Question: 1
During a security incident, the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization’s network. Which of the following fulfills this request?

Comment Loading

Question : 2
A security analyst is reviewing alerts in the SIEM(Security information and event management) related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

Ans: Endpoint
Explanation:
Endpoint logs: Endpoint logs, also known as host logs, record events and activities that occur on individual endpoints (such as laptops, desktops, or servers). These logs can include information about processes, applications, system events, user logins, file accesses, and more. Endpoint logs are a valuable source of data for investigating security incidents on specific devices, including information about the executables running on the machine. For the investigation described in the scenario, the most appropriate data source for obtaining additional information about the executable running on the employee's corporate laptop is Endpoint logs. Endpoint logs can provide detailed insights into the processes and executables running on the machine, helping the security analyst to further analyze and respond to the potential security threat. Note; Endpoint logs are stored on the actual device so the data they are looking for should be in the endpoint logs.

Question: 3
A systems administrator receives the following alert from a file integrity monitoring tool: The hash of the cmd.exe file has changed. The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

Comment Loading

Question : 4
A Security Administrator is tasked to set up an automated system to manage the access keys in the company’s AWS account. A solution must be implemented to automatically disable all IAM user access keys that are more than 90 days old.

How do you implement this

Comment Loading

You can generate and download a credential report that lists all users in your account and the status of their various credentials, including passwords, access keys, and MFA devices. You can get a credential report from the AWS Management Console, the AWS SDKs and Command Line Tools, or the IAM API.

You can use credential reports to assist in your auditing and compliance efforts. You can use the report to audit the effects of credential lifecycle requirements, such as password and access key rotation. You can provide the report to an external auditor or grant permissions to an auditor so that he or she can download the report directly.

You can generate a credential report as often as once every four hours. When you request a report, IAM first checks whether a report for the AWS account has been generated within the past four hours. If so, the most recent report is downloaded. If the most recent report for the account is older than four hours, or if there are no previous reports for the account, IAM generates and downloads a new report.

– GenerateCredentialReport – Generates a credential report for the AWS account
– GetCredentialReport – Retrieves a credential report for the AWS account
– UpdateAccessKey – Changes the status of the specified access key from Active to Inactive, or vice versa. This operation can be used to disable a user’s key as part of a key rotation workflow.

You can also use AWS Config to detect the old access keys. However, take note that you still need to create a custom remediation action using Systems Manager Automation to disable the access keys. AWS Config will only monitor and notify you if there is a non-compliant key in your account.

AWS Config has a managed rule called access-keys-rotated that checks whether the active access keys are rotated within the number of days specified in maxAccessKeyAge. The rule is tagged as non-compliant if the access keys have not been rotated for more than maxAccessKeyAge number of days.

Key point

Develop a Lambda function that calls the GenerateCredentialReport API to generate the credential report. Configure the function to use GetCredentialReport API to download the report, parse the CSV file and check the keys with a access_key_1_last_rotated of more than 90 days. Disable the old access keys using the UpdateAccessKey API.

Reference

https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetCredentialReport.html
https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccessKey.html
https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateCredentialReport.html

Question: 5
A Security Engineer refactored an application to remove the hardcoded Amazon RDS database credential from the application and store it to AWS Secrets Manager instead. The application works fine after the code change. For improved data security, the Engineer enabled rotation of the credential in Secrets Manager and then set the rotation to change every 30 days. The change was done successfully without any issues but after a short while, the application is getting an authentication error whenever it connects to the database. What is the MOST likely cause of this issue?

Comment Loading

You can configure AWS Secrets Manager to automatically rotate the secret for an Amazon RDS database. Secrets Manager uses a Lambda function Secrets Manager provides. When you enable rotation for a secret with Credentials for RDS database as the secret type, Secrets Manager automatically creates and configures a Lambda rotation function for you. Then Secrets Manager equips your secret with the Amazon Resource Name (ARN) of the function. Secrets Manager creates the IAM role associated with the function and configures the role with all of the required permissions. Alternatively, if you use the same rotation strategy with another secret, and you want to use the same rotation with your new secret, you can specify the ARN of the existing function and use it for both secrets.

