Top AWS Security Interview Questions
- What is cloud security in AWS?
- What are the important security precautions before migration to AWS Cloud?
- What are the infrastructure security products on AWS?
- What services can be used to create a centralized logging solution?
- What are the native AWS Security logging capabilities?
- What is AWS Identity and Access Management (IAM)?
- What is a DDoS attack, and what services can minimize them?
- What is AWS Directory Service?
- What is the role of AWS Security Bulletins?
- Explain how the buffer is used in Amazon web services?
What is cloud security in AWS?AWS helps you to improve your ability to meet core security and compliance requirements, such as data locality, protection, and confidentiality with our comprehensive services and features. AWS allows you to automate manual security tasks so you can shift your focus to scaling and innovating your business.
An important aspect of cloud security policy is data protection; the key threats are that of data unavailability and data loss and release of sensitive information. The security policy needs to also consider the malicious behavior by individuals working within the organization.
What are the important security precautions before migration to AWS Cloud?
- Data integrity
- Data loss
- Data storage
- Business continuity
- Compliance with rules and regulations
What are the infrastructure security products on AWS?AWS facilitates different security capabilities and services for increasing privacy and control over network access. You can find connectivity options for enabling private or dedicated connection from on-premises or office environment. Infrastructure security also involves encryption of all traffic on AWS global and regional networks among AWS secured facilities.
What services can be used to create a centralized logging solution?The essential services that you can use are Amazon CloudWatch Logs, store them in Amazon S3, and then use Amazon Elastic Search to visualize them. You can use Amazon Kinesis Firehose to move the data from Amazon S3 to Amazon ElasticSearch.
What are the native AWS Security logging capabilities?
- AWS CloudTrail
- AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure.
- AWS Config
- AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.
What is AWS Identity and Access Management (IAM)?AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. IAM is a feature of your AWS account offered at no additional charge.
IAM roles allow you to delegate access with defined permissions to trusted entities without having to share long-term access keys. You can use IAM roles to delegate access to IAM users managed within your account, to IAM users under a different AWS account, or to an AWS service such as EC2.