Question
What is AWS Firewall Manager?
Click to reveal answer
Answer
Centrally manages WAF rules, Shield Advanced, security groups, Network Firewall, and Route 53 Resolver DNS Firewall across all accounts in an Organization.
Click to flip back
All Network & Edge Security Flashcards
Q: What is AWS Firewall Manager?
A: Centrally manages WAF rules, Shield Advanced, security groups, Network Firewall, and Route 53 Resolver DNS Firewall across all accounts in an Organization.
Q: How does Network Firewall TLS inspection work?
A: Decrypts TLS traffic using a certificate, inspects content with stateful rules, then re-encrypts. Requires configuring a CA certificate for intercepting connections.
Q: What is the difference between Shield Standard and Advanced?
A: Standard: free, auto L3/L4 protection. Advanced: $3K/mo, L7 protection, DRT access, cost protection for scaling during DDoS, custom health checks.
Q: What is a WAF Bot Control managed rule group?
A: Identifies and manages bot traffic: verified bots (search engines), unverified bots, and malicious bots. Can block, rate-limit, or challenge with CAPTCHA.
Q: How does VPC Flow Logs help with security?
A: Records accepted/rejected traffic at ENI level. Detect: port scanning (many rejected flows), data exfiltration (large outbound), unauthorized access attempts.
Q: What is DNS Firewall (Route 53 Resolver)?
A: Filters outbound DNS queries from VPC. Block or alert on queries to known bad domains. Managed domain lists + custom. Prevents DNS exfiltration.
Q: What is a Network Firewall stateless vs stateful rule?
A: Stateless: evaluated first, 5-tuple match (fast, simple). Stateful: connection-aware, Suricata syntax, can inspect payload, domain filtering.
Q: What is Gateway Load Balancer for security?
A: Routes all traffic through third-party virtual appliances (firewalls) transparently using GENEVE encapsulation. Scales appliances without changing routes.
Q: What is PrivateLink security benefit?
A: Traffic never traverses the internet — stays on AWS private network. Consumer only sees the endpoint ENI, not the provider VPC. Minimizes attack surface.
Q: How do you prevent DNS exfiltration?
A: Use Route 53 Resolver DNS Firewall to block queries to suspicious domains. Monitor DNS query logs for high-entropy subdomains (tunneling indicators).