If you run your Amazon RDS DB instance in a VPC provided by Amazon VPC and the VPC doesn’t have public Internet access then Secrets Manager also configures the Lambda function to run within that VPC. Secrets Manager also requires that the Lambda rotation function must be able to access a Secrets Manager service endpoint to call the required API operations. If one or more of your resources in the VPC must communicate with the Internet then you can configure the VPC with a NAT gateway to enable the Lambda rotation function to query the public Secrets Manager service endpoint. If you have no requirement to communicate with the Internet, you can configure the VPC with a private Secrets Manager service endpoint accessible from within the VPC.

You can enable rotation for a secret with credentials for a supported Amazon RDS database by using the AWS Secrets Manager console, the AWS CLI, or one of the AWS SDKs. Secrets Manager encrypts the protected text of a secret by using the AWS Key Management Service (AWS KMS). Enabling rotation causes the secret to rotate once immediately when you save the secret. Before you enable rotation, be sure you update all of your applications using this secret credentials to retrieve the secret from Secrets Manager. The original credentials might not be usable after the initial rotation. Any applications that you fail to update break as soon as the old credentials become invalid.

Key point

Enabling rotation in AWS Secrets Manager causes the secret to rotate immediately.

Reference

https://docs.aws.amazon.com/secretsmanager/latest/userguide/enable-rotation-rds.html
https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-rds.html
https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html

Scenario: 1
A website is hosted in an Auto Scaling group of EC2 instances behind an Application Load Balancer in US West (N. California) region. There is a new requirement to place a CloudFront distribution in front of the load balancer to improve the site's latency and lower the load on the origin servers. The Security Engineer must implement HTTPS communication from the client to CloudFront and then from CloudFront to the load balancer. A custom domain name must be used for your distribution and the SSL/TLS certificate should be generated from AWS Certificate Manager (ACM).
How many certificates should be generated by the Engineer in this scenario?

Some placeholder content for the collapse component. This panel is hidden by default but revealed when the user activates the relevant trigger.

Scenario: 2
Welcome to Home Depot!. You have just joined the team and your first task is to enhance security for the company website. The site runs on Linux, PHP and Apache and uses an EC2 an autoscaling group behind an Application Load Balancer (ALB). After an initial architecture assessment you have found multiple vulnerabilities and configuration issues. The dev team is swamped and will not be able to remediate code level issues for several weeks. Your mission in this workshop round is to build an effective set of controls that mitigate common attack vectors against web applications, and provide you with the monitoring capabilities needed to react to emerging threats when they occur.

Some placeholder content for the collapse component. This panel is hidden by default but revealed when the user activates the relevant trigger.

2: Security Logging and Monitoring

An organization is implementing a security policy in which their cloud-based users must be contained in a separate authentication domain and prevented from accessing on-premises systems. Their IT Operations team is launching and maintaining a number of Amazon RDS for SQL Server databases and EC2 instances. The organization also has an on-premises Active Directory service that contains the administrator accounts that must have access to the databases and EC2 instances.
How would the Security Engineer manage the AWS resources of the organization in the MOST secure manner?

Comment Loading

In Active Directory, trust relationships enable access to various resources that can be either one-way or two-way. A one-way trust is a unidirectional authentication path created between two domains. In a one-way trust between Domain A and Domain B, users in Domain A can access resources in Domain B. However, users in Domain B can’t access resources in Domain A. Some one-way trusts can be either non-transitive or transitive depending on the type of trust being created.
You can configure one and two-way external and forest trust relationships between your AWS Directory Service for Microsoft Active Directory and on-premises directories, as well as between multiple AWS Managed Microsoft AD directories in the AWS cloud. AWS Managed Microsoft AD supports all three trust relationship directions: Incoming, Outgoing and Two-way (Bi-directional). When setting up trust relationships, you must ensure that your on-premises directory is and remains compatible with AWS Directory Services.

