Top AWS Security Interview Questions (2021) | CodeUsingJava
















Most frequently asked AWS Security Interview Questions


  1. What is Cloud Security in Amazon?
  2. What are the benefits of AWS Security?
  3. What are Amazon Client Security Responsibilities?
  4. What are AWS Security use cases?
  5. What is SnowBall?
  6. What are the general characteristics of cloud computing?
  7. How can we monitor and track failed logins for your AWS Managed Microsoft AD?
  8. What is AWS Single Sign-On?
  9. What is CloudWatch?
  10. What is IoT device defender?
  11. What is the process of AWS IoT Device Defender?
  12. What are the important security precautions before migration to AWS Cloud?
  13. How to automate SCAP testing with AWS Systems Manager and Security Hub?
  14. How can we assign a VPC and security group to a Lambda in AWS CDK?
  15. How can we get the the ID of an AWS security group if I know the name?
  16. How to add multiple security groups and group names in cloudformation using template?


What is Cloud Security in Amazon?

AWS Cloud Security also called as Cloud Computing Security is used for protecting cloud based data, applications and infrastructure from cyber attacks and threats.AWS security is used for protecting our data, accounts, and workloads from unauthorized access.AWS data protection services that provides encryption and key management and detection of threats which continuously monitors and protects our account and workloads.

What are the benefits of AWS Security?

  • Data protection - AWS Security is used for protecting data, accounts and workloads from unauthorized access.It also provides encryption and key management and threat detection which continuously monitors and protects our accounts and workloads.
  • Identity & access management - AWS Security enables us for securing managing identities, resources and permission at scale.
  • Network & application protection - Enables us for enforcing fine grained security policy at network control points across our organization.
  • Threat detection & continuous monitoring - Used for identifying threats by continuously monitoring the network activity and account behavior within our cloud environment.
  • Compliance & data privacy - Used for automating compliance checks based on the AWS best practices and industry standards your organization follows.

What are Amazon Client Security Responsibilities?


Amazon Security


What are AWS Security use cases?

AWS Security use cases are as follows:
  • Securely manage access to services and resources
  • Cloud single-sign-on (SSO) service
  • Identity management for your apps
  • Managed Microsoft Active Directory
  • Simple, secure service to share AWS resources
  • Central governance and management across AWS accounts
  • Unified security and compliance center
  • Managed threat detection service
  • Analyze application security
  • Record and evaluate configurations of your AWS resources
  • Track user activity and API usage
  • Security management for IoT devices
  • Network security
  • DDoS protection
  • Filter malicious web traffic
  • Central management of firewall rules
  • Discover and protect your sensitive data at scale
  • Key storage and management
  • Hardware based key storage for regulatory compliance
  • Provision, manage, and deploy public and private SSL/TLS certificates
  • Rotate, manage, and retrieve secrets
  • Investigate potential security issues
  • Fast, automated, cost- effective disaster recovery

What is SnowBall?

SnowBall is used for enabling us in transferring terabytes of data inside and outside of the AWS environment.

Amazon Security


What are the general characteristics of cloud computing?

General characteristics of cloud computing are as follows:
  • Elasticity and scalability
  • Standardized interfaces
  • Billing self-service based usage
  • Self-service provisioning
  • Automatic de-provisioning

How can we monitor and track failed logins for your AWS Managed Microsoft AD?


Amazon Security


What is AWS Single Sign-On?

Amazon Single Sign-On(SSO) is used for managing SSO access for multiple AWS Accounts and business application and also enables the users for signing the user portal with their existing corporate credentials and access all of their assigned accounts and applications from one place.We can easily manage SSo access and user permission to all our accounts in AWS Organization Centrally.

What is CloudWatch?


Amazon Security


What is IoT device defender?

Amazon IoT Device Defender is used for connecting devices to AWS Services and other devices, it also secures and interacts, process and act upon device data, enables applications to interact with devices even when they are offline and that allows you to produce low-cost Alexa built-in devices.It is an fully managed services used for securing fleet of IoT devices and also lets us continuously monitor security metrics from devices and AWS IoT Core for deviations from the expected behaviors for each device.

What is the process of AWS IoT Device Defender?


Amazon Security


What are the important security precautions before migration to AWS Cloud?

Precautions used before migrate to AWS Cloud are: Data integrity
Data loss
Data storage
Business continuity
Uptime
Compliance with rules and regulations


How to automate SCAP testing with AWS Systems Manager and Security Hub?


Amazon Security


How can we assign a VPC and security group to a Lambda in AWS CDK?

const vpc = ec2.Vpc.fromLookup(this, "VPC", { vpcName: "myVPC" });

const securityGroup = ec2.SecurityGroup.fromSecurityGroupId(
  this,
  "SG",
  "sg-XXXXX"
);

const subnet1a = ec2.PrivateSubnet.fromSubnetAttributes(this, "SUBNET1A", {
  subnetId: "eu-central-1a"
});

const myLambda = new lambda.Function(this, "myLambda", {
  runtime: lambda.Runtime.NODEJS_12_X,
  code: lambda.Code.fromAsset("lambda"),
  handler: "myLambda.handler",
  description: "myLambda",
  environment: {
    DB_HOST: "XXXX",
    DB_USER: "XXXX",
    DB_PASSWORD: "XXXX",
    DB_NAME: "XXXX"
  },
  vpc: vpc,
  vpcSubnets: [subnet1a],
  securityGroups: [securityGroup]
});


How can we get the the ID of an AWS security group if I know the name?

aws ec2 describe-security-groups --filter Name=vpc-id,Values=<my-vpc-id> Name=group-name,Values=kingkajou_sg --query 'SecurityGroups[*].[GroupId]' --output text


How to add multiple security groups and group names in cloudformation using template?

 "dbxSG":
    {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties":
      {
        "GroupDescription": "Enable dbX Access",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "FromPort": "22",
            "ToPort": "22",
            "CidrIp": "0.0.0.0/0"
          }
        ]
      }
    },
    "dbxSGIngress" :
    {
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties":
      {
        "GroupName": { "Ref": "dbxSG" },
        "IpProtocol": "tcp",
        "FromPort": "0",
        "ToPort": "65535",
        "SourceSecurityGroupName": { "Ref": "dbxSG" }
      }
    },