security tool provides hardware security modules (HSMs)?
Question 23.
What AWS service provides single sign-on (SSO) access?
Question 24.
What AWS service provides multi-factor authentication (MFA)?
Question 25.
What AWS service allows federated access to AWS accounts?
Question 26.
What AWS service scans S3 buckets for security risks?
Question 27.
Which AWS security tool allows private network connections to AWS services?
Question 28.
Which service helps you securely manage and rotate encryption keys?
Question 29.
Which AWS service automatically remediates security compliance violations?
Question 30.
What AWS service is used for real-time security monitoring?