00:00Hello everyone, so let's today continue the journey of AWS Cloud Practitioner exam practice.
00:07So today we will understand question onwards from question number 20.
00:14The security principle that states users or services should only be granted the minimum permissions necessary to perform their required task is called
00:25B is the correct answer, principle of least privilege, right, defense in depth, principle of least privilege, these are not correct, yeah.
00:36So the principle of least privilege is the core security concept in AWS Identity and Access Management System where permissions are restricted to the bar minimum required.
00:50Okay, so the question number 21 is which service is used for continuous auditing compliance and governance by recording API calls and management actions across your AWS accounts.
01:08So CloudWatch is watching the cloud config is about configuration.
01:11The correct answer is C. C always leaves behind the traces of the activities what happened on AWS.
01:21So services for governance and compliance including auditing with AWS Cloud Trails which records API calls to track all actions in the account, yes.
01:35So AWS Cloud Trail is the correct answer.
01:38So a new compliance officer needs to find evidence that AWS meets various global security standards which two resources provide access to AWS compliance documentations, certification and audit report.
01:53So repost is not the correct answer.
01:55Artifact is the correct answer.
01:57Security hub is again not AWS compliance documentation.
02:01So B and D is the correct answer.
02:03Identifying where to find AWS compliance information includes the AWS compliance documentation and artifact case.
02:15Moving to the 23rd question, which AWS service acts as a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect AWS accounts and workloads?
02:29So WAF is for web application firewalls, shield is to protect against threats, inspector is to inspect something, but guard duty is the correct answer.
02:42So AWS guard duty is a key security service used for describing how customers secure resources by monitoring for malicious activity.
02:53So we will continue from next question in the next video.
Comments