CertMaster

☁️ Security & Compliance

IAM, Shared Responsibility Model, Shield, WAF, KMS

AWS Cloud Practitioner · CLF-C02 · ⏱️ 25 min · ❓ 7 savol

🤝 Shared Responsibility Model

AWS javobgarligi ("Security OF the cloud"): Hardware, global infratuzilma, datacenters, managed services. Mijoz javobgarligi ("Security IN the cloud"): EC2 OS patch, application kodi, IAM konfiguratsiya, ma'lumotlar shifrlash, network konfiguratsiya.

🔐 AWS IAM (Identity and Access Management)

Users — individual shaxslar. Groups — userlar to'plami (policy biriktirish uchun). Roles — AWS xizmatlari yoki tashqi identitylar uchun vaqtinchalik ruxsat. Policies — JSON formatdagi ruxsat hujjatlar. Principle of Least Privilege — faqat kerakli ruxsatlar bering.

🛡️ AWS Shield & WAF

AWS Shield Standard — bepul, DDoS himoyasi (layer 3/4). AWS Shield Advanced — pullik, layer 7 DDoS, 24/7 DRT (DDoS Response Team) support. AWS WAF — Web Application Firewall, SQL injection, XSS va boshqa web hujumlardan himoya.

🔑 AWS KMS & Encryption

AWS KMS (Key Management Service) — shifrlash kalitlarini boshqarish. Encryption at rest: S3, EBS, RDS ma'lumotlarini shifrlash. Encryption in transit: SSL/TLS. CloudHSM — dedicated hardware security module.
📊 Shared Responsibility: AWS vs Mijoz
XizmatAWS javobgarligiMijoz javobgarligi
EC2 (IaaS)Hardware, Hypervisor, NetworkOS patch, App, Firewall config, Data
RDS (PaaS)Hardware, OS, DB engine patchDB konfiguratsiya, foydalanuvchilar, Data shifrlash
S3 (Managed)Hardware, Durability, AvailabilityBucket policy, ACL, versioning, shifrlash
Lambda (Serverless)Infratuzilma, Runtime patchKod, IAM roles, environment variables
💡 Asosiy nuqtalar
🎯 Imtihon maslahatlari
⚠️ Ko'p adashadigan
🧠 Eslab qolish: "OF vs IN": AWS = Security OF the cloud (infra), Siz = Security IN the cloud (data+config)

Security & Compliance bo'yicha o'zingizni sinab ko'ring

Bepul interaktiv quiz, mock imtihon va to'liq darslar — CertMaster platformasida.

Bepul boshlash →