Platform Assessment
This AWS service automatically scans workloads for vulnerabilities and best practice deviations.
What is Amazon Inspector?
This AWS service uses ML and threat intel to detect anomalies and misconfigurations.
What is Amazon GuardDuty?
This AWS service logs all API calls and console activity for auditing.
What is AWS CloudTrail?
This Azure service stores keys, secrets, and certificates.
What is Azure Key Vault?
This AWS service provides DNS with health checks and failover.
What is Amazon Route 53?
Amazon Inspector integrates findings directly into this AWS service for centralized visibility.
What is AWS Security Hub?
A common misconfiguration GuardDuty can detect is overly permissive use of this IAM feature.
What are IAM roles or policies?
This AWS service tracks resource configurations and compliance status over time.
What is AWS Config?
Key Vault supports these two major types of key operations.
What are encryption and decryption (or key generation and key management)?
Route 53 health checks can monitor these three parameters.
What are HTTP/HTTPS responses, TCP connections, and CloudWatch alarms?
Inspector primarily evaluates these two resource types.
What are EC2 instances and container workloads (ECR images)?
This AWS service provides always-on protection from common network DDoS attacks.
What is AWS Shield Standard?
AWS Config evaluates resource states against these.
What are compliance rules (internal or managed rules)?
Key Vault integrates with this identity service for access control.
What is Azure Active Directory (Azure AD)?
Route 53 failover routing points users to this when the primary fails.
What is a secondary site (backup endpoint)?
True or False: Amazon Inspector requires agents to be manually installed on every instance.
What is False? (It uses the SSM agent automatically on supported instances.)
Shield Standard is free for these AWS services.
What are CloudFront and Elastic Load Balancing (and Route 53)?
Config findings can be sent here for centralized security management.
What is AWS Security Hub?
This feature of Key Vault helps organizations meet compliance by recording all access to keys.
What are audit logs?
Route 53 also supports latency-based and this type of routing for load distribution.
What is weighted routing?
Inspector complements GuardDuty because Inspector finds vulnerabilities, while GuardDuty identifies these.
What are threats/anomalous activity?
To get advanced DDoS protection and SLAs, customers must upgrade to this.
What is AWS Shield Advanced?
Trail shows who did what, while Config shows this.
What is how the resource is configured (and its history)?
True or False: Keys in Azure Key Vault can only be software-protected.
What is False? (They can also be HSM-protected.)
The combined use of health checks and DNS failover helps achieve this organizational goal.
What is high availability and resilience?