If you already have an AD infrastructure and want to use it when migrating AD-aware workloads to the AWS Cloud, AWS Managed Microsoft AD can help. You can use AD trusts to connect AWS Managed Microsoft AD to your existing AD. This means your users can access AD-aware and AWS applications with their on-premises AD credentials, without needing you to synchronize users, groups, or passwords.
For example, your users can sign in to the AWS Management Console and Amazon WorkSpaces by using their existing AD user names and passwords. Also, when you use AD-aware applications such as SharePoint with AWS Managed Microsoft AD, your logged-in Windows users can access these applications without needing to enter credentials again.

There are three trust relationship directions:

One-way: incoming – Users in the specified realm will not be able to access any resources in this domain.
One-way: outgoing – Users in this domain will not be able to access any resources in the specified realm.
Two-way (Bi-directional) – Users in this domain and users in the specified realm will be able to access resources in domain or realm.

Both sides of the trust relationship must be created before authentication traffic can begin flowing through the trust. For an instance, if you create a one-way incoming trust in Domain A, then a one-way outgoing trust should also be created in Domain B.

Key points

Using AWS Directory Service, set up an AWS Managed Microsoft AD to manage the RDS databases and EC2 instances.
Set up a one-way incoming trust in the existing on-premises Active Directory and a one-way outgoing trust in the new Active Directory in AWS.

Reference:
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_setup_trust.html
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/usecase5.html
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/concepts-forest-trust

Scenario: 2
We found out that anyone from the Internet can bypass CloudFront that we have configured for security and open the app skipping protection we have from the components at the Edge. Meaning: the Application Load Balancer can be an easier target for an attack and a weak spot. Help us to fix that!

Some placeholder content for the collapse component. This panel is hidden by default but revealed when the user activates the relevant trigger.

GOD LOVE YOU

If there is one thing we beliers need to get a revelation of, it should be the Love of God

Everlasting Love of God

The LORD appeared to us in the past, saying: “I have loved you with an everlasting love; I have drawn you with unfailing kindness.(Jeremiah 31:3, NIV)

Notes and Scripture Reference

If you want to stay at the top of your career, you have to keep on learning. No one was created to depend on the other, no one was created to be a bagger, We were all created in the image of God and empowered by God to do greater things, We are all equip and bless with potentials, talent and gifts. Join us to make a different in our world

The Grace Of God

Understanding what the the grace of God is all about

Grace: The power of the gospel week 1

The LORD appeared to us in the past, saying: “I have loved you with an everlasting love; I have drawn you with unfailing kindness.(Jeremiah 31:3, NIV)

Day 1

Day 2

Day 3

Day 4

Day %

Notes and Questions

The Grace Of God

Understanding what the the grace of God is all about

Grace: The power of the gospel week 2

And so we know and rely on the love God has for us. God is love. Whoever lives in love lives in God, and God in them. ( 1John 4:16 NIV)

Profile Settings

CyberSecurity

If there is one thing we all need to be more concern about regarding applications running in the Cloud, it should be Security

1: Security+ Q&A

Cloud Security

If there is one thing we all need to be more concern about regarding applications running in the Cloud, it should be Security

2: Security Logging and Monitoring

GOD LOVE YOU

If there is one thing we beliers need to get a revelation of, it should be the Love of God

Everlasting Love of God

Notes and Scripture Reference

The Grace Of God

Understanding what the the grace of God is all about

Grace: The power of the gospel week 1

Day 1

Day 2

Day 3

Day 4

Day %

Notes and Questions

The Grace Of God

Understanding what the the grace of God is all about

Grace: The power of the gospel week 2

Grace: The power of the gospel week 2: Lesson 1

Grace: The power of the gospel week 2: Lesson 2

Grace: The power of the gospel week 2: Lesson 3

Grace: The power of the gospel week 2: Lesson 4

Grace: The power of the gospel week 2: Lesson 5

Scripture Reference and side note