Which of the following services will help businesses ensure compliance in aws?
|
Show
Which of the following components of the Cloudfront service can be used to distribute content to users across the globe?Answer :
You’ve been asked to migrate 300 PB of data in one week. Which of the following solutions would you consider?Answer :
A company is storing an access key (access key ID and secret access key) in a text file on a custom AMI. The company uses the access key to access DynamoDB tables from instances created from the AMI. The security team has mandated a more secure solution. Which solution will meet the security team’s mandate?Answer :
An application saves the logs to an S3 bucket. A user wants to keep the logs for one month for troubleshooting purposes, and then purge the logs. What feature will enable this?Answer :
You’ve been asked to migrate a static website onto AWS. You have been told that the solution should be cost-effective. Which of the following solutions would you consider?Answer :
A Solutions Architect is developing a document-sharing application and needs a storage layer. The storage should provide automatic support for versioning so that users can easily roll back to a previous version or recover a deleted account. Which AWS service will meet the above requirements?Your company is planning to move to the AWS Cloud. You need to give a presentation on the cost perspective when moving existing resources to the AWS Cloud. When it comes to Amazon EC2, which of the following is an advantage when it comes to the cost perspective?Answer :
Your company is planning on moving to the AWS Cloud. Once the move to the Cloud is complete, they want to ensure that the right security settings are put in place. Which of the below tools can assist with Security compliance. Choose 2 answers from the options given below.Answer :
There is a requirement to collect important metrics from AWS RDS and EC2 Instances. Which of the following services can help fulfill this requirement?Answer :
Currently, your organization has an operational team that takes care of ID management in their on-premise data centre. They now also need to manage users and groups created in AWS. Which of the following AWS tools would they need to use for performing this management function?Answer :
Amazon Web Services (AWS) is certified in compliance such as ISO, and SOC 2. However, the way you store your data in AWS isn't always compliant. As businesses continue to move to the cloud, data security and regulatory compliance are critical. Fortunately, Amazon Web Services (AWS®), an on-demand cloud computing platform, is certified compliant with regulations such as ISO, PCI DSS, and SOC 2. However, this does not mean the way data is stored within AWS is compliant. Just like security, compliance falls into the Shared Responsibility Model, which means AWS itself is responsible for compliance with regulations that apply to the host layer and physical infrastructure while AWS customers are responsible for compliance with regulations that apply to how they use services, consume applications and store data in the cloud. Let’s take a step back to understand how managing compliance in an IT infrastructure traditionally looks: an organization’s compliance team takes inventory of all the organization’s IT resources. The team then reviews all resources that contain data bound by regulations and maps existing controls to corresponding regulatory requirements to prove compliance. In AWS, however, manual compliance management falls short. Developers have the power to deploy new resources and rapidly make changes to the infrastructure – changes that often go unchecked by the security and compliance teams. To complicate matters further, even if an organization can prove compliance one day, that doesn’t mean it remains compliant two weeks – or even 24 hours – later. “Point in time” compliance quickly becomes irrelevant in the cloud. Maintaining AWS compliance requires a new approach. Just as DevOps teams have made “continuous delivery” and “continuous innovation” parts of the everyday IT language, “continuous security” and “continuous compliance” need to be discussed just as frequently. On the bright side, unlike managing compliance in traditional data centers, AWS infrastructure gives us a path to addressing security and compliance programmatically and automatically. The cloud provider APIs we have available now enable a whole new era of security automation. AWS Config allows an organization to use AWS APIs to access metadata about its infrastructure as well as continuously monitor and measure whether new changes introduce compliance issues. Using AWS Config for Continuous Compliance AWS Config allows for continuous monitoring of an environment for configuration changes and compliance with desired configuration rules, as well as viewing and management of resource relationships, all on a single dashboard (see Figure 1). Figure 1: AWS management dashboard There are two ways to use AWS Config for continuous compliance: Option 1: Use Simple Notification Service for manual remediation. SNS will trigger an alert when something in the environment has changed and no longer complies with the organization’s rules. This allows for manual remediation of a problem as soon as it occurs. Option 2: Use AWS Lambda for automated remediation. A change in the environment that results in noncompliance will trigger a Lambda function to auto-remediate. Example: A config rule states that VPC Flow logs must always be enabled. Someone turns off Flow logging, so Lambda uses API access to re-enable it.  Figure 2: How AWS Config works AWS Config provides customizable, predefined rules to administer through APIs. Administrators can also write team- and organization-specific config rules to build out more comprehensive compliance reporting. Click here for a curated community repository of custom AWS config rules. Using AWS Services to Ensure Compliance As mentioned previously, according to the Shared Responsibility Model, AWS is responsible for the security and compliance of the cloud infrastructure workloads run on, while customers are responsible for the compliance of the workloads themselves. However, AWS provides multiple tools to help ensure that compliance. For example:
Get More Granular As your cloud environment grows and your organization becomes more heavily regulated, you may want more granular AWS compliance reporting. For example, you may want to know how your AWS environment maps to specific compliance regulations or enable different compliance views for different teams and AWS accounts. This is where third-party, API-based compliance tools can help. These tools are designed to allow you to continuously monitor cloud configurations for changes in real time and map these configurations to pre-built compliance templates for regulations such as ISO, SOC 2, HIPAA, PCI DSS, NIST, and GDPR. With the right compliance tool, you can easily generate compliance reports as well as demonstrate your compliance posture to auditors, customers and stakeholders with one click. For some guidelines on selecting the right tool, check out this blog post. For more on these subjects, download the e-book Continuous Monitoring and Compliance in the Cloud. Which services will help businesses ensure compliance in AWS?Security, Identity, and Compliance on AWS. Identity and access management. AWS Identity Services enable you to securely manage identities, resources, and permissions at scale. ... . Detection. ... . Network and application protection. ... . Data protection. ... . Compliance.. Which AWS service can be used to meet the compliance requirements?AWS Artifact – AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS's security and compliance reports and select online agreements.
Which of the following services helps in governance compliance and risk auditing in AWS?8) B – AWS CloudTrail helps users enable governance, compliance, and operational and risk auditing of their AWS accounts.
Which AWS services will help ensure that they have proper security settings?AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your AWS users, groups, and roles. Using IAM, you can create and manage fine-grained access controls with permissions, specify who can access which services and resources, and under which conditions.
|
