Multifactor Authentication (MFA) Multifactor authentication is a method of authenticating a user that requires more than one way of verifying the identity of that user. For example, a regular authentication method would be to have the user provide a username and a password. With MFA, the user would also be required to provide another item […]

Flow Logs Flow Logs capture data on IP traffic flows between interfaces in a VPC. You select the source and destination of the flow you want to analyze, and the service will show you the path between the two inside of AWS. The Flow Log captures are external to the actual data flow in your […]

Default Settings for CloudTrail Before diving deeper into the features and functionality of the CloudTrail service, you first need to understand its default settings. Knowing this can be helpful when deciphering questions and answers regarding the CloudTrail service on the Security Specialty Certification exam. Be sure that you understand the following base concepts for the […]

X-Ray Traces The X-Ray service receives inbound and outbound trace data that is collected from your applications. X-Ray traces create a service map to give you a visual reference of the workflow and identify latency and performance issues, as shown in Figure 5.11. X-Ray aggregates the collected trace information and metadata by installing the AWS daemon […]

Important note In this example, you have only set two dimensions for each data point (dimensions x and y). In real use cases, you can see far more dimensions, and that is why clustering algorithms play a very important role in identifying groups in the data in a more automated fashion. Hopefully, you have enjoyed […]

4.1  Apex Programming Language Syntax Apex is a programming language developed by Salesforce specifically for building applications on the Salesforce platform. It shares similarities with Java in terms of syntax and structure, as it’s influenced by Java. It is a strongly typed, case-insensitive, object-oriented language. As operate on multi-tenant environment, you can save your code […]

Route 53 Logs Route 53 has service integrations for exporting events into CloudTrail and CloudWatch. DNS requests at the domain- and subdomain-level are logged into CloudWatch with metrics including what domain lookup was requested, the date and time, the record type such as CNAME or A records, the response code, and the edge location that […]

Identity Providers The Identity Providers section of IAM allows you to establish a trust connection between your AWS account and another identity provider (often referred to as an ID). Two standards are currently available: SAML: SAML stands for Security Assertion Markup Language. Identity providers (IDPs) that use SAML include Active Directory and Okta.  OpenID Connect: […]

Access Logs Many AWS services record user access and export the data as log files for you to process using backend services. These log files allow you to monitor usage patterns, collect baselines, troubleshoot, and validate any security or compliance mandates your organization may operate under. Analytic services can be used to gain valuable insights […]

Types of CloudTrail Events As discussed previously, an event is captured every time a call to the AWS API is made. This could be from the AWS Management Console, the AWS CLI, or one of the AWS SDKs. There are several types of events in CloudTrail. As a security professional and someone looking to take […]