AWS security best practices (for example, the principle of least privilege)

Practice Test

True or False: The principle of least privilege in AWS security means giving the minimum necessary permissions to a user or a process.

• True
• False

Answer: True

Explanation: The principle of least privilege (PoLP) is a computer security concept in which a user is given the minimum levels of access necessary to complete his/her job functions.

Multiple Select: Which of the following actions should be taken to apply the Principle of Least Privilege in AWS IAM?

• a) Periodically review AWS IAM policies and roles
• b) Limit permissions to what is necessary
• c) Assign permissions to all users by default
• d) Use policy conditions for fine-grained control

Answer: a, b, d

Explanation: Periodically reviewing policies, limiting permissions, and using policy conditions are all best practices for applying the Principle of Least Privilege.

True or False: AWS IAM roles can be used to grant permissions to AWS services to interact with resources.

• True
• False

Answer: True

Explanation: IAM roles are an AWS identity with permission policies that determine what the identity can and can’t do in AWS.

Single Select: Which AWS service should be used to monitor for changes to your AWS resources?

• a) AWS Lambda
• b) AWS CloudTrail
• c) AWS DynamoDB
• d) AWS S3

Answer: b. AWS CloudTrail

Explanation: AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.

True or False: Regularly rotating credentials is not a recommended AWS security practice.

• True
• False

Answer: False

Explanation: Regularly rotating credentials is indeed a recommended security practice as it reduces the risk of stale or unnecessary permissions.

Multiple Select: Which of the following services help in managing encryption keys on AWS?

• a) AWS Key Management Service (KMS)
• b) AWS CloudTrail
• c) AWS Secrets Manager
• d) AWS Glue

Answer: a, c

Explanation: AWS KMS and AWS Secrets Manager are both conventionally used for managing encryption keys and secrets like database passwords.

True or False: You should provide your root user access keys to trusted AWS users.

• True
• False

Answer: False

Explanation: Providing your root user access keys is not advisable due to security reasons; you should rather create IAM users and grant them necessary permissions.

Single Select: What is recommended to protect data in transit within AWS?

• a) SSH
• b) SSL/TLS
• c) SFTP
• d) SCP

Answer: b. SSL/TLS

Explanation: AWS recommends using SSL/TLS to protect data in transit.

True or False: AWS allows sharing AMIs publicly.

• True
• False

Answer: True

Explanation: AWS allows sharing AMIs publicly, though it’s not recommended to share AMIs containing sensitive information.

Multiple Select: Which of the following practices help in increasing security for AWS S3 buckets?

• a) Using bucket policies
• b) Enabling versioning
• c) Enabling MFA delete
• d) Making all buckets public

Answer: a, b, c

Explanation: Using bucket policies, enabling versioning, and MFA delete all help in securing S3 buckets. Making all buckets public is not recommended as it can expose sensitive data.

Interview Questions

What does the principle of least privilege mean in AWS Security?

The principle of least privilege refers to the concept of providing a user, program, or system the minimum levels of access — or permissions — necessary to complete its tasks. In AWS, this could involve assigning specific roles for users to manage access to resources.

What is AWS IAM and how does it contribute to AWS security best practices?

AWS Identity and Access Management (IAM) is a web service that enables AWS customers to manage access to AWS services and resources safely. It helps implement the principle of least privilege by allowing you to create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources.

Is it recommended to use the AWS root user for everyday tasks?

No, it is not recommended to use the AWS root user for everyday tasks. Instead, it is best to create individual IAM users with specific access privileges, following the principle of least privilege.

What is a security group in AWS?

A security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. When you launch an instance, you associate one or more security groups with the instance.

Why is multi-factor authentication (MFA) important in AWS Security?

MFA adds an extra layer of protection on top of a username and password. With MFA enabled, when a user signs in to an AWS website, they will be prompted for their username and password, and for an authentication code from their AWS MFA device.

How does AWS Key Management Service (KMS) enhance AWS Security?

AWS KMS allows you to create and manage cryptographic keys and control their use across a wide range of services and in your applications. It helps in securing data at rest and in transit, thus enhancing data security on AWS.

What does it mean to “encrypt data at rest” in AWS?

Encrypting data at rest means applying encryption to data that is not actively moving through networks. This means that data stored in databases, file systems, and storage infrastructure is encrypted and secure, reducing its vulnerability to unauthorized access and breaches.

What is AWS CloudTrail’s role in AWS security best practices?

AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure.

What is AWS Shield and how is it used?

AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides automatic DDoS detection and mitigation that minimizes downtime and latency, so your applications remain available.

How does rotating security keys contribute to AWS security best practices?

Regularly rotating security keys decreases the likelihood that unauthorized parties can use the keys to gain access to your resources if they were somehow able to determine a previous version of a key. This forms a part of the defense in depth strategy for security in AWS.

What role does IAM policy play in AWS security best practices?

An IAM policy is a JSON document that defines permissions and is a crucial part of managing access to your AWS resources. By using policies, you restrict access to only what’s necessary, following the principle of least privilege.

What is Amazon Macie and how does it enhance AWS security?

Amazon Macie is a security service that uses machine learning to identify, classify, and protect sensitive data like Personally Identifiable Information (PII). Macie recognizes sensitive data such as credit card numbers and social security numbers, providing businesses with a more robust data protection service.

Why is a security risk assessment vital in AWS security best practices?

A security risk assessment helps identify, evaluate, and prioritize potential vulnerabilities in an AWS environment. This information can guide decision-making processes about how to manage risks, thus helping to strengthen an organization’s overall security posture.

What is an AWS WAF?

AWS Web Application Firewall (WAF) is a security service that protects your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.

Why is it crucial to regularly review and monitor AWS CloudTrail logs?

Regularly reviewing and monitoring AWS CloudTrail logs can help you recognize abnormal behaviors or unwanted changes within your environment. This ensures that you can respond promptly to any potential security incidents.