Amazon GuardDuty Amazon GuardDuty is a tool that performs threat detection functions in your AWS infrastructure. This optional service is not turned on in your AWS account by default. When GuardDuty is enabled, it actively monitors the following: AWS CloudTrail management events AWS CloudTrail S3 data events VPC flow logs DNS logs ExamAlert A feature […]

VLANs Virtual local area networks (VLANs) are widely implemented in all types of data networks. A VLAN is defined as being a logical overlay network on a LAN that has IEEE 802.1Q addressing to group, a subset of devices, sharing a physical LAN with other devices, isolating the traffic for each VLAN. VLANs are used […]

Exam Readiness Drill – Chapter Review Questions Apart from a solid understanding of key concepts, being able to think quickly under time pressure is a skill that will help you ace your certification exam. That is why working on these skills early on in your learning journey is key. Chapter review questions are designed to […]

AWS Certificate Manager The AWS Certificate Manager (ACM) allows you to manage certificates. This service provided by AWS allows you to perform the following primary tasks: Request a certificate: This option allows you to request a public certificate from Amazon. If you have configured your AWS account with your organization’s CA, you can also request […]

AWS Services for a Pilot Light Approach On top of the backup services already mentioned in the backup and recovery approach, you now have to consider services that can offer continuous replication, in particular, if you need to satisfy a lower RPO. S3 provides automatic cross-region replication natively. Combined with bucket versioning, it also gives […]

Maps: A map is a collection of key-value pairs, where each key is unique and maps to a corresponding value. Maps are often used to associate related data. Maps are useful when you want to associate related pieces of information and quickly retrieve the value associated with a specific key. The key and value in […]

Retaining and Expiring CloudWatch Logs As logs come into the CloudWatch service, they are stored in a log group and by default never expire. This can lead to extra charges for your account, especially for items such as developmental logs that don’t need to be saved in the account for extended periods of time due […]

Certificate Management Consider a situation in which you want to log in to your bank’s website and transfer some money. You open a web browser, type in the URL of your bank (or use a browser bookmark), and then log in to the bank. But how do you know that it is really your bank? […]

Backup Frequency How can you determine the optimal backup frequency? Provided that backup and restore can satisfy your RTO, the optimal backup frequency is the one that allows you to satisfy your RPO. The RPO will define how much data you are allowed to lose in case of a disaster. So, you need to make […]

AWS Key Management Service The Key Management Service (KMS) allows you to create encryption keys and control their access. Both symmetric and asymmetric keys can be created, as you can see in Figure 10.1. FIGURE 10.1 KMS Key features of AWS KMS include The ability to create, view, and edit keys Use policies to control […]