AWS Associate & Security L-3
Preventing Data Breaches with AWS Security
Challenge:
An e-commerce company accidentally exposed customer data in an S3 bucket due to a misconfiguration. Additionally, unauthorized login attempts were detected, indicating a credential compromise and also website has down.
Solution: Detection
Amazon Macie detected exposed PII in S3.
AWS GuardDuty flagged suspicious API activity.
AWS CloudTrail tracked unauthorized IAM access.
AWS WAF&SHIELD provide protection of common attack or DDOS protection.
Mitigation:
S3 Block Public Access secured the bucket.
IAM Least Privilege restricted permissions.
AWS Secrets Manager rotated compromised credentials.
AWS WAF & Shield protected against malicious traffic.
Prevention:
AWS Security Hub for continuous threat monitoring.
AWS Config for enforcing security compliance.
Multi-Factor Authentication (MFA) enabled for IAM users.
Outcome:
✔ Data secured within minutes.
✔ Unauthorized access blocked.
✔ Regulatory compliance maintained.
Question 1.
Which AWS service provides DDoS protection?
Question 2.
Which AWS service helps detect security threats?
Question 3.
Which AWS service manages encryption keys?
Question 4.
Which AWS feature allows setting security rules at the subnet level?
Question 5.
Which AWS service helps classify and protect sensitive data?
Question 6.
Which AWS service provides centralized logging?
Question 7.
Which AWS service scans for vulnerabilities in EC2 instances?
Question 8.
Which AWS feature controls user access permissions?
Question 9.
Which AWS service provides a Web Application Firewall?
Question 10.
Which AWS feature acts as a firewall for EC2 instances?
Question 11.
Which AWS service helps securely store and retrieve credentials?
Question 12.
Which AWS service provides hardware-based key storage?
Question 13.
Which AWS security service continuously monitors compliance?
Question 14.
Which AWS service prevents unauthorized access at the subnet level?
Question 15.
Which AWS service detects and protects against credential leaks?
Question 16.
Which AWS service provides identity federation?
Question 17.
Which AWS service automatically rotates secrets like database passwords?
Question 18.
Which AWS service helps detect public access to S3 buckets?
Question 19.
Which AWS service monitors API calls for security auditing?
Question 20.
Which AWS service blocks malicious traffic at the application layer?
Question 21.
Which AWS service provides real-time threat intelligence?
Question 22.
Which AWS service prevents SQL injection and XSS attacks?
Question 23.
Which AWS feature enforces MFA (Multi-Factor Authentication)?
Question 24.
Which AWS service allows centralized security management across multiple accounts?
Question 25.
Which AWS service provides a managed firewall for VPC?
Question 26.
Which AWS feature helps detect unused permissions in IAM policies?
Question 27.
Which AWS service encrypts data at rest and in transit?
Question 28.
Which AWS service provides compliance automation for security audits?
Question 29.
Which AWS service detects and prevents credential compromise?
Question 30.
Which AWS service enables fine-grained permissions for services?
Question 31.
Which vulnerability allowed unauthorized access to Microsoft Azure's Cosmos DB, potentially exposing thousands of databases?
Question 32.
In 2025, which type of cyber attack is anticipated to surge, targeting critical infrastructure and employing double extortion techniques?
Question 33.
Which emerging technology poses a significant threat to current encryption methods, potentially leading to a 'Quantum Apocalypse'?
Question 34.
Which vulnerability in Azure Active Directory allowed modification of Bing.com search results and potential credential theft?
Question 35.
Which type of attack involves hackers exploiting misconfigured cloud storage to access sensitive data?
Question 36.
Which recent attack targeted Kubernetes clusters for unauthorized crypto mining?